Align Projects With the IT Change Lifecycle

  • Buy Link or Shortcode: {j2store}464|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Operations Management
  • Parent Category Link: /i-and-o-process-management
  • Coordinate IT change and project management to successfully push changes to production.
  • Manage representation of project management within the scope of the change lifecycle to gather requirements, properly approve and implement changes, and resolve incidents that arise from failed implementations.
  • Communicate effectively between change management, project management, and the business.

Our Advice

Critical Insight

Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value and slowly add improvements to ease buy-in.

Impact and Result

  • Establish pre-set touchpoints between IT change management and project management at strategic points in the change and project lifecycles.
  • Include appropriate project representation at the change advisory board (CAB).
  • Leverage standard change resources such as the change calendar and request for change form (RFC).

Align Projects With the IT Change Lifecycle Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Align Projects With the IT Change Lifecycle Deck – A guide to walk through integrating project touchpoints in the IT change management lifecycle.

Use this storyboard as a guide to align projects with your IT change management lifecycle.

  • Align Projects With the IT Change Lifecycle Storyboard

2. The Change Management SOP – This template will ensure that organizations have a comprehensive document in place that can act as a point of reference for the program.

Use this SOP as a template to document and maintain your change management practice.

  • Change Management Standard Operating Procedure
[infographic]

Further reading

Align Projects With the IT Change Lifecycle

Increase the success of your changes by integrating project touchpoints in the change lifecycle.

Analyst Perspective

Focus on frequent and transparent communications between the project team and change management.

Benedict Chang

Misalignment between IT change management and project management leads to headaches for both practices. Project managers should aim to be represented in the change advisory board (CAB) to ensure their projects are prioritized and scheduled appropriately. Advanced notice on project progress allows for fewer last-minute accommodations at implementation. Widespread access of the change calendar can also lead project management to effectively schedule projects to give change management advanced notice.

Moreover, alignment between the two practices at intake allows for requests to be properly sorted, whether they enter change management directly or are governed as a project.

Lastly, standardizing implementation and post-implementation across everyone involved ensures more successful changes and socialized/documented lessons learned for when implementations do not go well.

Benedict Chang
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

To align projects with the change lifecycle, IT leaders must:

  • Coordinate IT change and project management to successfully push changes to production.
  • Manage representation of project management within the scope of the change lifecycle to gather requirements, properly approve and implement changes, and resolve incidents that arise from failed implementations.
  • Communicate effectively between change management, project management, and the business.

Loose definitions may work for clear-cut examples of changes and projects at intake, but grey-area requests end up falling through the cracks.

Changes to project scope, when not communicated, often leads to scheduling conflicts at go-live.

Too few checkpoints between change and project management can lead to conflicts. Too many checkpoints can lead to delays.

Set up touchpoints between IT change management and project management at strategic points in the change and project lifecycles.

Include appropriate project representation at the change advisory board (CAB).

Leverage standard change resources such as the change calendar and request for change form (RFC).

Info-Tech Insight

Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.

Info-Tech’s approach

Use the change lifecycle to identify touchpoints.

The image contains a screenshot of Info-Tech's approach.

The Info-Tech difference:

  1. Start with your change lifecycle to define how change control can align with project management.
  2. Make improvements to project-change alignment to benefit the relationship between the two practices and the practices individually.
  3. Scope the alignment to your organization. Take on the improvements to the left one by one instead of overhauling your current process.

Use this research to improve your current process

This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.

Align Projects With the IT Change Lifecycle

02 Optimize IT Project Intake, Approval, and Prioritization

01 Optimize IT Change Management

Increase the success of your changes by integrating project touchpoints in your change lifecycle.

(You are here)

Decide which IT projects to approve and when to start them.

Right-size IT change management to protect the live environment.

Successful change management will provide benefits to both the business and IT

Respond to business requests faster while reducing the number of change-related disruptions.

IT Benefits

Business Benefits

  • Fewer incidents and outages at project go-live
  • Upfront identification of project and change requirements
  • Higher rate of change and project success
  • Less rework
  • Fewer service desk calls related to failed go-lives
  • Fewer service disruptions
  • Faster response to requests for new and enhanced functionalities
  • Higher rate of benefits realization when changes are implemented
  • Lower cost per change
  • Fewer “surprise” changes disrupting productivity

IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

Change management improves core benefits to the business: the four Cs

Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

Control

Collaboration

Consistency

Confidence

Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.

Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.

Request-for-change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.

Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.

1. Alignment at intake

Define what is a change and what is a project.

Both changes and projects will end up in change control in the end. Here, we define the intake.

Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.

A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).

Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.

This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.

Need help scoping projects? Download the Project Intake Classification Matrix

Change

Project

  • Smaller scale task that typically takes a short time to build and test
  • Generates a single change request
  • Governed by IT Change Management for the entire lifecycle
  • Larger in scope
  • May generate multiple change requests
  • Governed by PMO
  • Longer to build and test

Info-Tech Insight

While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.

1 Define what constitutes a change

  1. As a group, brainstorm examples of changes and projects. If you wish, you may choose to also separate out additional request types such as service requests (user), operational tasks (backend), and releases.
  2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
  3. Use the examples to draw lines and determine what defines each category.
  • What makes a change distinct from a project?
  • What makes a change distinct from a service request?
  • What makes a change distinct from an operational task?
  • When do the category workflows cross over with other categories? (For example, when does a project interact with change management?
  • Record the definitions of requests and results in section 2.3 of the Change Management Standard Operating Procedure (SOP).
  • Change

    Project

    Service Request (Optional)

    Operational Task (Optional)

    Release (Optional)

    Changing Configuration

    New ERP

    Add new user

    Delete temp files

    Software release

    Download the Change Management Standard Operating Procedure (SOP).

    Input Output
    • List of examples of each category of the chart
    • Definitions for each category to be used at change intake
    Materials Participants
    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP
    • Change Manager
    • Project Managers
    • Members of the Change Advisory Board

    2. Alignment at build and test

    Keep communications open by pre-defining and communicating project milestones.

    CAB touchpoints

    Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.

    RFCs

    Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.

    Change Calendar

    Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.

    Leverage the RFC to record and communicate project details

    The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).

    When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.

    Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.

    Download the Request for Change Form Template

    Communication Plan

    The project may be successful from a technical point of view, but if users do not know about go-live or how to interact with the project, it will ultimately fail.

    Training Plan

    If necessary, think of how to train different stakeholders on the project go-live. This includes training for end users interacting with the project and technicians supporting the project.

    Implementation Plan

    Write the implementation plan at a high enough level that gives the CAB confidence that the implementation team knows the steps well.

    Rollback Plan

    Having a well-formulated rollback plan gives the CAB the confidence that the impact of the project is well known and the impact to the business is limited even if the implementation does not go well.

    Provide clear definitions of what goes on the change calendar and who’s responsible

    Inputs

    • Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated)
    • Maintenance windows and planned outage periods
    • Project schedules, and upcoming major/medium changes
    • Holidays
    • Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available)

    Guidelines

    • Business-defined freeze periods are the top priority.
    • No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
    • Vendor SLA support hours are the preferred time for implementing changes.
    • The vacation calendar for IT will be considered for major changes.
    • Change priority: High > Medium > Low.
    • Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

    Roles

    • The Change Manager will be responsible for creating and maintaining a change calendar.
    • Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
    • All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

    Info-Tech Insight

    Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.

    3. Alignment at approval

    How can project management effectively contribute to CAB?

    As optional CAB members

    Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.

    As project management representatives

    Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.

    As core CAB members

    The core responsibilities of CAB must still be fulfilled:

    1. Protect the live environment from poorly assessed, tested, and implemented changes.

    2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.

    3. Schedule deployments in a way the minimizes conflict and disruption.

    If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.

    4. Alignment at implementation

    At this stage, the project or project phase is treated as any other change.

    Verification

    Once the change has been implemented, verify that all requirements are fulfilled.

    Review

    Ensure all affected systems and applications are operating as predicted.

    Update change ticket and change log

    Update RFC status and CMDB as well (if necessary).

    Transition

    Once the change implementation is complete, it’s imperative that the team involved inform and train the operational and support groups.

    If you need to define transitioning changes to production, download Transition Projects to the Service Desk

    5. Alignment at post-implementation

    Tackle the most neglected portion of change management to avoid making the same mistake twice.

    1. Define RFC statuses that need a PIR
    2. Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.

    3. Conduct a PIR for every failed change
    4. It’s best to perform a PIR once a change-related incident is resolved.

    5. Avoid making the same mistake twice
    6. Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.

    7. Report to CAB
    8. Socialize the findings of the PIR at the subsequent CAB meeting.

    9. Circle back on previous PIRs
    10. If a similar change is conducted, append the related PIR to avoid the same mistakes.

    Info-Tech Insight

    Include your PIR documentation right in the RFC for easy reference.

    Download the RFC template for more details on post-implementation reviews

    2 Implement your alignments stepwise

    1. As a group, decide on which implementations you need to make to align change management and project management.
    2. For each improvement, list a timeline for implementation.
    3. Update section 3.5 in the Change Management Standard Operating Procedure (SOP). to outline the responsibilities of project management within IT Change Management.

    The image contains a screenshot of the Change Management SOP

    Download the Change Management Standard Operating Procedure (SOP).

    Input Output
    • This deck
    • SOP update
    Materials Participants
    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP
    • Change Manager
    • Project Managers
    • Members of the Change Advisory Board

    Related Info-Tech Research

    Optimize IT Change Management

    Right-size IT change management to protect the live environment.

    Optimize IT Project Intake, Approval, and Prioritization

    Decide which IT projects to approve and when to start them.

    Maintain an Organized Portfolio

    Align portfolio management practices with COBIT (APO05: Manage Portfolio).

    Master the Public Cloud IaaS Acquisition Models

    • Buy Link or Shortcode: {j2store}228|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $3,820 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Understanding the differences in IaaS platform agreements, purchasing options, associated value, and risks. What are your options for:

    • Upfront or monthly payments
    • Commitment discounts
    • Support options
    • Migration planning and support

    Our Advice

    Critical Insight

    IaaS platforms offer similar technical features, but they vary widely on their procurement model. By fully understanding the procurement differences and options, you will be able to purchase wisely, save money both long and short term, and mitigate investment risk.

    Most vendors have similar processes and options to buy. Finding a transparent explanation and summary of each platform in a side-by-side review is difficult.

    • Are vendor reps being straight forward?
    • What are the licensing requirements?
    • What discounts or incentives can I negotiate?
    • How much do I have to commit to and for how long?

    Impact and Result

    This project will provide several benefits for both IT and the business. It includes:

    • Best IaaS platform to support current and future procurement requirements.
    • Right-sized cloud commitment tailored to the organization’s budget.
    • Predictable and controllable spend model.
    • Flexible and reliable IT infrastructure that supports the lines of business.
    • Reduced financial and legal risk.

    Master the Public Cloud IaaS Acquisition Models Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to learn how the public cloud IaaS procurement models compare. Review Info-Tech’s methodology and understand the top three platforms, features, and benefits to support and inform the IaaS vendor choice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Educate

    Learn the IaaS basics, terminologies, purchasing options, licensing requirements, hybrid options, support, and organization requirements through a checklist process.

    • Master the Public Cloud IaaS Acquisition Models – Phase 1: Educate
    • Public Cloud Procurement Checklist
    • Microsoft Public Cloud Licensing Guide

    2. Evaluate

    Review and understand the features, downsides, and differences between the big three players.

    • Master the Public Cloud IaaS Acquisition Models – Phase 2: Evaluate
    • Public Cloud Procurement Comparison Summary

    3. Execute

    Decide on a primary vendor that meets requirements, engage with a reseller, negotiate pricing incentives, migration costs, review, and execute the agreement.

    • Master the Public Cloud IaaS Acquisition Models – Phase 3: Execute
    • Public Cloud Acquisition Executive Summary Template

    Infographic

    Enhance PPM Dashboards and Reports

    • Buy Link or Shortcode: {j2store}438|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $18,849 Average $ Saved
    • member rating average days saved: 66 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Your organization has introduced project portfolio management (PPM) processes that require new levels of visibility into the project portfolio that were not required before.
    • Key PPM decision makers are requesting new or improved dashboards and reports to help support making difficult decisions.
    • Often PPM dashboards and reports provide too much information and are difficult to navigate, resulting in information overload and end-user disengagement.
    • PPM dashboards and reports are laborious to maintain; ineffective dashboards end up wasting scarce resources, delay decisions, and negatively impact the perceived value of the PMO.

    Our Advice

    Critical Insight

    • Well-designed dashboards and reports help actively engage stakeholders in effective management of the project portfolio by communicating information and providing support to key PPM decision makers. This tends to improve PPM performance, making resource investments into reporting worthwhile.
    • Observations and insights gleaned from behavioral studies and cognitive sciences (largely ignored in PPM literature) can help PMOs design dashboards and reports that avoid information overload and that provide targeted decision support to key PPM decision makers.

    Impact and Result

    • Enhance your PPM dashboards and reports by carrying out a carefully designed enhancement project. Start by clarifying the purpose of PPM dashboards and reports. Establish a focused understanding of PPM decision-support needs, and design dashboards and reports to address these in a targeted way.
    • Conduct a thorough review of all existing dashboards and reports, evaluating the need, effort, usage, and satisfaction of each report to eliminate any unnecessary or ineffective dashboards and design improved dashboards and reports that will address these gaps.
    • Design effective and targeted dashboards and reports to improve the engagement of senior leaders in PPM and help improve PPM performance.

    Enhance PPM Dashboards and Reports Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should enhance your PPM reports and dashboards, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish a PPM dashboard and reporting enhancement project plan

    Identify gaps, establish a list of dashboards and reports to enhance, and set out a roadmap for your dashboard and reporting enhancement project.

    • Enhance PPM Dashboards and Reports – Phase 1: Establish a PPM Dashboard and Reporting Enhancement Project Plan
    • PPM Decision Support Review Workbook
    • PPM Dashboard and Reporting Audit Workbook
    • PPM Dashboard and Reporting Audit Worksheets – Exisiting
    • PPM Dashboard and Reporting Audit Worksheets – Proposed
    • PPM Metrics Menu
    • PPM Dashboard and Report Enhancement Project Charter Template

    2. Design and build enhanced PPM dashboards and reporting

    Gain an understanding of how to design effective dashboards and reports.

    • Enhance PPM Dashboards and Reports – Phase 2: Design and Build New or Improved PPM Dashboards and Reporting
    • PPM Dashboard and Report Requirements Workbook
    • PPM Executive Dashboard Template
    • PPM Dashboard and Report Visuals Template
    • PPM Capacity Dashboard Operating Manual

    3. Implement and maintain effective PPM dashboards and reporting

    Officially close and evaluate the PPM dashboard and reporting enhancement project and transition to an ongoing and sustainable PPM dashboard and reporting program.

    • Enhance PPM Dashboards and Reports – Phase 3: Implement and Maintain Effective PPM Dashboards and Reporting
    • PPM Dashboard and Reporting Program Manual
    [infographic]

    Workshop: Enhance PPM Dashboards and Reports

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish a PPM Dashboard and Reporting Enhancement

    The Purpose

    PPM dashboards and reports will only be effective and valuable if they are designed to meet your organization’s specific needs and priorities.

    Conduct a decision-support review and a thorough dashboard and report audit to identify the gaps your project will address.

    Take advantage of the planning stage to secure sponsor and stakeholder buy-in.

    Key Benefits Achieved

    Current-state assessment of satisfaction with PPM decision-making support.

    Current-state assessment of all existing dashboards and reports: effort, usage, and satisfaction.

    A shortlist of dashboards and reports to improve that is informed by actual needs and priorities.

    A shortlist of dashboards and reports to create that is informed by actual needs and priorities.

    The foundation for a purposeful and focused PPM dashboard and reporting program that is sustainable in the long term.

    Activities

    1.1 Engage in PPM decision-making review.

    1.2 Perform a PPM dashboard and reporting audit and gap analysis.

    1.3 Identify dashboards and/or reports needed.

    1.4 Plan the PPM dashboard and reporting project.

    Outputs

    PPM Decision-Making Review

    PPM Dashboard and Reporting Audit

    Prioritized list of dashboards and reports to be improved and created

    Roadmap for the PPM dashboard and reporting project

    2 Design New or Improved PPM Dashboards and Reporting

    The Purpose

    Once the purpose of each PPM dashboard and report has been identified (based on needs and priorities) it is important to establish what exactly will be required to produce the desired outputs.

    Gathering stakeholder and technical requirements will ensure that the proposed and finalized designs are realistic and sustainable in the long term.

    Key Benefits Achieved

    Dashboard and report designs that are informed by a thorough analysis of stakeholder and technical requirements.

    Dashboard and report designs that are realistically sustainable in the long term.

    Activities

    2.1 Review the best practices and science behind effective dashboards and reporting.

    2.2 Gather stakeholder requirements.

    2.3 Gather technical requirements.

    2.4 Build wireframe options for each dashboard or report.

    2.5 Review options: requirements, feasibility, and usability.

    2.6 Finalize initial designs.

    2.7 Design and record the input, production, and consumption workflows and processes.

    Outputs

    List of stakeholder requirements for dashboards and reports

    Wireframe design options

    Record of the assessment of each wireframe design: requirements, feasibility, and usability

    A set of finalized initial designs for dashboards and reports.

    Process workflows for each initial design

    3 Plan to Roll Out Enhanced PPM Dashboards and Reports

    The Purpose

    Ensure that enhanced dashboards and reports are actually adopted in the long term by carefully planning their roll-out to inputters, producers, and consumers.

    Plan to train all stakeholders, including report consumers, to ensure that the reports generate the decision support and PPM value they were designed to.

    Key Benefits Achieved

    An informed, focused, and scheduled plan for rolling out dashboards and reports and for training the various stakeholders involved.

    Activities

    3.1 Plan for external resourcing (if necessary): vendors, consultants, contractors, etc.

    3.2 Conduct impact analysis: risks and opportunities.

    3.3 Create an implementation and training plan.

    3.4 Determine PPM dashboard and reporting project success metrics.

    Outputs

    External resourcing plan

    Impact analysis and risk mitigation plan

    Record of the PPM dashboard and reporting project success metrics

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction

    • Buy Link or Shortcode: {j2store}612|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation

    Organizations risk being locked in a circular trap of inertia from auto-renewing their software. With inertia comes complacency, leading to a decrease in overall satisfaction. Indeed, organizations are uniformly choosing to renew their software – even if they don’t like the vendor!

    Our Advice

    Critical Insight

    Renewal is an opportunity cost. Switching poorly performing software substantially drives increased satisfaction, and it potentially lowers vendor costs in the process. To realize maximum gains, it’s essential to have a repeatable process in place.

    Impact and Result

    Realize the benefits of switching by using Info-Tech’s five action steps to optimize your vendor switching processes:

    1. Identify switch opportunities.
    2. Evaluate your software.
    3. Build the business case.
    4. Optimize selection method.
    5. Plan implementation.

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Why you should consider switching software vendors

    Use this outline of key statistics to help make the business case for switching poorly performing software.

    • Switching Existing Software Vendors Overwhelmingly Drives Increased Satisfaction Storyboard

    2. How to optimize your software vendor switching process

    Optimize your software vendor switching processes with five action steps.

    [infographic]

    Security Priorities 2022

    • Buy Link or Shortcode: {j2store}244|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Ransomware activities and the cost of breaches are on the rise.
    • Cybersecurity talent is hard to find, and an increasing number of cybersecurity professionals are considering leaving their jobs.
    • Moving to the digital world increases the risk of a breach.

    Our Advice

    Critical Insight

    • The pandemic has fundamentally changed the technology landscape. Security programs must understand how their threat surface is now different and adapt their controls to meet the challenge.
    • The upside to the upheaval in 2021 is new opportunities to modernize your security program.

    Impact and Result

    • Use the report to ensure your plan in 2022 addresses what’s important in cybersecurity.
    • Understand the current situation in the cybersecurity space.

    Security Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Security Priorities 2022 – A report that describes priorities and recommendations for CISOs in 2022.

    Use this report to understand the current situation in the cybersecurity space and inform your plan for 2022. This report includes sections on protecting against and responding to ransomware, acquiring and retaining talent, securing a remote workforce, securing digital transformation, and adopting zero trust.

    • Security Priorities for 2022 Report

    Infographic

    Further reading

    Security Priorities 2022

    The pandemic has changed how we work

    disruptions to the way we work caused by the pandemic are here to stay.

    The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.

    People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.

    Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.

    30% more professionals expect transformative permanent change compared to one year ago.

    47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)

    The cost of a security breach is rising steeply

    The shift to remote work exposes organizations to more costly cyber incidents than ever before.

    $4.24 million

    Average cost of a data breach in 2021
    The cost of a data breach rose by nearly 10% in the past year, the highest rate in over seven years.

    $1.07 million

    More costly when remote work involved in the breach

    The average cost of breaches where remote work is involved is $1.07 million higher than breaches where remote work is not involved.

    The ubiquitous remote work that we saw in 2021 and continue to see in 2022 can lead to more costly security events. (Source: IBM, 2021)

    Remote work is here to stay, and the cost of a breach is higher when remote work is involved.

    The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)

    Security teams can participate in the solution

    The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment

    $1.76 million

    Saved when zero trust is deployed facing a breach

    Zero trust controls are realistic and effective controls.

    Organizations that implement zero trust dramatically reduce the cost of an adverse security event.

    35%

    More costly if it takes more than 200 days to identify and contain a breach

    With increased BYOD and remote work, detection and response is more challenging than ever before – but it is also highly effective.

    Organizations that detect and respond to incidents quickly will significantly reduce the impact. (Source: IBM, 2021)

    Breaches are 34% less costly when mature zero trust is implemented.

    A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)

    Top security priorities and constraints in 2022

    Survey results

    As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:

    Top Priorities
    A list of the top three priorities identified in the survey with their respective percentages, 'Acquiring and retaining talent, 30%', 'Protecting against and responding to ransomware, 23%', and 'Securing a remote workforce, 23%'.

    Survey respondents were asked to force-rank their security priorities.

    Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.

    Top Obstacles
    A list of the top three obstacles identified in the survey with their respective percentages, 'Staffing constraints, 31%', 'Demand of ever-changing business environment, 23%', and 'Budget constraints, 15%'.

    Talent management is both the #1 priority and the top obstacle facing security leaders in 2022.

    Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.

    We know the priorities…

    But what are security leaders actually working on?

    This report details what we see the world demanding of security leaders in the coming year.

    Setting aside the demands – what are security leaders actually working on?

    A list of 'Top security topics among Info-Tech members' with accompanying bars, 'Security Strategy', 'Security Policies', 'Security Operations', 'Security Governance', and 'Security Incident Response'.

    Many organizations are still mastering the foundations of a mature cybersecurity program.

    This is a good idea!

    Most breaches are still due to gaps in foundational security, not lack of advanced controls.

    We know the priorities…

    But what are security leaders actually working on?

    A list of industries with accompanying bars representing their demand for security. The only industry with a significant positive percentage is 'Government'. Security projects included in annual plan relative to industry.

    One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets.

    Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.

    5 Security Priorities for 2022 Logo for Info-Tech. Logo for ITRG.

    People

    1. Acquiring and Retaining Talent
      Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
    2. Securing a Remote Workforce
      Create a secure environment for users and help your people build safe habits while working remotely.

    Process

    1. Securing Digital Transformation
      Build in security from the start and check in frequently to create agile and secure user experiences.

    Technology

    1. Adopting Zero Trust
      Manage access of sensitive information based on the principle of least privilege.
    2. Protecting Against and Responding to Ransomware
      Put in your best effort to build defenses but also prepare for a breach and know how to recover.

    Main Influencing Factors

    COVID-19 Pandemic
    The pandemic has changed the way we interact with technology. Organizations are universally adapting their business and technology processes to fit the post-pandemic paradigm.
    Rampant Cybercrime Activity
    By nearly every conceivable metric, cybercrime is way up in the past two years. Cybercriminals smell blood and pose a more salient threat than before. Higher standards of cybersecurity capability are required to respond to this higher level of threat.
    Remote Work and Workforce Reallocation
    Talented IT staff across the globe enabled an extraordinarily fast shift to remote and distance work. We must now reckon with the security and human resourcing implications of this huge shift.

    Acquire and Retain Talent

    Priority 01

    Security talent was in short supply before the pandemic, and it's even worse now.

    Executive summary

    Background

    Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.

    The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.

    The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.

    Current situation

    • A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
    • (ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).

    2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)

    IT leaders must do more to attract and retain talent in 2022

    • Over 70% of IT professionals are considering quitting their jobs (TalentLMS, 2021). Meanwhile, 51% of surveyed cybersecurity professionals report extreme burnout during the last 12 months and many of them have considered quitting because of it (VMWare, 2021).
    • Working remotely makes it easier for people to look elsewhere, lowering the barrier to leaving.
    • This is a big problem for security leaders, as cybersecurity talent is in very short supply. The cost of acquiring and retaining quality cybersecurity staff in 2022 is significant, and many organizations are unwilling or unable to pay the premium.
    • Top talent will demand flexible working conditions – even though remote work comes with security risk.
    • Most smart, talented new hires in 2022 are demanding to work remotely most of the time.
    Top reasons for resignations in 2021
    Burnout 30%
    Other remote opportunities 20%
    Lack of growth opportunities 20%
    Poor culture 20%
    Acquisition concerns 10%
    (Source: Survey of West Coast US cybersecurity professionals; TechBeacon, 2021)

    Talent will be 2022’s #1 strength and #1 weakness

    Staffing obstacles in 2022:

    “Attracting and retaining talent is always challenging. We don’t pay as well and my org wants staff in the office at least half of the time. Most young, smart, talented new hires want to work remotely 100 percent of the time.“

    “Trying to grow internal resources into security roles.”

    “Remote work expectations by employees and refusal by business to accommodate.”

    “Biggest obstacle: payscales that are out of touch with cybersecurity market.”

    “Request additional staff. Obtaining funding for additional position is most significant obstacle.”

    (Info-Tech Tech Security Priorities Survey 2022)
    Top obstacles in 2022:

    As you can see, respondents to our security priorities survey have strong feelings on the challenges of staffing a cybersecurity team.

    The growth of remote work means local talent can now be hired by anybody, vastly increasing your competition as an employer.

    Hiring local will get tougher – but so will hiring abroad. People who don’t want to relocate for a new job now have plenty of alternatives. Without a compelling remote work option, you will find non-local prospects unwilling to move for a new job.

    Lastly, many organizations are still reeling at the cost of experienced cybersecurity talent. Focused internal training and development will be the answer for many organizations.

    Recommended Actions

    Provide career development opportunities

    Many security professionals are dissatisfied with their unclear career development paths. To improve retention, organizations should provide their staff with opportunities and clear paths for career and skills advancement.

    Be open-minded when hiring

    To broaden the candidate pool, organizations should be open-minded when considering who to hire.

    • Enable remote work.
    • Do not fixate on certificates and years of experience; rather, be open to developing those who have the right interest and ability.
    • Consider using freelance workers.
    Facilitate work-life balance

    Many security professionals say they experience burnout. Promoting work-life balance in your organization can help retain critical skills.

    Create inclusive environment

    Hire a diverse team and create an inclusive environment where they can thrive.

    Talent acquisition and retention plan

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Address a top priority and a top obstacle with a plan to attract and retain top organizational and cybersecurity talent.

    Initiative Description:

    • Provide secure remote work capabilities for staff.
    • Work with HR to refine a hiring plan that addresses geographical and compensation gaps with cybersecurity and general staff.
    • Survey staff engagement to identify points of friction and remediate where needed.
    • Define a career path and growth plan for staff.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.
    Reduction in costs due to turnover and talent loss

    Other Expected Business Benefits:

    Arrow pointing up.
    Productivity due to good morale/ engagement
    Arrow pointing up.
    Improved corporate culture
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Big organizational and cultural changes
    • Increased attack surface of remote/hybrid workforce

    Related Info-Tech Research:

    Secure a Remote Workforce

    Priority 02

    Trends suggest remote work is here to stay. Addressing the risk of insecure endpoints can no longer be deferred.

    Executive summary

    Remote work poses unique challenges to cybersecurity teams. The personal home environment may introduce unauthorized people and unknown network vulnerabilities, and the organization loses nearly all power and influence over the daily cyber hygiene of its users.

    In addition, the software used for enabling remote work itself can be a target of cybersecurity criminals.

    Current situation

    • 70% of workers in technical services work from home.
    • Employees of larger firms and highly paid individuals are more likely to be working outside the office.
    • 80% of security and business leaders find that remote work has increased the risk of a breach.
    • (Source: StatCan, 2021)

    70% of tech workers work from home (Source: Statcan, 2021)

    Remote work demands new security solutions

    The security perimeter is finally gone

    The data is outside the datacenter.
    The users are outside the office.
    The endpoints are … anywhere and everywhere.

    Organizations that did not implement digital transformation changes following COVID-19 experience higher costs following a breach, likely because it is taking nearly two months longer, on average, to detect and contain a breach when more than 50% of staff are working remotely (IBM, 2021).

    In 2022 the cumulative risk of so many remote connections means we need to rethink how we secure the remote/hybrid workforce.

    Security
    • Distributed denial of service
    • DNS hijacking
    • Weak VPN protocols
    Identity
    • One-time verification allowing lateral movement
    Colorful tiles representing the surrounding security solutions. Network
    • Risk perimeter stops at corporate network edge
    • Split tunneling
    Authentication
    • Weak authentication
    • Weak password
    Access
    • Man-in-the-middle attack
    • Cross-site scripting
    • Session hijacking

    Recommended Actions

    Mature your identity management

    Compromised identity is the main vector to breaches in recent years. Stale accounts, contractor accounts, misalignment between HR and IT – the lack of foundational practices leads to headline-making breaches every week.
    Tighten up identity control to keep your organization out of the newspaper.

    Get a handle on your endpoints

    Work-from-home (WFH) often means unknown endpoints on unknown networks full of other unknown devices…and others in the home potentially using the workstation for non-work purposes. Gaining visibility into your endpoints can help to keep detection and resolution times short.

    Educate users

    Educate everyone on security best practices when working remotely:

    • Apply secure settings (not just defaults) to the home network.
    • Use strong passwords.
    • Identify suspicious email.
    Ease of use

    Many workers complain that the corporate technology solution makes it difficult to get their work done.

    Employees will take productivity over security if we force them to choose, so IT needs to listen to end users’ needs and provide a solution that is nimble and secure.

    Roadmap to securing remote/hybrid workforce

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    The corporate network now extends to the internet – ensure your security plan has you covered.

    Initiative Description:

    • Reassess enterprise security strategy to include the WFH attack surface (especially endpoint visibility).
    • Ensure authentication requirements for remote workers are sufficient (e.g. MFA, strong passwords, hardware tokens for high-risk users/connections).
    • Assess the value of zero trust networking to minimize the blast radius in the case of a breach.
    • Perform penetration testing annually.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.


    Reduced cost of security incidents/reputational damage

    Other Expected Business Benefits:

    Arrow pointing up.
    Improved ability to attract and retain talent
    Arrow pointing up.
    Increased business adaptability
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential disruption to traditional working patterns
    • Cost of investing in WFH versus risk of BYOD

    Related Info-Tech Research:

    Secure Digital Transformation

    Priority 03

    Digital transformation could be a competitive advantage…or the cause of your next data breach.

    Executive summary

    Background

    Digital transformation is occurring at an ever-increasing rate these days. As Microsoft CEO Satya Nadella said early in the pandemic, “We’ve seen two years’ worth of digital transformation in two months.”

    We have heard similar stories from Info-Tech members who deployed rollouts that were scheduled to take months over a weekend instead.

    Microsoft’s own shift to rapidly expand its Teams product is a prime example of how quickly the digital landscape has changed. The global adaption to a digital world has largely been a success story, but rapid change comes with risk, and there is a parallel story of rampant cyberattacks like we have never seen before.

    Insight

    There is an adage that “slow is smooth, and smooth is fast” – the implication being that fast is sloppy. In 2022 we’ll see a pattern of organizations working to catch up their cybersecurity with the transformations we all made in 2020.

    $1.78 trillion expected in digital transformation investments (Source: World Economic Forum, 2021)

    An ounce of security prevention versus a pound of cure

    The journey of digital transformation is a risky one.

    Digital transformations often rely heavily on third-party cloud service providers, which increases exposure of corporate data.

    Further, adoption of new technology creates a new threat surface that must be assessed, mitigations implemented, and visibility established to measure performance.

    However, digital transformations are often run on slim budgets and without expert guidance.

    Survey respondents report as much: rushed deployments, increased cloud migration, and shadow IT are the top vulnerabilities reported by security leaders and executives.

    In a 2020 Ponemon survey, 82% of IT security and C-level executives reported experiencing at least one data breach directly resulting from a digital transformation they had undergone.

    Scope creep is inevitable on any large project like a digital transformation. A small security shortcut early in the project can have dire consequences when it grows to affect personal data and critical systems down the road.

    Recommended Actions

    Engage the business early and often

    Despite the risks, organizations engage in digital transformations because they also have huge business value.

    Security leaders should not be seeking to slow or stop digital transformations; rather, we should be engaging with the business early to get ahead of risks and enable successful transformation.

    Establish a vendor security program

    Data is moving out of datacenters and onto third-party environments. Without security requirements built into agreements, and clear visibility into vendor security capabilities, that data is a major source of risk.

    A robust vendor security program will create assurance early in the process and help to reinforce the responsibility of securing data with other parts of the organization.

    Build/revisit your security strategy

    The threat surface has changed since before your transformation. This is the right time to revisit or rebuild your security strategy to ensure that your control set is present throughout the new environment – and also a great opportunity to show how your current security investments are helping secure your new digital lines of business!

    Educate your key players

    Only 16% of security leaders and executives report alignment between security and business processes during digital transformation.

    If security is too low a priority, then key players in your transformation efforts are likely unaware of how security risks impact their own success. It will be incumbent upon the CISO to start that conversation.

    Securing digital transformation

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Ensure your investment in digital transformation is appropriately secured.

    Initiative Description:

    • Engage security with digital transformation and relevant governance structures (steering committees) to ensure security considerations are built into digital transformation planning.
    • Incorporate security stage gates in project management procedures.
    • Establish a vendor security assessment program.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased likelihood of digital transformation success

    Other Expected Business Benefits:

    Arrow pointing up.
    Ability to make informed decisions for the field rep strategy
    Arrow pointing down.
    Reduced long-term cost of digital transformation
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential increased up front cost (reduced long-term cost)
    • Potential slowed implementation with security stage gates in project management

    Related Info-Tech Research:

    Adopt Zero Trust

    Priority 04

    Governments are recognizing the importance of zero trust strategies. So should your organization.

    Why now for zero trust?

    John Kindervag modernized the concept of zero trust back in 2010, and in the intervening years there has been enormous interest in cybersecurity circles, yet in 2022 only 30% of organizations report even beginning to roll out zero trust capabilities (Statista, 2022).

    Why such little action on a revolutionary and compelling model?

    Zero trust is not a technology; it is a principle. Zero trust adoption takes concerted planning, effort, and expense, for which the business value has been unclear throughout most of the last 10 years. However, several recent developments are changing that:

    • Securing technology has become very hard! The size, complexity, and attack surface of IT environments has grown significantly – especially since the pandemic.
    • Cyberattacks have become rampant as the cost to deploy harmful ransomware has become lower and the impact has become higher.
    • The shift away from on-premises datacenters and offices created an opening for zero trust investment, and zero trust technology is more mature than ever before.

    The time has come for zero trust adoption to begin in earnest.

    97% will maintain or increase zero trust budget (Source: Statista, 2022)

    Traditional perimeter security is not working

    Zero trust directly addresses the most prevalent attack vectors today

    A hybrid workforce using traditional VPN creates an environment where we are exposed to all the risks in the wild (unknown devices at any location on any network), but at a stripped-down security level that still provides the trust afforded to on-premises workers using known devices.

    What’s more, threats such as ransomware are known to exploit identity and remote access vulnerabilities before moving laterally within a network – vectors that are addressed directly by zero trust identity and networking. Ninety-three percent of surveyed zero trust adopters state that the benefits have matched or exceeded their expectations (iSMG, 2022).

    Top reasons for building a zero trust program in 2022

    (Source: iSMG, 2022)

    44%

    Enforce least privilege access to critical resources

    44%

    Reduce attacker ability to move laterally

    41%

    Reduce enterprise attack surface

    The business case for zero trust is clearer than ever

    Prior obstacles to Zero Trust are disappearing

    A major obstacle to zero trust adoption has been the sheer cost, along with the lack of business case for that investment. Two factors are changing that paradigm in 2022:

    The May 2021 US White House Executive Order for federal agencies to adopt zero trust architecture finally placed zero trust on the radar of many CEOs and board members, creating the business interest and willingness to consider investing in zero trust.

    In addition, the cost of adopting zero trust is quickly being surpassed by the cost of not adopting zero trust, as cyberattacks become rampant and successful zero trust deployments create a case study to support investment.

    Bar chart titled 'Cost to remediate a Ransomware attack' with bars representing the years '2021' and '2020'. 2021's cost sits around $1.8M while 2020's was only $750K The cost to remediate a ransomware attack more than doubled from 2020 to 2021. Widespread adoption of zero trust capabilities could keep that number from doubling again in 2022. (Source: Sophos, 2021)

    The cost of a data breach is on average $1.76 million less for organizations with mature zero trust deployments.

    That is, the cost of a data breach is 35% reduced compared to organizations without zero trust controls. (Source: IBM, 2021)

    Recommended Actions

    Start small

    Don’t put all your eggs in one basket by deploying zero trust in a wide swath. Rather, start as small as possible to allow for growing pains without creating business friction (or sinking your project altogether).

    Build a sensible roadmap

    Zero trust principles can be applied in a myriad of ways, so where should you start? Between identities, devices, networking, and data, decide on a use case to do pilot testing and then refine your approach.

    Beware too-good-to-be-true products

    Zero trust is a powerful buzzword, and vendors know it.

    Be skeptical and do your due diligence to ensure your new security partners in zero trust are delivering what you need.

    Zero trust roadmap

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Develop a practical roadmap that shows the business value of security investment.

    Initiative Description:

    • Define desired business and security outcomes from zero trust adoption.
    • Assess zero trust readiness.
    • Build roadmaps for zero trust:
      1. Identity
      2. Networking
      3. Devices
      4. Data
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased security posture and business agility

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced impact of security events
    Arrow pointing down.
    Reduced cost of managing complex control set
    Arrow pointing up.
    More secure business transformation (i.e. cloud/digital)
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Learning curve of implementation (start small and slow)
    • Transition from current control set to zero trust model

    Related Info-Tech Research:

    Protect Against and Respond to Ransomware

    Priority 05

    Ransomware is still the #1 threat to the safety of your data.

    Executive summary

    Background

    • Ransomware attacks have transformed in 2021 and show no sign of slowing in 2022. There is a new major security breach every week, despite organizations spending over $150 billion in a year on cybersecurity (Nasdaq, 2021).
    • Ransomware as a service (RaaS) is commonplace, and attackers are doubling down by holding encrypted data ransom and also demanding payment under threat to disclose exfiltrated data – and they are making good on their threats.
    • The global cost of ransomware is expected to rise to $265 billion by 2031 (Cybersecurity Ventures, 2021).
    • We expect to see an increase in ransomware incidents in 2022, both in severity and volume – multiple attacks and double extortion are now the norm.
    • High staff turnover increases risk because new employees are unfamiliar with security protocols.

    150% increase ransomware attacks in 2020 (Source: ENISA)

    This is a new golden age of ransomware

    What is the same in 2022

    Unbridled ransomware attacks make it seem like attackers must be using complex new techniques, but prevalent ransomware attack vectors are actually well understood.

    Nearly all modern variants are breaching victim systems in one of three ways:

    • Email phishing
    • Software vulnerabilities
    • RDP/Remote access compromise
    What is new in 2022
    The sophistication of victim targeting

    Victims often find themselves asking, “How did the attackers know to phish the most security-oblivious person in my staff?” Bad actors have refined their social engineering and phishing to exploit high-risk individuals, meaning your chain is only as strong as the weakest link.

    Ability of malware to evade detection

    Modern ransomware is getting better at bypassing anti-malware technology, for example, through creative techniques such as those seen in the MedusaLocker variant and in Ghost Control attacks.

    Effective anti-malware is still a must-have control, but a single layer of defense is no longer enough. Any organization that hopes to avoid paying a ransom must prepare to detect, respond, and recover from an attack.

    Many leaders still don’t know what a ransomware recovery would look like

    Do you know what it would take to recover from a ransomware incident?

    …and does your executive leadership know what it would take to recover?

    The organizations that are most likely to pay a ransom are unprepared for the reality of recovering their systems.

    If you have not done a tabletop or live exercise to simulate a true recovery effort, you may be exposed to more risk than you realize.

    Are your defenses sufficiently hardened against ransomware?

    Organizations with effective security prevention are often breached by ransomware – but they are prepared to contain, detect, and eradicate the infection.

    Ask yourself whether you have identified potential points of entry for ransomware. Assume that your security controls will fail.

    How well are your security controls layered, and how difficult would it be for an attacker to move east/west within your systems?

    Recommended Actions

    Be prepared for a breach

    There is no guarantee that an organization will not fall victim to ransomware, so instead of putting all their effort into prevention, organizations should also put effort into planning to respond to a breach.

    Security awareness training/phishing detection

    Phishing continues to be the main point of entry for ransomware. Investing in phishing awareness and detection among your end users may be the most impactful countermeasure you can implement.

    Zero trust adoption

    Always verify at every step of interaction, even when access is requested by internal users. Manage access of sensitive information based on the principle of least privilege access.

    Encrypt and back up your data

    Encrypt your data so that even if there is a breach, the attackers don’t have a copy of your data. Also, keep regular backups of data at a separate location so that you still have data to work with after a breach occurs.

    You never want to pay a ransom. Being prepared to deal with an incident is your best chance to avoid paying!

    Prevent and respond to ransomware

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Determine your current readiness, response plan, and projects to close gaps.

    Initiative Description:

    • Execute a systematic assessment of your current security and ransomware recovery capabilities.
    • Perform tabletop activities and live recoveries to test data recovery capabilities.
    • Train staff to detect suspicious communications and protect their identities.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Improved productivity and brand protection

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced downtime and disruption
    Arrow pointing down.
    Reduced cost due to incidents (ransom payments, remediation)
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Friction with existing staff

    Related Info-Tech Research:

    Deepfakes: Dark-horse threat for 2022

    Deepfake video

    How long has it been since you’ve gone a full workday without having a videoconference with someone?

    We have become inherently trustful that the face we see on the screen is real, but the technology required to falsify that video is widely available and runs on commercially available hardware, ushering in a genuinely post-truth online era.

    Criminals can use deepfakes to enhance social engineering, to spread misinformation, and to commit fraud and blackmail.

    Deepfake audio

    Many financial institutions have recently deployed voiceprint authentication. TD describes its VoicePrint as “voice recognition technology that allows us to use your voiceprint – as unique to you as your fingerprint – to validate your identity” over the phone.

    However, hackers have been defeating voice recognition for years already. There is ripe potential for voice fakes to fool both modern voice recognition technology and the accounts payable staff.

    Bibliography

    “2021 Ransomware Statistics, Data, & Trends.” PurpleSec, 2021. Web.

    Bayern, Macy. “Why 60% of IT security pros want to quit their jobs right now.” TechRepublic, 10 Oct. 2018. Web.

    Bresnahan, Ethan. “How Digital Transformation Impacts IT And Cyber Risk Programs.” CyberSaint Security, 25 Feb. 2021. Web.

    Clancy, Molly. “The True Cost of Ransomware.” Backblaze, 9 Sept. 2021.Web.

    “Cost of a Data Breach Report 2021.” IBM, 2021. Web.

    Cybersecurity Ventures. “Global Ransomware Damage Costs To Exceed $265 Billion By 2031.” Newswires, 4 June 2021. Web.

    “Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe.” Ponemon Institute, June 2020. Web.

    “Global Incident Response Threat Report: Manipulating Reality.” VMware, 2021.

    Granger, Diana. “Karmen Ransomware Variant Introduced by Russian Hacker.” Recorded Future, 18 April 2017. Web.

    “Is adopting a zero trust model a priority for your organization?” Statista, 2022. Web.

    “(ISC)2 Cybersecurity Workforce Study, 2021: A Resilient Cybersecurity Profession Charts the Path Forward.” (ISC)2, 2021. Web.

    Kobialka, Dan. “What Are the Top Zero Trust Strategies for 2022?” MSSP Alert, 10 Feb. 2022. Web.

    Kost, Edward. “What is Ransomware as a Service (RaaS)? The Dangerous Threat to World Security.” UpGuard, 1 Nov. 2021. Web.

    Lella, Ifigeneia, et al., editors. “ENISA Threat Landscape 2021.” ENISA, Oct. 2021. Web.

    Mello, John P., Jr. “700K more cybersecurity workers, but still a talent shortage.” TechBeacon, 7 Dec. 2021. Web.

    Naraine, Ryan. “Is the ‘Great Resignation’ Impacting Cybersecurity?” SecurityWeek, 11 Jan. 2022. Web.

    Oltsik, Jon. “ESG Research Report: The Life and Times of Cybersecurity Professionals 2021 Volume V.” Enterprise Security Group, 28 July 2021. Web.

    Osborne, Charlie. “Ransomware as a service: Negotiators are now in high demand.” ZDNet, 8 July 2021. Web.

    Osborne, Charlie. “Ransomware in 2022: We’re all screwed.” ZDNet, 22 Dec. 2021. Web.

    “Retaining Tech Employees in the Era of The Great Resignation.” TalentLMS, 19 Oct. 2021. Web.

    Rubin, Andrew. “Ransomware Is the Greatest Business Threat in 2022.” Nasdaq, 7 Dec. 2021. Web.

    Samartsev, Dmitry, and Daniel Dobrygowski. “5 ways Digital Transformation Officers can make cybersecurity a top priority.“ World Economic Forum, 15 Sept. 2021. Web.

    Seymour, John, and Azeem Aqil. “Your Voice is My Passport.” Presented at black hat USA 2018.

    Solomon, Howard. “Ransomware attacks will be more targeted in 2022: Trend Micro.” IT World Canada, 6 Jan. 2022. Web.

    “The State of Ransomware 2021.” Sophos, April 2021. Web.

    Tarun, Renee. “How The Great Resignation Could Benefit Cybersecurity.” Forbes Technology Council, Forbes, 21 Dec. 2021. Web.

    “TD VoicePrint.” TD Bank, n.d. Web.

    “Working from home during the COVID-19 pandemic, April 202 to June 2021.” Statistics Canada, 4 Aug. 2021. Web.

    “Zero Trust Strategies for 2022.” iSMG, Palo Alto Networks, and Optiv, 28 Jan. 2022. Web.

    External Compliance

    • Buy Link or Shortcode: {j2store}39|cart{/j2store}
    • Related Products: {j2store}39|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk
    Take Control of Compliance Improvement to Conquer Every Audit

    Accelerate Business Growth and Valuation by Building Brand Awareness

    • Buy Link or Shortcode: {j2store}569|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Brands that fail to invest in brand awareness are likely to face some, if not all these problems:

    • Lack of brand visibility and recognition
    • Inability to reach and engage with the buyers
    • Difficulties generating and converting leads
    • Low customer retention rate
    • Inability to justify higher pricing
    • Limited brand equity, business valuation, and sustainability

    Our Advice

    Critical Insight

    Awareness brings visibility and traction to brands, which is essential in taking the market leadership position and becoming the trusted brand that buyers think of first.

    Brand awareness also significantly contributes to increasing brand equity, market valuation, and business sustainability.

    Impact and Result

    Building brand awareness allows for the increase of:

    • Brand visibility, perception, recognition, and reputation
    • Interactions and engagement with the target audience
    • Digital advertising performance and ROI
    • Conversion rates and sales wins
    • Revenue and profitability
    • Market share & share of voice (SOV)
    • Talents, partners, and investors attraction and retention
    • Brand equity, business growth, and market valuation

    Accelerate Business Growth and Valuation by Building Brand Awareness Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Accelerate Business Growth and Valuation by Building Brand Awareness Storyboard - Learn how to establish the brand foundation, create assets and workflows, and deploy effective brand awareness strategies and tactics.

    A two-step approach to building brand awareness, starting with defining the brand foundations and then implementing effective brand awareness strategies and tactics.

    • Accelerate Business Growth and Valuation by Building Brand Awareness Storyboard

    2. Define Brand's Personality and Message - Analyze your target market and develop key elements of your brand guidelines.

    With this set of tools, you will be able to capture and analyze your target market, your buyers and their journeys, define your brand's values, personality, and voice, and develop all the key elements of your brand guidelines to enable people within your organization and external resources to build a consistent and recognizable image across all assets and platforms.

    • Market Analysis Template
    • Brand Recognition Survey and Interview Questionnaire and List Template
    • External and Internal Factors Analysis Template
    • Buyer Personas and Journey Presentation Template
    • Brand Purpose, Mission, Vision, and Values Template
    • Brand Value Proposition and Positioning Statement
    • Brand Voice Guidelines Template
    • Writing Style Guide Template
    • Brand Messaging Template
    • Writer Checklist

    3. Start Building Brand Awareness - Achieve strategic alignment.

    These tools will allow you to achieve strategic alignment and readiness, create assets and workflows, deploy tactics, establish Key Performance Indicators (KPIs), and monitor and optimize your strategy on an ongoing basis.

    • Brand Awareness Strategy and Tactics Template
    • Asset Creation and Management List
    • Campaign Workflows Template
    • Brand Awareness Strategy Rollout Plan Template
    • Survey Emails Best Practices Guidelines

    Infographic

    Further reading

    Accelerate Business Growth and Valuation By Building Brand Awareness

    Develop and deploy comprehensive, multi-touchpoint brand awareness strategies to become the trusted brand that buyers think of first.

    EXECUTIVE BRIEF

    Analyst perspective

    Building brand awareness

    Achieving high brand awareness in a given market and becoming the benchmark for buyers

    is what every brand wants to achieve, as it is a guarantee of success. Building brand awareness,

    even though its immediate benefits are often difficult to see and measure, is essential for companies that want to stand out from their competitors and continue to grow in a sustainable way. The return on investment (ROI) may take longer, but the benefits are also greater than those achieved through short-term initiatives with the expectation of immediate, albeit often limited, results.

    Brands that are familiar to their target market have greater credibility, generate more sales,

    and have a more loyal customer base. CMOs that successfully execute brand awareness programs

    build brand equity and grow company valuation.

    This is a picture of Nathalie Vezina

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    Executive summary

    Brand leaders know that brand awareness is essential to the success of all marketing and sales activities. Brands that fail to invest in brand awareness are likely to face some, if not all these problems:

    • Lack of brand visibility and compelling storytelling.
    • Inability to reach the target audience.
    • Low engagement on digital platforms and with ads.
    • Difficulties generating and converting leads, or closing/winning sales/deals, and facing a high cost per acquisition.
    • Low/no interest or brand recognition, trust level, and customer retention rate.
    • Inability to justify higher pricing.

    Convincing stakeholders of the benefits of strong brand awareness can be difficult when the positive outcomes are hard to quantify, and the return on investment (ROI) is often long-term. Among the many obstacles brand leaders must overcome are:

    • Lack of longer-term corporate vision, focusing all efforts and resources on short-term growth strategies for a quick ROI.
    • Insufficient market and target buyers' information and understanding of the brand's key differentiator.
    • Misalignment of brand message, and difficulties creating compelling content that resonates with the target audience, generates interest, and keeps them engaged.
    • Limited or no resources dedicated to the development of the brand.

    Inspired by top-performing businesses and best practices, this blueprint provides the guidance and tools needed to successfully build awareness and help businesses grow. By following these guidelines, brand leaders can expect to:

    • Gain market intelligence and a clear understanding of the buyer's needs, your competitive advantage, and key differentiator.
    • Develop a clear and compelling value proposition and a human-centric brand messaging driven by the brand's values.
    • Increase online presence and brand awareness to attract and engage with buyers.
    • Develop a long-term brand strategy and execution plan.

    "A brand is the set of expectations, memories, stories, and relationships that, taken together, account for a consumer's decision to choose one product or service over another."

    – Seth Godin

    What is brand awareness?

    The act of making a brand visible and memorable.

    Brand awareness is the degree to which buyers are familiar with and recognize the attributes and image of a particular brand, product, or service. The higher the level of awareness, the more likely the brand is to come into play when a target audience enters the " buying consideration" phase of the buyer's journey.

    Brand awareness also plays an important role in building equity and increasing business valuation. Brands that are familiar to their target market have greater credibility, drive more sales and have a more loyal customer base.
    Building brand awareness allows increasing:

    • Brand visibility, perception, recognition, and reputation
    • Interactions and engagement with the target audience
    • Digital advertising performance and ROI
    • Conversion rates and sales wins
    • Revenue and profitability
    • Market share and share of voice (SOV)
    • Talents, partners, and investors attraction and retention
    • Brand equity, business growth, and market valuation

    "Products are made in a factory, but brands are created in the mind."
    Source: Walter Landor

    Capitalizing on a powerful brand

    A longer-term approach for an increased and more sustainable ROI.

    Market leader position

    Developing brand awareness is essential to increase the visibility and traction of a brand.

    Several factors may cause a brand to be not well-known. One reason might be that the brand recently launched, such as a startup. Another reason could be that the brand has rebranded or entered a new market.

    To become the trusted brand that buyers think of first in their target markets, it is critical for these brands to develop and deploy comprehensive, multi-touchpoint brand awareness strategies.

    A relationship leading to loyalty

    A longer-term brand awareness strategy helps build a strong relationship between the brand and the buyer, fostering a lasting and rewarding alliance.

    It also enables brands to reach and engage with their target audience effectively by using compelling storytelling and meaningful content.

    Adopting a more human-centric approach and emphasizing shared values makes the brand more attractive to buyers and can drive sales and gain loyalty.

    Sustainable business growth

    For brands that are not well established in their target market, short-term tactics that focus on immediate benefits can be ineffective. In contrast, long-term brand awareness strategies provide a more sustainable ROI (return on investment).

    Investing in building brand awareness can impact a business's ability to interact with its target audience, generate leads, and increase sales. Moreover, it can significantly contribute to boosting the business's brand equity and market valuation.

    "Quick wins may work in the short term, but they're not an ideal substitute for long-term tactics and continued success."
    Source: Forbes

    Impacts of low brand awareness on businesses

    Unfamiliar brands, despite their strong potential, won't thrive unless they invest in their notoriety.

    Brands that choose not to invest in longer-term awareness strategies and rely solely on short-term growth tactics in hopes of an immediate gain will see their ability to grow diminished and their longevity reduced due to a lack of market presence and recognition.

    Symptoms of a weakening brand include:

    • High marketing spending and limited result
    • Low market share or penetration
    • Low sales, revenue, and gross margin
    • Weak renewal rate, customer retention, and loyalty
    • Difficulties delivering on the brand promise, low/no trust in the brand
    • Limited brand equity, business valuation, and sustainability
    • Unattractive brand to partners and investors

    "Your brand is the single most important investment you can make in your business."
    Source: Steve Forbes

    Most common obstacles to increasing brand awareness

    Successfully building brand awareness requires careful preparation and planning.

    • Limited market intelligence
    • Unclear competitive advantage/key differentiator
    • Misaligned and inconsistent messaging and storytelling
    • Lack of long-term vision
    • and low prioritization
    • Limited resources to develop and execute brand awareness building tactics
    • Unattractive content that does not resonate, generates little or no interest and engagement

    Investing in the notoriety of the brand

    Become the top-of-mind brand in your target market.

    To stand out, be recognized by their target audience, and become major players in their industry, brands must adopt a winning strategy that includes the following elements:

    • In-depth knowledge and understanding of the market and audience
    • Strengthening digital presence and activities
    • Creating and publishing content relevant to the target audience
    • Reaching out through multiple touchpoints
    • Using a more human-centric approach
    • Ensure consistency in all aspects of the brand, across all media and channels

    How far are you from being the brand buyers think of first in your target market?

    This is an image of the Brand Awareness Pyramid.

    Brand awareness pyramid

    Based on David Aaker's brand loyalty pyramid

    Tactics for building brand awareness

    Focus on effective ways to gain brand recognition in the minds of buyers.

    This is an image of the Brand Awareness Journey Roadmap.

    Brand recognition requires in-depth knowledge of the target market, the creation of strong brand attributes, and increased presence and visibility.

    Understand the market and audience you're targeting

    Be prepared. Act smart.

    To implement a winning brand awareness-building strategy, you must:

    • Be aware of your competitor's strengths and weaknesses, as well as yours.
    • Find out who is behind the keyboard, and the user experience they expect to have.
    • Plan and continuously adapt your tactics accordingly.
    • Make your buyer the hero.

    Identify the brands' uniqueness

    Find your "winning zone" and how your brand uniquely addresses buyers' pain points.

    Focus on your key differentiator

    A brand has found its "winning zone" or key differentiator when its value proposition clearly shows that it uniquely solves its buyers' specific pain points.

    Align with your target audience's real expectations and successfully interact with them by understanding their persona and buyer's journey. Know:

    • How you uniquely address their pain points.
    • Their values and what motivates them.
    • Who they see as authorities in your field.
    • Their buying habits and trends.
    • How they like brands to engage with them.

    An image of a Venn diagram between the following three terms: Buyer pain point; Competitors' value proposition; your unique value proposition.  The overlapping zone is labeled the Winning zone.  This is your key differentiator.

    Give your brand a voice

    Define and present a consistent voice across all channels and assets.

    The voice reflects the personality of the brand and the emotion to be transmitted. That's why it's crucial to establish strict rules that define the language to use when communicating through the brand's voice, the type of words, and do's and don'ts.

    To be recognizable it is imperative to avoid inconsistencies. No matter how many people are behind the brand voice, the brand must show a unique, distinctive personality. As for the tone, it may vary according to circumstances, from lighter to more serious.

    Up to 80% Increased customer recognition when the brand uses a signature color scheme across multiple platforms
    Source: startup Bonsai
    23% of revenue increase is what consistent branding across channels leads to.
    Source: Harvard Business Review

    When we close our eyes and listen, we all recognize Ella Fitzgerald's rich and unique singing voice.

    We expect to recognize the writing of Stephen King when we read his books. For the brand's voice, it's the same. People want to be able to recognize it.

    Adopt a more human-centric approach

    If your brand was a person, who would it be?

    Human attributes

    Physically attractive

    • Brand identity
    • Logo and tagline
    • Product design

    Intellectually stimulating

    • Knowledge and ideas
    • Continuous innovation
    • Thought leadership

    Sociable

    • Friendly, likeable and fun
    • Confidently engage with audience through multiple touchpoints
    • Posts and shares meaningful content
    • Responsive

    Emotionally connected

    • Inspiring
    • Powerful influencer
    • Triggers emotional reactions

    Morally sound

    • Ethical and responsible
    • Value driven
    • Deliver on its promise

    Personable

    • Honest
    • Self-confident and motivated
    • Accountable

    0.05 Seconds is what it takes for someone to form an opinion about a website, and a brand.
    Source: 8ways

    90% of the time, our initial gut reaction to products is based on color alone.
    Source: startup Bonsai

    56% of the final b2b purchasing decision is based on emotional factors.
    Source: B@B International

    Put values at the heart of the brand-buyers relationship

    Highlight values that will resonate with your audience.

    Brands that focus on the values they share with their buyers, rather than simply on a product or service, succeed in making meaningful emotional connections with them and keep them actively engaged.

    Shared values such as transparency, sustainability, diversity, environmental protection, and social responsibility become the foundation of a solid relationship between a brand and its audience.

    The key is to know what motivates the target audience.

    86% of consumers claim that authenticity is one of the key factors they consider when deciding which brands they like and support.
    Source: Business Wire

    56% of the final decision is based on having a strong emotional connection with the supplier.
    Source: B2B International

    64% of today's customers are belief-driven buyers; they want to support brands that "can be a powerful force for change."
    Source: Edelman

    "If people believe they share values with a company, they will stay loyal to the brand."
    – Howard Schultz
    Source: Lokus Design

    Double-down on digital

    Develop your digital presence and reach out to your target audiences through multiple touchpoints.

    Beyond engaging content, reaching the target audience requires brands to connect and interact with their audience in multiple ways so that potential buyers can form an opinion.

    With the right message consistently delivered across multiple channels, brands increase their reach, create a buzz around their brand and raise awareness.

    73% of today's consumers confirm they use more than one channel during a shopping journey
    Source: Harvard Business Review

    Platforms

    • Website and apps
    • Social media
    • Group discussions

    Multimedia

    • Webinars
    • Podcasts
    • Publication

    Campaign

    • Ads and advertising
    • Landing pages
    • Emails, surveys drip campaigns

    Network

    • Tradeshows, events, sponsorships
    • Conferences, speaking opportunities
    • Partners and influencers

    Use social media to connect

    Reach out to the masses with a social media presence.

    Social media platforms represent a cost-effective opportunity for businesses to connect and influence their audience and tell their story by posting relevant and search-engine-optimized content regularly on their account and groups. It's also a nice gateway to their website.

    Building a relationship with their target buyer through social media is also an easy way for businesses to:

    • Understand the buyers.
    • Receive feedback on how the buyers perceive the brand and how to improve it.
    • Show great user experience and responsiveness.
    • Build trust.
    • Create awareness.

    75% of B2B buyers and 84% of C-Suite executives use social media when considering a purchase
    Source: LinkedIn Business

    92% of B2B buyers use social media to connect with leaders in the sales industry.
    Source: Techjury

    With over 4.5 billion social media users worldwide, and 13 new users signing up to their first social media account every second, social media is fast becoming a primary channel of communication and social interaction for many.
    Source: McKinsey

    Become the expert subject matter

    Raise awareness with thought leadership content.

    Thought leadership is about building credibility
    by creating and publishing meaningful, relevant content that resonates with a target audience.
    Thought leaders write and publish all kinds of relevant content such as white papers, ebooks, case studies, infographics, video and audio content, webinars, and research reports.
    They also participate in speaking opportunities, live presentations, and other high-visibility forums.
    Well-executed thought leadership strategies contribute to:

    • Raise awareness.
    • Build credibility.
    • Be recognized as a subject expert matter.
    • Become an industry leader.

    60% of buyers say thought leadership builds credibility when entering a new category where the brand is not already known.
    Source: Edelman | LinkedIn

    70% of people would rather learn about a company through articles rather than advertising.
    Source: Brew Interactive

    57% of buyers say that thought leadership builds awareness for a new or little-known brand.
    Source: Edelman | LinkedIn

    To achieve best results

    • Know the buyers' persona and journey.
    • Create original content that matches the persona of the target audience and that is close to their values.
    • Be Truthful and insightful.
    • Find the right tone and balance between being human-centric, authoritative, and bold.
    • Be mindful of people's attention span and value their time.
    • Create content for each phase of the buyer's journey.
    • Ensure content is SEO, keyword-loaded, and add calls-to-action (CTAs).
    • Add reason to believe, data to support, and proof points.
    • Address the buyers' pain points in a unique way.

    Avoid

    • Focusing on product features and on selling.
    • Publishing generic content.
    • Using an overly corporate tone.

    Promote personal branding

    Rely on your most powerful brand ambassadors and influencers: your employees.

    The strength of personal branding is amplified when individuals and companies collaborate to pursue personal branding initiatives that offer mutual benefits. By training and positioning key employees as brand ambassadors and industry influencers, brands can boost their brand awareness through influencer marketing strategies.

    Personal branding, when well aligned with business goals, helps brands leverage their key employee's brands to:

    • Increase the organization's brand awareness.
    • Broaden their reach and circle of influence.
    • Show value, gain credibility, and build trust.
    • Stand out from the competition.
    • Build employee loyalty and pride.
    • Become a reference to other businesses.
    • Increase speaking opportunities.
    • Boost qualified leads and sales.

    About 90% of organizations' employee network tends to be completely new to the brand.
    Source: Everyone Social

    8X more engagement comes from social media content shared by employees rather than brand accounts.
    Source: Entrepreneur

    561% more reach when brand messages are shared by employees on social media, than the same message shared by the Brand's social media.
    Source: Entrepreneur

    "Personal branding is the art of becoming knowable, likable and trustable."
    Source: Founder Jar, John Jantsch

    Invest in B2B influencer marketing

    Broaden your reach and audiences by leveraging the voice of influencers.

    Influencers are trusted industry experts and analysts who buyers can count on to provide reliable information when looking to make a purchase.

    Influencer marketing can be very effective to reach new audiences, increase awareness, and build trust. But finding the right influencers with the level of credibility and visibility brands are expecting can sometimes be challenging.

    Search for influencers that have:

    • Relevance of audience and size.
    • Industry expertise and credibility.
    • Ability to create meaningful content (written, video, audio).
    • Charismatic personality with values consistent with the brand.
    • Frequent publications on at least one leading media platform.

    76% of people say that they trust content shared by people over a brand.
    Source: Adweek


    44% increased media mention of the brand using B2B influencer marketers.
    Source: TopRank Marketing

    Turn your customers into brand advocates

    Establish customer advocacy programs and deliver a great customer experience.

    Retain your customers and turn them into brand advocates by building trust, providing an exceptional experience, and most importantly, continuously delivering on the brand promise.

    Implement a strong customer advocacy program, based on personalized experiences, the value provided, and mutual exchange, and reap the benefits of developing and growing long-term relationships.

    92% of individuals trust word-of-mouth recommendations, making it one of the most trust-rich forms of advertising.
    Source: SocialToaster

    Word-of-mouth (advocacy) marketing increases marketing effectiveness by 54%
    Source: SocialToaster

    Make your brand known and make it stick in people's minds

    Building and maintaining high brand awareness requires that each individual within the organization carry and deliver the brand message clearly and consistently across all media whether in person, in written communications, or otherwise.

    To achieve this, brand leaders must first develop a powerful, researched narrative that people will embrace and convey, which requires careful preparation.

    Target market and audience intel

    • Target market Intel
    • Buyer persona and journey/pain points
    • Uniqueness and positioning

    Brand attributes

    • Values at the heart of the relationship
    • Brand's human attributes

    Brand visibly and recall

    • Digital and social media presence
    • Thought leadership
    • Personal branding
    • Influencer marketing

    Brand awareness building plan

    • Long-term awareness and multi-touchpoint approach
    • Monitoring and optimization

    Short and long-term benefits of increasing brand awareness

    Brands are built over the long term but the rewards are high.

    • Stronger brand perception
    • Improved engagement and brand associations
    • Enhanced credibility, reputation, and trust
    • Better connection with customers
    • Increased repeat business
    • High-quality leads
    • Higher and faster conversion rate
    • More sales closed/ deals won
    • Greater brand equity
    • Accelerated growth

    "Strong brands outperform their less recognizable competitors by as much as 73%."
    Source: McKinsey

    Brand awareness building

    Building brand awareness, even though immediate benefits are often difficult to see and measure, is essential for companies to stand out from their competitors and continue to grow in a sustainable way.

    To successfully raise awareness, brands need to have:

    • A longer-term vision and strategy.
    • Market Intelligence, a clear value proposition, and key differentiator.
    • Consistent, well-aligned messaging and storytelling.
    • Digital presence and content.
    • The ability to reach out through multiple touchpoints.
    • Necessary resources.

    Without brand awareness, brands become less attractive to buyers, talent, and investors, and their ability to grow, increase their market value, and be sustainable is reduced.

    Brand awareness building methodology

    Define brands' personality and message

    • Gather market intel and analyze the market.
    • Determine the value proposition and positioning.
    • Define the brand archetype and voice.
    • Craft a compelling brand message and story.
    • Get all the key elements of your brand guidelines.

    Start building brand awareness

    • Achieve strategy alignment and readiness.
    • Create and manage assets.
    • Deploy your tactics, assets, and workflows.
    • Establish key performance indicators (KPIs).
    • Monitor and optimize on an ongoing basis.

    Toolkit

    • Market and Influencing Factors Analysis
    • Recognition Survey and Best Practices
    • Buyer Personas and Journeys
    • Purpose, Mission, Vision, Values
    • Value Proposition and Positioning
    • Brand Message, Voice, and Writing Style
    • Brand Strategy and Tactics
    • Asset Creation and Management
    • Strategy Rollout Plan

    Short and long-term benefits of increasing brand awareness

    Increase:

    • Brand perception
    • Brand associations and engagement
    • Credibility, reputation, and trust
    • Connection with customers
    • Repeat business
    • Quality leads
    • Conversion rate
    • Sales closed / deals won
    • Brand equity and growth

    It typically takes 5-7 brand interactions before a buyer remembers the brand.
    Source: Startup Bonsai

    Who benefits from this brand awareness research?

    This research is being designed for:
    Brand and marketing leaders who:

    • Know that brand awareness is essential to the success of all marketing and sales activities.
    • Want to make their brand unique, recognizable, meaningful, and highly visible.
    • Seek to increase their digital presence, connect and engage with their target audience.
    • Are looking at reaching a new segment of the market.

    This research will also assist:

    • Sales with qualified lead generation and customer retention and loyalty.
    • Human Resources in their efforts to attract and retain talent.
    • The overall business with growth and increased market value.

    This research will help you:

    • Gain market intelligence and a clear understanding of the target audience's needs and trends, competitive advantage, and key differentiator.
    • The ability to develop clear and compelling, human-centric messaging and compelling story driven by brand values.
    • Increase online presence and brand awareness activities to attract and engage with buyers.
    • Develop a long-term brand awareness strategy and deployment plan.

    This research will help them:

    • Increase campaign ROI.
    • Develop a longer-term vision and benefits of investing in longer-term initiatives.
    • Build brand equity and increase business valuation.
    • Grow your business in a more sustainable way.

    SoftwareReviews' brand awareness building methodology

    Phase 1 Define brands' personality and message

    Phase 2 Start building brand awareness

    Phase steps

    1.1 Gather market intelligence and analyze the market.

    1.2 Develop and document the buyer's persona and journey.

    1.3 Uncover the brand mission, vision statement, core values, value proposition and positioning.

    1.4 Define the brand's archetype and tone of voice, then craft a compelling brand messaging.

    2.1 Achieve strategy alignment and readiness.

    2.2 Create assets and workflows and deploy tactics.

    2.3 Establish key performance indicators (KPIs), monitor, and optimize on an ongoing basis.

    Phase outcomes

    • Target market and audience are identified and documented.
    • A clear value proposition and positioning are determined.
    • The brand personality, voice, and messaging are developed.
    • All the key elements of the brand guidelines are in place and ready to use, along with the existing logo, typography, color palette, and imagery.
    • A comprehensive and actionable brand awareness strategy, with tactics, KPIs, and metrics, is set and ready to execute.
    • A progressive and effective deployment plan with deliverables, timelines, workflows, and checklists is in place.
    • Resources are assigned.

    Insight summary

    Brands to adapt their strategies to achieve longer-term growth
    Brands must adapt and adjust their strategies to attract informed buyers who have access to a wealth of products, services, and brands from all over. Building brand awareness, even though immediate benefits are often difficult to see and measure, has become essential for companies that want to stand out from their competitors and continue to grow in a sustainable way.

    A more human-centric approach
    Brand personalities matter. Brands placing human values at the heart of the customer-brand relationship will drive interest in their brand and build trust with their target audience.

    Stand out from the crowd
    Brands that develop and promote a clear and consistent message across all platforms and channels, along with a unique value proposition, stand out from their competitors and get noticed.

    A multi-touchpoints strategy
    Engage buyers with relevant content across multiple media to address their pain points. Analyze touchpoints to determine where to invest your efforts.

    Going social
    Buyers expect brands to be active and responsive in their interactions with their audience. To build awareness, brands are expected to develop a strong presence on social media by regularly posting relevant content, engaging with their followers and influencers, and using paid advertising. They also need to establish thought leadership through content such as white papers, case studies, and webinars.

    Thought leaders wanted
    To enhance their overall brand awareness strategy, organizations should consider developing the personal brand of key executives. Thought leadership can be a valuable method to gain credibility, build trust, and drive conversion. By establishing thought leadership, businesses can increase brand mentions, social engagement, website traffic, lead generation, return on investment (ROI), and Net Promoter Score (NPS).

    Save time and money with SoftwareReviews' branding advice

    Collaborating with SoftwareReviews analysts for inquiries not only provides valuable advice but also leads to substantial cost savings during branding activities, particularly when partnering with an agency.

    Guided Implementation Purpose Measured Value
    Build brands' personality and message Get the key elements of the brand guidelines in place and ready to use, along with your existing logo, typography, color palette, and imagery, to ensure consistency and clarity across all brand touchpoints from internal communication to customer-facing materials. Working with SoftwareReviews analysts to develop brand guidelines saves costs compared to hiring an agency.

    Example: Building the guidelines with an agency will take more or less the same amount of time and cost approximately $80K.

    Start building brand awareness Achieve strategy alignment and readiness, then deploy tactics, assets, and other deliverables. Start building brand awareness and reap the immediate and long-term benefits.

    Working with SoftwareReviews analysts and your team to develop a long-term brand strategy and deployment will cost you less than a fraction of the cost of using an agency.

    Example: Developing and executing long-term brand awareness strategies with an agency will cost between $50-$75K/month over a 24-month period minimum.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Build brands' personality and message

    Phase 2

    Start building brand awareness

    • Call #1: Discuss concept and benefits of building brand awareness. Identify key stakeholders. Anticipate concerns and objections.
    • Call #2: Discuss target market intelligence, information gathering, and analysis.
    • Call #3: Review market intelligence information. Address questions or concerns.
    • Call #4: Discuss value proposition and guide to find positioning and key differentiator.
    • Call #5: Review value proposition. Address questions or concerns.
    • Call #6: Discuss how to build a comprehensive brand awareness strategy using SR guidelines and template.
    • Call #7: Review strategy. Address questions or concerns.
    • Call #8: Second review of the strategy. Address questions or concerns.
    • Call #9 (optional): Third review of the strategy. Address questions or concerns.
    • Call #10: Discuss how to build the Execution Plan using SR template.
    • Call #11: Review Execution Plan. Address questions or concerns.
    • Call #12: Second review of the Execution Plan. Address questions or concerns.
    • Call #13 (optional): Third review of the Execution Plan. Address questions or concerns.
    • Call #14: Discuss how to build a compelling storytelling and content creation.
    • Call #15: Discuss website and social media platforms and other initiatives.
    • Call #16: Discuss marketing automation and continuous monitoring.
    • Call #17 (optional): Discuss optimization and reporting
    • Call #18: Debrief and determine how we can help with next steps.

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    Brand awareness building tools

    Each step of this blueprint comes with tools to help you build brand awareness.

    Brand Awareness Tool Kit

    This kit includes a comprehensive set of tools to help you better understand your target market and buyers, define your brand's personality and message, and develop an actionable brand awareness strategy, workflows, and rollout plan.

    The set includes these templates:
    • Market and Influencing Factors Analysis
    • Recognition Survey and Best Practices
    • Buyer Personas and Journeys
    • Purpose, Mission, Vision, and Values
    • Value Proposition and Positioning
    • Brand Message, Voice, and Writing Style
    • Brand Strategy and Tactics
    • Asset Creation and Management
    • Strategy Rollout Plan
    An image of a series of screenshots from the templates listed in the column to the left of this image.

    Get started!

    Know your target market and audience, deploy well-designed strategies based on shared values, and make meaningful connections with people.

    Phase 1

    Define brands' personality and message

    Phase 2

    Start building brand awareness

    Phase 1

    Define brands' personality and message

    Steps

    1.1 Gather market intelligence and analyze the market.
    1.2 Develop and document the buyer's persona and journey.
    1.3 Uncover the brand mission, vision statement, core values, positioning, and value proposition.
    1.4 Define the brand's archetype and tone of voice, then craft a compelling brand messaging.

    Phase outcome

    • Target market and audience are identified and documented.
    • A clear value proposition and positioning are determined.
    • The brand personality, voice, and messaging are developed.
    • All the key elements of the brand guidelines are in place. and ready to use, along with the existing logo, typography, color palette, and imagery..

    Build brands' personality and message

    Step 1.1 Gather market intelligence and analyze the market.

    Total duration: 2.5-8 hours

    Objective

    Analyze and document your competitive landscape, assess your strengths, weaknesses, opportunities,
    and threats, gauge the buyers' familiarity with your brand, and identify the forces of influence.

    Output

    This exercise will allow you to understand your market and is essential to developing your value proposition.

    Participants

    • Head of branding and key stakeholders

    MarTech
    May require you to:

    • Register to a Survey Platform.
    • Use, setup, or install platforms like CRM and/or Marketing Automation Platform.

    Tools

    1.1.1 SWOT and competitive landscape

    (60-120 min.)

    Analyze & Document

    Follow the instructions in the Market Analysis Template to complete the SWOT and Competitive Analysis, slides 4 to 7.

    1.1.3 Internal and External Factors

    (30-60 min.)

    Analyze

    Follow the instructions in the External and Internal Factors Analysis Template to perform the PESTLE, Porter's 5 Forces, and Internal Factors and VRIO Analysis.

    Transfer

    Transfer key information into slides 10 and 11 of the Market Analysis Template.

    Consult SoftwareReviews website to find the best survey and MarTech platforms or contact one of our analysts for more personalized assistance and guidance

    1.1.2 Brand recognition

    (60-300 min.)

    Prep

    Adapt the survey and interview questions in the Brand Recognition Survey Questionnaire and List Template.

    Determine how you will proceed to conduct the survey and interviews (internal or external resources, and tools).

    Refer to the Survey Emails Best Practices Guidelines for more information on how to conduct email surveys.

    Collect & Analyze

    Use the Brand Recognition Survey Questionnaire and List Template to build your list, conduct the survey /interviews, and collect and analyze the feedback received.

    Transfer

    Transfer key information into slides 8 and 9 of the Market Analysis Template.

    Brand performance diagnostic

    Have you considered diagnosing your brand's current performance before you begin building brand awareness?

    Audit your brand using the Diagnose Brand Health to Improve Business Growth blueprint.Collect and interpret qualitative and quantitative brand performance measures.

    The toolkit includes the following templates:

    • Surveys and interviews questions and lists
    • External and internal factor analysis
    • Digital and financial metrics analysis

    Also included is an executive presentation template to communicate the results to key stakeholders and recommendations to fix the uncovered issues.

    Build brands' personality and message

    Step 1.2 Develop and document the buyer's persona and journey.

    Total duration: 4-8 hours

    Objective

    Gather existing and desired customer insights and conduct market research to define and personify your buyers' personas and their buying behaviors.

    Output

    Provide people in your organization with clear direction on who your target buyers are and guidance on how to effectively reach and engage with them throughout their journey.
    Participants

    • Head of branding
    • Key stakeholders from sales and product marketing

    MarTech
    May require you to:

    • Register to an Online Survey Platform (free version or subscription).
    • Use, setup, or installation of platforms like CRM and/or Marketing Automation Platform.

    Tools

    1.2.1 Buyer Personas and Journeys

    (240-280 min.)

    Research

    Identify your tier 1 to 3 customers using the Ideal Client Profile (ICP) Workbook. (Recommended)

    Survey and interview existing and desired customers based using the Buyer Persona and Journey Interview Guide and Data Capture Tool. (Recommended)

    Create

    Define and document your tier 1 to 3 Buyer Personas and Journeys using the Buyer Personas and Journeys Presentation Template.

    Consult SoftwareReviews website to find the best survey platform for your needs or contact one of our analysts for more personalized assistance and guidance

    Buyer Personas and Journeys

    A well-defined buyer persona and journey is a great way for brands to ensure they are effectively reaching and engaging their ideal buyers through a personalized buying experience.

    When properly documented, it provides valuable insights about the ideal customers, their needs, challenges, and buying decision processes allowing the development of initiatives that correspond to the target buyers.

    Build brands' personality and message

    Step 1.3 Uncover the brand mission, vision statement, core values, value proposition, and positioning.

    Total duration: 4-5.5 hours

    Objective
    Define the "raison d'être" and fundamental principles of your brand, your positioning in the marketplace, and your unique competitive advantage.

    Output
    Allows everyone in an organization to understand and align with the brand's raison d'être beyond the financial dimension, its current positioning and objectives, and how it intends to achieve them.
    It also serves to communicate a clear and appealing value proposition to buyers.

    Participants

    • Head of branding
    • Chief Executive Officer (CEO)
    • Key stakeholders

    Tools

    • Brand Purpose, Mission, Vision, and Values Template
    • Value Proposition and Positioning Statement Template

    1.3.1 Brand Purpose, Mission, Vision, and Values

    (90-120 min.)

    Capture or Develop

    Capture or develop, if not already existing, your brand's purpose, mission, vision statement, and core values using slides 4 to 7 of the Brand Purpose, Mission, Vision, and Values Template.

    1.3.2 Brand Value Proposition and Positioning

    (150-210 min.)

    Define

    Map the brand value proposition using the canvas on slide 5 of the Value Proposition and Positioning Statement Template, and clearly articulate your value proposition statement on slide 4.

    Optional: Use canvas on slide 7 to develop product-specific product value propositions.

    On slide 8 of the same template, develop your brand positioning statement.

    Build brands' personality and message

    Steps 1.4 Define the brand's archetype and tone of voice, and craft a compelling brand messaging.

    Total duration: 5-8 hours

    Objective

    Define your unique brand voice and develop a set of guidelines, brand story, and messaging to ensure consistency across your digital and non-digital marketing and communication assets.
    Output

    A documented brand personality and voice, as well as brand story and message, will allow anyone producing content or communicating on behalf of your brand to do it using a unique and recognizable voice, and convey the right message.

    Participants

    • Head of branding
    • Content specialist
    • Chief Executive Officer and other key stakeholders

    Tools

    • Brand Voice Guidelines Template
    • Writing Style Guide Template
    • Brand Messaging Template
    • Writer Checklist Template

    1.4.1 Brand Archetype and Tone of Voice

    (120-240 min.)

    Define and document

    Refer to slides 5 and 6 of the Brand Voice Guidelines Template to define your brand personality (archetype), slide 7.

    Use the Brand Voice Guidelines Template to define your brand tone of voice and characteristics on slides 8 and 9, based on the 4 primary tone of voice dimensions, and develop your brand voice chart, slide 9.

    Set Rules

    In the Writing Style Guide template, outline your brand's writing principles, style, grammar, punctuation, and number rules.

    1.4.2 Brand Messaging

    (180-240 min.)

    Craft

    Use the Brand Messaging template, slides 4 to 7, to craft your brand story and message.

    Audit

    Create a content audit to review and approve content to be created prior to publication, using the Writer's Checklist template.

    Important Tip!

    A consistent brand voice leads to remembering and trusting the brand. It should stand out from the competitors' voices and be meaningful to the target audience. Once the brand voice is set, avoid changing it.

    Phase 2

    Start building brand awareness

    Steps

    2.1 Achieve strategy alignment and readiness.
    2.2 Create assets and workflows, and deploy tactics.
    2.3 Establish key performance indicators (KPIs), monitor, and optimize on an ongoing basis.

    Phase outcome

    • A comprehensive and actionable brand awareness strategy, with tactics, KPIs, and metrics, is set and ready to execute.
    • A progressive and effective deployment plan with deliverables, timelines, workflows, and checklists is in place.
    • Resources are assigned.

    Start building brand awareness

    Step 2.1 Achieve strategy readiness and alignment.

    Total duration: 4-5 hours

    Objective

    Now that you have all the key elements of your brand guidelines in place, in addition to your existing logo, typography, color palette, and imagery, you can begin to build brand awareness.

    Start planning to build brand awareness by developing a comprehensive and actionable brand awareness strategy with tactics that align with the company's purpose and objectives. The strategy should include achievable goals and measurables, budget and staffing considerations, and a good workload assessment.

    Output

    A comprehensive long-term, actionable brand awareness strategy with KPIs and measurables.

    Participants

    • Head of branding
    • Key stakeholders

    Tools

    • Brand Awareness Strategy and Tactics Template

    2.1.1 Brand Awareness Analysis

    (60-120 min.)

    Identify

    In slide 5 of the Brand Awareness Strategy and Tactics Template, identify your top three brand awareness drivers, opportunities, inhibitors, and risks to help you establish your strategic objectives in building brand awareness.

    2.1.2 Brand Awareness Strategy

    (60-120 min.)

    Elaborate

    Use slides 6 to 10 of the Brand Awareness Strategy and Tactics Template to elaborate on your strategy goals, key issues, and tactics to begin or continue building brand awareness.

    2.1.3 Brand Awareness KPIs and Metrics

    (180-240 min.)

    Set

    Set the strategy performance metrics and KPIs on slide 11 of the Brand Awareness Strategy and Tactics Template.

    Monitor

    Once you start executing the strategy, monitor and report each quarter using slides 13 to 15 of the same document.

    Understanding the difference between strategies and tactics

    Strategies and tactics can easily be confused, but although they may seem similar at times, they are in fact quite different.

    Strategies and tactics are complementary.

    A strategy is a plan to achieve specific goals, while a tactic is a concrete action or set of actions used to implement that strategy.

    To be effective, brand awareness strategies should be well thought-out, carefully planned, and supported by a series of tactics to achieve the expected outcomes.

    Start building brand awareness

    Step 2.2 Create assets and workflows and deploy tactics.

    Total duration: 3.5-4.5 hours

    Objective

    Build a long-term rollout with deliverables, milestones, timelines, workflows, and checklists. Assign resources and proceed to the ongoing development of assets. Implement, manage, and continuously communicate the strategy and results to key stakeholders.

    Output

    Progressive and effective development and deployment of the brand awareness-building strategy and tactics.

    Participants

    • Head of branding

    Tools

    • Asset Creation and Management List
    • Campaign Workflows Template
    • Brand Awareness Strategy Rollout Plan Template

    2.2.1 Assets Creation List

    (60-120 min.)

    Inventory

    Inventory existing assets to create the Asset Creation and Management List.

    Assign

    Assign the persons responsible, accountable, consulted, and informed of the development of each asset, using the RACI model in the template. Ensure you identify and collaborate with the right stakeholders.

    Prioritize

    Prioritize and add release dates.

    Communicate

    Update status and communicate regularly. Make the list with links to the assets available to the extended team to consult as needed.

    2.2.2 Rollout Plan

    (60-120 min.)

    Inventory

    Map out your strategy deployment in the Brand Awareness Strategy Rollout Plan Template and workflow in the Campaign Workflow Template.

    Assign

    Assign the persons responsible, accountable, consulted, and informed for each tactic, using the RACI model in the template. Ensure you identify and collaborate with the right stakeholders.

    Prioritize

    Prioritize and adjust the timeline accordingly.

    Communicate

    Update status and communicate regularly. Make the list with links to the assets available to the extended team to consult as needed.

    Band Awareness Strategy Rollout Plan
    A strategy rollout plan typically includes the following:

    • Identifying a cross-functional team and resources to develop the assets and deploy the tactics.
    • Listing the various assets to create and manage.
    • A timeline with key milestones, deadlines, and release dates.
    • A communication plan to keep stakeholders informed and aligned with the strategy and tactics.
    • Ongoing performance monitoring.
    • Constant adjustments and improvements to the strategy based on data collected and feedback received.

    Start building brand awareness

    Step 2.3 Establish key performance indicators (KPIs), monitor, and optimize on an ongoing basis.

    Total duration: 3.5-4.5 hours

    Objective

    Brand awareness is built over a long period of time and must be continuously monitored in several ways. Measuring and monitoring the effectiveness of your brand awareness activities will allow you to constantly adjust your tactics and continue to build awareness.

    Output

    This step will provide you with a snapshot of your current level of brand awareness and interactions with the brand, and allow you to set up the tools for ongoing monitoring and optimization.

    Participants

    • Head of branding
    • Digital marketing manager

    MarTech
    May require you to:

    • Register to an Online Survey Platform(free version or subscription), or
    • Use, setup, or installation of platforms like CRM and/or Marketing Automation Platform.
    • Use Google Analytics or other tracking tools.
    • Use social media and campaign management tools.

    Tools

    • Brand Awareness Strategy and Tactics Template

    2.2.2 Rollout Plan

    (60-120 min.)

    Measure

    Monitor and record the strategy performance metrics in slides 12 to 15 of the Brand Awareness Strategy and Tactics template, and gauge its performance against preset KPIs in slide 11. Make ongoing improvements to the strategy and assets.

    Communicate

    The same slides in which you monitor strategy performance can be used to report on the results of the current strategy to key stakeholders on a monthly or quarterly basis, as appropriate.

    Take this opportunity to inform stakeholders of any adjustments you plan to make to the existing plan to improve its performance. Since brand awareness is built over time, be sure to evaluate the results based on how long the strategy has been in place before making major changes.

    Consult SoftwareReviews website to find the best survey, brand monitoring and feedback, and MarTech platforms, or contact one of our analysts for more personalized assistance and guidance

    Measuring brand strategy performance
    There are two ways to measure and monitor your brand's performance on an ongoing basis.

    • By registering to brand monitoring and feedback platforms and tools like Meltwater, Hootsuite, Insights, Brand24, Qualtrics, and Wooltric.
    • Manually, using native analytics built in the platforms you're already using, such as Google and Social Media Analytics, or by gathering customer feedback through surveys, or calculating CAC, ROI, and more in spreadsheets.

    SoftwareReviews can help you choose the right platform for your need. We also equip you with manual tools, available with the Diagnose Brand Health to Improve Business Growthblueprint to measure:

    • Surveys and interviews questions and lists.
    • External and internal factor analysis.
    • Digital and financial metrics analysis.
    • Executive presentation to report on performance.

    Related SoftwareReviews research

    An image of the title page for SoftwareReviews Create a Buyer Persona and Journey. An image of the title page for SoftwareReviews Diagnose Brand Health to Improve Business Growth.

    Create a Buyer Persona and Journey

    Get deeper buyer understanding and achieve product-market fit, with easier access to market and sales

    • Reduce time and resources wasted chasing the wrong prospects.
    • Increase open and click-through rates.
    • Perform more effective sales discovery.
    • Increase win rate.

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix them.

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Bibliography

    Aaker, David. "Managing Brand Equity." Simon & Schuster, 1991.
    "6 Factors for Brands to Consider While Designing Their Communication." Lokus Design, 23 Sept. 2022.
    "20 Advocacy Marketing Statistics You Need to Know." Social Toaster, n.d.
    Bazilian, Emma. "How Millennials and Baby Boomers Consume User-Generated Content And what brands can learn from their preferences." Adweek, January 2, 2017.
    B2B International, a Gyro: company, B2B Blog - Why Human-To-Human Marketing Is the Next Big Trend in a Tech-Obsessed World.
    B2B International, a Gyro: company, The State of B2B Survey 2019 - Winning with Emotions: How to Become Your Customer's First Choice.
    Belyh, Anastasia. "Brand Ambassador 101:Turn Your Personal Brand into Cash." Founder Jar, December 6, 2022.
    Brand Master Academy.com.
    Businesswire, a Berkshire Hathaway Company, "Stackla Survey Reveals Disconnect Between the Content Consumers Want & What Marketers Deliver." February 20, 2019.
    Chamat, Ramzi. "Visual Design: Why First Impressions Matter." 8 Ways, June 5, 2019.
    Cognism. "21 Tips for Building a LinkedIn Personal Brand (in B2B SaaS)."
    Curleigh, James. "How to Enhance and Expand a Global Brand." TED.
    "2019 Edelman Trust Barometer." Edelman.
    Erskine, Ryan. "22 Statistics That Prove the Value of Personal Branding." Entrepreneur, September 13, 2016.
    Forbes, Steve. "Branding for Franchise Success: How To Achieve And Maintain Brand Consistency Across A Franchise Network?" Forbes, 9 Feb. 2020.
    Godin, Seth. "Define: Brand." Seth's Blog, 30 Dec. 2009,
    Houragan, Stephen. "Learn Brand Strategy in 7 Minutes (2023 Crash Course)." YouTube.
    Jallad, Revecka. "To Convert More Customers, Focus on Brand Awareness." Forbes, October 22, 2019.
    Kingsbury, Joe, et al. "2021 B2B Thought Leadership Impact Study." Edelman, 2021.
    Kunsman, Todd. "The Anatomy of an Employee Influencer." EveryoneSocial, September 8, 2022.
    Landor, Walter. A Brand New World: The Fortune Guide to the 21st Century. Time Warner Books, 1999.
    Liedke, Lindsay. "37+ Branding Statistics For 2023: Stats, Facts & Trends." Startup Bonsai, January 2, 2023.
    Millman, Debbie. "How Symbols and Brands Shape our Humanity." TED, 2019.
    Nenova, Velina. "21 Eye-Opening B2B Marketing Statistics to Know in 2023." Techjury, February 9, 2023.
    Perrey, Jesko et al., "The brand is back: Staying relevant in an accelerating age." McKinsey & Company, May 1, 2015.
    Schaub, Kathleen. "Social Buying Meets Social Selling: How Trusted Networks Improve the Purchase Experience." LinkedIn Business, April 2014.
    Sopadjieva, Emma et al. "A Study of 46,000 Shoppers Shows That Omnichannel Retailing Works." Harvard Business Review, January 3, 2017.
    Shaun. "B2B Brand Awareness: The Complete Guide 2023." B2B House. 2023.
    TopRank Marketing, "2020 State of B2B Influencer Marketing Research Report." Influencer Marketing Report.

    Build Your IT Cost Optimization Roadmap

    • Buy Link or Shortcode: {j2store}72|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $57,297 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Cost optimization is misunderstood and inadequately tackled. IT departments face:

    • Top-down budget cuts within a narrow time frame
    • Absence of adequate governance: financial, project, data, etc.
    • Long-standing bureaucratic practices slowing down progress
    • Short-term thinking

    Our Advice

    Critical Insight

    Cost optimization is not just about reducing costs. In fact, you should aim to achieve three objectives:

    • Reduce your unwarranted IT spending.
    • Optimize your cost-to-value.
    • Sustain your cost optimization.

    Impact and Result

    • Follow Info-Tech’s approach to develop a 12-month cost optimization roadmap.
    • Develop an IT cost optimization strategy based on your specific circumstances and timeline.
    • Info-Tech’s methodology helps you maintain sustainable cost optimization across IT by focusing on four levers: assets, vendors, project portfolio, and workforce.

    Build Your IT Cost Optimization Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT Cost Optimization Roadmap Deck – A step-by-step methodology to achieve sustainable cost optimization and effectively communicate your strategy to stakeholders.

    This blueprint will help you understand your IT cost optimization mandate, identify your journey, assess your IT spend across four levers, develop your IT cost optimization roadmap, and craft a related communication strategy.

    • Build Your IT Cost Optimization Roadmap – Phases 1-4

    2. IT Cost Optimization Workbook – A structured tool to help you document your IT cost optimization goals and outline related initiatives to develop an effective 12-month roadmap.

    This tool guides an IT department in planning and prioritization activities to build an effective IT cost optimization strategy. The outputs include visual charts and a 12-month roadmap to showcase the implementation timelines and potential cost savings.

    • IT Cost Optimization Workbook

    3. IT Cost Optimization Roadmap Samples and Templates – A proactive journey template to help you communicate your IT cost optimization strategy to stakeholders in a clear, concise, and compelling manner.

    This presentation template uses sample data from "Acme Corp" to demonstrate an IT cost optimization strategy following a proactive journey. Use this template to document your final IT cost optimization strategy outputs, including the adopted journey, IT cost optimization goals, related key initiatives, potential cost savings, timelines, and 12-month roadmap.

    • IT Cost Optimization Roadmap Samples and Templates

    Infographic

    Workshop: Build Your IT Cost Optimization Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Mandate & Objectives

    The Purpose

    Determine your organization’s current context and its cost optimization objectives, IT’s corresponding cost optimization journey, and goals.

    Key Benefits Achieved

    A business-aligned set of specific IT cost optimization goals.

    Activities

    1.1 Understand your organization’s cost optimization objectives and how this impacts IT.

    1.2 Review potential cost optimization target areas based on your ITFM Benchmarking Report.

    1.3 Identify factors constraining cost optimization options.

    1.4 Set concrete IT cost optimization goals.

    1.5 Identify inputs required for decision making.

    Outputs

    IT cost optimization journey and guiding principles for making corresponding decisions

    2 Outline Initiatives for Vendors & Assets

    The Purpose

    Create a longlist of potential cost optimization initiatives focused on two cost optimization levers: assets and vendors.

    Key Benefits Achieved

    A comprehensive list of potential asset- and vendor-focused initiatives including cost savings estimates.

    Activities

    2.1 Identify a longlist of possible initiatives around asset lifecycle management, investment deferral, repurposing, etc., and vendor contract renegotiation, cancelation, etc.

    2.2 Estimate the cost savings of cost optimization initiatives.

    Outputs

    Longlist of potential vendor management and asset optimization IT cost optimization initiatives

    3 Outline Initiatives for Projects & Workforce

    The Purpose

    Create a longlist of potential cost optimization initiatives focused on two cost optimization levers: project portfolio and workforce.

    Key Benefits Achieved

    A comprehensive list of potential initiatives focused on project portfolio and workforce including cost savings estimates.

    Activities

    3.1 Identify a longlist of possible initiatives around project priorities, project backlog reduction, project intake restructuring, etc., and workforce productivity, skills, redeployment, etc.

    3.2 Estimate the cost savings of cost optimization initiatives.

    Outputs

    Longlist of possible cost optimization initiatives and their potential cost savings for project portfolio and workforce levers.

    4 Build an IT Cost Optimization Roadmap

    The Purpose

    Develop a visual IT cost optimization roadmap.

    Key Benefits Achieved

    A prioritized, business-aligned IT cost optimization roadmap

    Activities

    4.1 Assess feasibility of each initiative (effort and risk profile) given cost optimization goals.

    4.2 Prioritize cost optimization initiatives to create a final shortlist.

    4.3 Fine-tune key information about your final cost optimization initiatives and develop a cost optimization roadmap for proposal.

    Outputs

    Prioritized list of key cost optimization initiatives, descriptions, estimated impact, and roadmap.

    5 Communicate & Execute

    The Purpose

    Develop a communication plan and executive presentation.

    Key Benefits Achieved

    A boardroom-ready set of communication materials for gaining buy-in and support for your IT cost optimization roadmap.

    Activities

    5.1 Outline components of a communication plan, including approvers, stakeholders, and governance and management mechanisms to be used.

    5.2 Create an executive presentation.

    5.3 Set up review time for workshop deliverables and post-workshop activities.

    Outputs

    IT cost optimization communication plan and presentation strategy.

    IT Cost Optimization Executive Presentation

    Further reading

    Build Your IT Cost Optimization Roadmap

    Improve cost-to-value in a sustainable manner.

    Analyst Perspective

    Optimize your cost sustainably.

    Whether the industry is in an economic downturn, or your business is facing headwinds in the market, pressure to reduce spending across organizations is inevitable. When it comes to the IT organization, it is often handled as a onetime event. Cost optimization is an industry standard term, but it usually translates into cost cutting. How do you manage this challenge given the day-to-day demands placed on IT? Do you apply cost reduction equally across the IT landscape, or do you apply reductions using a targeted approach? How do you balance the business demands regarding innovation with keeping the lights on? What is the best path forward?

    While the situation isn't unique, all too often the IT organization response is too shortsighted.

    By using the Info-Tech methodology and tools, you will be able to develop an IT cost optimization roadmap based on your specific circumstances and timeline.

    A well-thought-out strategy should help you achieve three objectives:

    1. Reduce your unwarranted IT spending.
    2. Optimize your cost-to-value.
    3. Sustain your cost optimization.

    This blueprint will guide you to understand your mandate, identify your cost optimization journey (reactive, proactive, or strategic), and assess your IT spend across four levers (assets, vendors, project portfolio, and workforce).

    Finally, keep in mind that cost optimization is not a project to be completed, but an ongoing process to be exercised.

    Bilal Alberto Saab, Research Director, IT Financial Management

    Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    Cost optimization is misunderstood and inadequately tackled Common obstacles Follow Info-Tech's approach to develop a 12-month cost optimization roadmap
    • Top-down budget cut within a narrow time frame.
    • Absence of adequate governance: financial, project, data, etc.
    • Long-standing bureaucratic practices slowing down progress.
    • Short-term thinking.
    • Lack of alignment and collaboration among stakeholders: communication and relationships.
    • Absence of a clear plan and adequate process.
    • Lack of knowledge, expertise, and skill set.
    • Inadequate funding and no financial transparency.
    • Poor change management practices.

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Info-Tech's methodology helps you maintain sustainable cost optimization across IT by focusing on four levers:

    1. Assets
    2. Vendors
    3. Project Portfolio
    4. Workforce

    Info-Tech Insight
    Cost optimization is not just about reducing costs. In fact, you should aim to achieve three objectives: (1) reduce your unwarranted IT spending, (2) optimize your cost-to-value, and (3) sustain your cost optimization.

    Your challenge

    IT leaders are often asked to cut costs.

    • Cost management is a long-term challenge. Businesses and IT departments look to have a flexible cost structure focused on maximizing business value while maintaining the ability to adapt to market pressure. However, businesses must also be able to respond to unexpected events.
    • In times of economic downturn, many CEOs and CFOs shift their thinking from growth to value protection. This can force a round of cost cutting across all departments focused on short-term, immediate, and measurable objectives.
    • Many IT departments are then faced with the challenge of meeting cost cutting targets. No one knows exactly how markets will behave, but the effects of rising inflation and increasing interest rates, for example, can manifest very quickly.

    When crisis hits, does IT's hard-won gains around being seen as a partner to the business suddenly disappear and IT becomes just a cost center all over again?

    In times of economic slowdown or downturn, the key challenge of IT leaders is to optimize costs without jeopardizing their strategic and innovative contribution.

    Common obstacles

    The 90% of the budget you keep is more important than the 10% of the budget you cut.

    • While the business responds to fluctuating economic conditions, IT must ensure that its budget remains fully aligned with business strategy and expected business value.
    • However, in the face of sudden pressures, a common tendency is to make quick decisions without fully considering their long-term implications.
    • Avoid costly mistakes with a proactive and strategic mindset. Put in place a well-communicated cost optimization strategy rather than hastily cutting back the biggest line items in your budget.

    How can IT optimize costs to achieve a corporate impact, but not cut so deep that the organization can't take advantage of opportunities to recover and thrive?

    Know how you will strategically optimize IT costs before you are forced to cut cost aggressively in a reactive fashion.

    What is cost optimization?

    It's not just about cutting costs

    • While cost optimization may involve cutting costs, it is more about making smart spend and investment decisions.
    • At its core, cost optimization is a strategic decision-making process that sets out to minimize waste and get the most value for money.
    • Cost optimization encompasses near-term, mid-term, and long-term objectives, all of which are related and build upon one another. It is an accumulative practice, not a onetime exercise.
    • A sound cost optimization practice is inherently flexible, sustainable, and consequence-oriented with the positive goal of generating net benefit for the organization over time.

    Change your mindset ...

    An Info-Tech survey of IT staff reveals that while most agree that cost optimization is an important IT process, nearly 20% fewer of them agree that it's being managed well.

    Chart of cost optimization

    Info-Tech IT Management & Governance Diagnostic, 2022.

    A starting point for cost optimization improvement is adjusting your frame of mind. Know that it's not just about making difficult cuts - in reality, it's a creative pursuit that's about thriving in all circumstances, not just surviving.

    Slow revenue growth expectations generate urgency

    Many IT organizations will be directed to trim costs during turbulent times.

    • Cost optimization implies continuous cost management, which entails long-term strategic initiatives (i.e. organizations and their IT departments seek flexible cost structures and practices focused on maximizing business value while maintaining the ability to adapt to changes in the broader economic environment). However, organizations must also be able to respond to unexpected events.
    • During times of turmoil – poor economic outlook expected to negatively impact an organization's bottom line – CEOs and CFOs think more about survival than growth, driving cost cutting across all departments to create short-term, immediate, and measurable financial benefits.
    • In such situations, many IT departments will be hard-pressed to meet cost cutting targets at short notice. If not planned correctly, with a tunnel vision focus instead of a strategic one, you can end up hurting yourself in the not-so-distant future.

    Build Your IT Cost Optimization Roadmap

    Insight summary

    Sustain an optimal cost-to-value ratio across four levers:

    1. Assets
    2. Vendors
    3. Project Portfolio
    4. Workforce

    Cost optimization is not just about reducing costs

    In fact, you should aim to achieve three objectives:
    (1) reduce your unwarranted IT spending, (2) optimize your cost-to-value, and (3) sustain your cost optimization.

    Reduce unwarranted IT spending

    Stop the bleeding or go for quick wins
    Start by reducing waste and bad spending habits while clearly communicating your intentions to your stakeholders – get buy-in.

    Optimize cost-to-value

    Value means tradeoffs
    Pursue value but know that it will lead you to make tradeoffs between cost, performance, and risk.

    Sustain cost optimization

    Think about tomorrow: reduce, reuse, recalibrate, and repeat
    Standardize and automate your cost optimization processes around a proper governance framework. Cost optimization is not a onetime exercise.

    Info-Tech's methodology for building your IT cost optimization roadmap

    Phase 1: Understand Your Mandate & Objectives

    Know where you stand and where you're going.

    Understand your cost optimization mandate within the context of your organization's situation and direction.

    Phase 2: Outline Your Initiatives

    Evaluate many, pick a few.

    Think of all possible cost optimization initiatives across the four optimization levers (Assets, Vendors, Project Portfolio, and Workforce), but only keep the ones that best help you fulfill your goals.

    Phase 3: Develop Your Roadmap

    Keep one eye on today and the other on tomorrow.

    Prioritize cost optimization initiatives that would help you achieve your near-term objectives first, but don't forget about the medium and long term.

    Phase 4: Communicate and Execute

    Communicate and collaborate - you are not a one-person show.

    Reach out to other business units where necessary. Your success relies on getting buy-in from various stakeholders, especially when cost optimization initiatives impact them in one way or another.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    IT Cost Optimization Roadmap Samples and Templates
    Templates including an abbreviated executive presentation and a final communication presentation based on a 12-month cost optimization roadmap.

    IT Cost Optimization Workbook
    A workbook generating a 12-month cost optimization roadmap.

    Measure the value of this blueprint

    Maintain an optimal IT cost-to-organization revenue ratio.

    This blueprint will guide you to set cost optimization goals across one to three main objectives, depending on your identified journey (reactive, proactive, or strategic):

    • Reduce unwarranted IT spending.
    • Optimize cost-to value.
    • Sustain cost optimization.

    In phase 1 of this blueprint, we will help you establish your goals to satisfy your organization's needs.

    In phase 3, we will help you develop a game plan and a roadmap for achieving those metrics.

    Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of undertaken measures.

    Cost Optimization Objective Key Success Metric
    Reduce unwarranted IT spending Decrease IT cost in identified key areas
    Optimize cost-to-value Decrease IT cost per IT employee
    Sustain cost optimization Decrease IT cost-to-organization revenue

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.
    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    • Identify cost optimization scope requirements, objectives, and your specific challenges.
    • Review and assess cost optimization goals and objectives.
    Call #2:

    Review potential cost optimization initiatives for assets and vendors levers.

    Call #3:

    Assess cost optimization initiatives' cost and feasibility - for assets and vendors levers.

    Call #4:

    Review potential cost optimization initiatives for project portfolio and workforce levers.

    Call #5:

    Assess cost optimization initiatives' cost and feasibility - for project portfolio and workforce levers.

    Call #6:
    • Identify final decision criteria for cost optimization prioritization.
    • Review prioritized cost optimization initiatives and roadmap outputs.
    Call #7:
    • Review the Cost Optimization Communication Plan and IT Cost Optimization Executive Presentation.
    • Discuss next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI will include multiple calls over the course of one to two months.

    IT cost analysis and optimization workshop overview

    Session 1 Session 2 Session 3 Session 4 Session 5
    Activities Understand Your Mandate and Objectives Outline Initiatives for Assets and Vendors Outline Initiatives for Projects and Workforce Develop an IT Cost Optimization Roadmap Communicate and Execute
    1.1 Understand your organization's cost optimization objectives and how this impacts IT.
    1.2 Review potential cost optimization target areas based on your IT financial management benchmarking report.
    1.3 Identify factors constraining cost optimization options.
    1.4 Set concrete IT cost optimization goals.
    1.5 Identify inputs required for decision making.
    2.1 Identify a longlist of possible initiatives around:
    1. Asset lifecycle management, investment deferral, repurposing, etc.
    2. Vendor contract renegotiation, cancelation, etc.
    2.2 Estimate the cost savings of cost optimization initiatives.
    3.1 Identify a longlist of possible initiatives around:
    1. Project priorities, project backlog reduction, project intake restructuring, etc.
    2. Workforce productivity, skills, redeployment, etc.
    3.2 Estimate the cost savings of cost optimization initiatives.
    4.1 Assess the feasibility of each initiative (effort and risk profile) given cost optimization goals.
    4.2 Prioritize cost optimization initiatives to create a final shortlist.
    4.3 Fine-tune key information about your final cost optimization initiatives and develop a cost optimization roadmap for proposal.
    5.1 Outline components of a communication plan, including approvers, stakeholders, and governance and management mechanisms to be used.
    5.2 Create an executive presentation.
    5.3 Set up review time for workshop deliverables and post-workshop activities.
    Output
    • IT cost optimization journey and guiding principles for making corresponding decisions.
    • Long list of possible cost optimization initiatives and their potential cost savings for assets and vendors levers.
    • Long list of possible cost optimization initiatives and their potential cost savings for project portfolio and workforce levers.
    • Prioritized list of key cost optimization initiatives, descriptions, estimated impact, and roadmap.
    • IT cost optimization communication plan and presentation strategy.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Understand Your Mandate and Objectives

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • Business context and cost optimization journey
    • Cost constraints and parameters
    • Cost optimization goals

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead

    1.1 Gain consensus on the business context and IT cost optimization journey

    60 minutes

    • Using the questions on slide 20, conduct a brief journey assessment to ensure consensus on the direction you are planning to take.
    • Document your findings in the provided template.
    Input Output
    • Understanding business objectives and identifying your IT mandate
    • Determining the cost optimization journey: reactive, proactive, or strategic
    Materials Participants
    • Whiteboard or flip charts
    • Journey assessment template
    • CIO/IT director
    • IT finance lead

    See the next three slides for guidelines and the journey assessment questions and template.

    Distinguishing between three journeys

    By considering business objectives without forgoing your IT mandate.

    Journey Reactive Proactive Strategic
    Description
    • Business objectives are closely tied to cost reduction, forcing cost cutting across IT.
    • Typically occurs during turbulent economic times, when slow revenue growth is expected.
    • Business objectives do not include clear cost optimization initiatives but mandates IT to be fiscally conservative.
    • Typically occurs when economic turbulence is on the horizon and the organization's revenue is stable - executives only have a fiscal discipline guidance.
    • Business objectives do not include clear cost optimization initiatives.
    • Typically occurs when the overall economy is in good shape and the organization is in positive revenue growth territory.
    Main Focus
    • Quick-to-execute measures with few dependencies and concrete impact in response to business urgency and/or executive directive.
    • Enabling the organization to respond to different types and magnitudes of business change in a more planned and controlled manner.
    • Establishing an efficient, agile, sustainable, and strategically aligned cost optimization practice across all stages of the business cycle, regardless of business conditions.

    Questions to help determine your journey

    Business Objectives Business Strategy
    • What are the current business objectives?
    • Are there any stated cost-related objectives? If yes, what cost-related objectives have been stated by organizational leadership, such as cuts, areas of investment, and any targets for both?
    • Does the organization have a business strategy in place?
    • Was the business strategy reviewed or revised recently?
    • What's the business strategy focus for the next 12 months?
    • Are there any cost optimization implications within the current business strategy?
    IT Objectives IT Strategy and Mandate
    • What are your current IT objectives?
    • Are your IT objectives aligned to business objectives?
    • Do you have any IT cost-related objectives? If yes, what are your current IT cost-related objectives?
    • Are your IT cost-related objectives aligned to business objectives?
    • Do you have an IT strategy in place?
    • Is your IT strategy aligned to your organization's business strategy?
    • Do you have a cost optimization mandate? If yes, what is your cost optimization mandate?
    • What's the fiscal guidance and direction in IT?
    Journey
    Agreed-upon journey: reactive, proactive, or strategic.

    Template & Example

    Journey assessment

    Business Objectives Business Strategy
    • The founder's mission around quality persists despite ownership/leadership changes. Reliability and dependability are really important to everyone.
    • Increase visibility and interconnectivity across the supply chain.
    • Increase market share: younger markets and emerging foreign markets.
    • Economic outlook expected to negatively affect the bottom line - will need to trim and protect the core.
    • Grow Gizmo product sales by 10%.
    • Lower production cost of Gizmo product by 5%.
    IT Objectives IT Strategy and Mandate
    • IT/OT convergence, process automation, and modernization are major opportunities to better position the business for the future and introduce more agility into operations and reduce production cost.
    • Very mature and stable production processes with 100% uptime is a priority.
    • Lower IT cost related to Gizmo product.
    • There's no clear cost optimization mandate, but a fiscally conservative budget is recommended.
    Journey
    Agreed-upon journey: proactive.

    1.2 Review internal and external benchmarking reports

    60-90 minutes

    1. Review the IT spend and staffing results, summarized in your Info-Tech IT Spend & Staffing Benchmarking report.
    2. Identify areas where your IT spend is disproportionately high or low in comparison with your industry peers.
    3. Review and document any causes or rationales for high or low spend in each area identified. Do not be specific about any actual optimization targets or actions at this stage - simply make notes.
    4. Start a list of potential cost optimization initiatives to be further analyzed and investigated for feasibility at a later stage (see next slides for guidance, example, and template).
    InputOutput
    • IT Spend & Staffing Benchmarking report
    • A list of potential cost optimization focus areas
    MaterialsParticipants
    • Whiteboard or flip charts
    • Potential cost optimization initiatives list template
    • CIO/IT director
    • IT finance lead

    Info-Tech's approach

    Our IT cost model maps your IT spending and staffing according to four key views, putting IT spend in language that stakeholders across the organization can relate to.

    IT cost model maps

    Template & Example

    Potential cost optimization initiatives list

    Brainstorm and list potential cost optimization initiatives at a macro level.

    Potential Initiative Source Source Contact Notes
    Reduce application maintenance cost Internal Benchmarking Report CIO Based on current year report
    Rationalize software applications Info-Tech IT Benchmarking Report CIO Based on current year report
    Migrate key business applications to the cloud Latest iteration of the IT strategy CIO New IT strategy will be in development concurrent with cost optimization strategy development
    Align job roles to the current IT structure IT org. chart and salaries HR, CIO Based on information of the current year and will likely change in a few months (beginning of a new year)
    Renegotiate the top five vendor contracts up for renewal this year List of IT vendors Procurement office, CIO, IT infrastructure director, IT applications director, IT services manager Based on a list consolidated last week

    Want help with your IT spend transparency and benchmarking efforts?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Spend and staff mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    1.3 Identify your overarching constraints

    30 minutes

    1. Assess where spend change opportunities are currently limited or nonexistent due to organization edict or policy, industry regulatory requirements, or active contracts. Ask yourself:
      1. Where do IT spend bottlenecks exist and what are they?
      2. What IT spend objectives and practices are absolutely mandatory and nonnegotiable from both a business and an IT perspective?
      3. Are there areas where spend change is possible but would be very difficult to execute due to the stakeholders involved, governance processes, time frames, or another constraining factor?
    2. Identify where reduction or elimination of an IT service would negatively affect required service levels and business continuity or recovery.
    3. List constraints as negotiable or nonnegotiable on the template provided.
    4. Remove areas of focus from your cost optimization scope that land outside achievable parameters, and flag those that are difficult but still possible.
    InputOutput
    • Situational awareness and current state understanding
    • List of negotiable constraints to act on
    • Delimiting the cost optimization scope
    MaterialsParticipants
    • Whiteboard or flip charts
    • Constraints assessment template
    • CIO/IT director
    • IT finance lead

    See the next slides for additional guidance and a constraints assessment template.

    Acknowledge your limitations

    By recognizing your constraints, which will lead you to define your cost optimization scope.

    Constraints Organizational Legal/Regulatory Other
    What An organizational constraint is any work condition that hinders an employee's performance - be it physical, emotional, or otherwise. A legal or regulatory constraint is any law, rule, standard, or regulation - be it industry specific or otherwise - limiting the ability of any stakeholder to get the most out of a certain activity, initiative, or project. Other types of constraints affecting business units.
    Who Collaborate with your IT leaders and business partners to identify all major constraints that would affect cost optimization initiatives.
    How Discussions and information sessions to distinguish between negotiable and nonnegotiable constraints that would thwart cost optimization efforts:
    • Legal/regulatory requirements and related initiatives (past, ongoing, and planned/expected).
      Example: projects cannot be delayed, processes are difficult to simplify, etc.
    • Operational governance - organization policies, processes, methodologies, structure, etc.
      Example: adopting a waterfall model for development instead of an agile one.
    • Financial and accounting practices.
      Example: capital expenditure and operational expenditure classification.
    Challenge Degree to which you can influence certain outcomes within a set time frame:
    • Prioritize negotiating constraints where you can influence the outcome or maximize cost optimization benefits.

    We define a constraint as a restriction controlling the behavior of any of your stakeholders, hence preventing a desired outcome.

    In our context, constraints will determine your playing field: the boundaries of your cost optimization scope.

    Distinguish between constraints

    Negotiable vs. nonnegotiable to delimit your cost optimization scope.

    Distinguish between constraints

    Template & Example

    Constraints assessment

    List high-level limitations that hinder your cost optimization options.

    Nonnegotiable constraints
    Organizational Legal/Regulatory IT/Other
    Prioritization of sales/customer service activities SEC compliance/reporting mandates Production unit incident response service levels
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    Negotiable constraints
    Organizational Legal/Regulatory IT/Other
    Core business operations process design Vendor contracts up for near-term renewal Current capital project commitments
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]

    1.4 Establish overarching cost optimization goals

    60-90 minutes

    1. Establish specific IT cost optimization goals. Depending on your journey, step 1.1. You will have one to three overarching cost optimization goals, as follows:
      1. Reactive: Cost-cutting goal to reduce unwarranted IT spending.
      2. Proactive: Cost-to-value optimization goal.
      3. Strategic: Cost optimization sustainability goal.
      Consider amounts and time frames, as well as likely/suitable approaches you plan to employ to achieve these goals.
    2. Document your final cost optimization goals in the IT Cost Optimization Workbook.
    3. Revisit your goals after outlining your initiatives (phase 2) to ensure feasibility depending on your journey.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Situational awareness and current state understanding
    • Defined goals for IT cost optimization
    MaterialsParticipants
    • Whiteboard or flip charts
    • Set Cost Optimization Goals tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead

    Template & Example

    Document your overarching goals

    Excel Workbook: IT Cost Optimization – Set Optimization Goals Worksheet

    Refer to the example and guidelines below on how to document your goals based on your journey:

    Table of Overarching Goals

    Column ID Input Type Guidelines
    B Dropdown Select the appropriate journey: Reactive, Proactive, or Strategic.
    C Dropdown Select the appropriate cost optimization objective: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, Sustain Cost Optimization.
    D Formula Automatic calculation, no entry required. Reduce Unwarranted IT Spending goal is the first priority, followed by Optimize Cost-to-Value, and Sustain Cost Optimization goals, respectively.
    E Text Enter the overarching goal related to each objective.

    Complete the following fields for each goal depending on your journey in the Excel Workbook as per guidelines:

    1. Navigate to the Set Cost Optimization Goals tab.
    2. Identify your journey and objective for each goal.
    3. Document your goal(s).

    Download the IT Cost Optimization Workbook

    Template & Example

    Break down your goals per quarter

    Excel Workbook: IT Cost Optimization - Set Cost Optimization Goals Worksheet

    Refer to the example and guidelines below on how to break down your goals per quarter and track your progress:

    Table break down your goals per quarter

    Column ID Input Type Guidelines
    F, G, H, I Text Enter the target per quarter: It could be a percentage, dollar amount, or description of the breakdown, depending on the cost optimization goal and objective.

    Complete the following fields for each goal depending on your journey in the Excel Workbook as per guidelines:

    1. Navigate to the Set Cost Optimization Goals tab.
    2. Determine your target per quarter for every goal.
    3. Document your targets.

    Download the IT Cost Optimization Workbook

    1.5 Identify inputs required for decision making

    60-90 minutes

    1. Each of the optimization levers (assets, vendors, project portfolio, and workforce) will require specific and unique sources of information which you will need to collect before moving forward. Examples of important sources of information include:
      1. Latest iteration of the IT strategy.
      2. List of IT assets (hardware, software).
      3. List of IT services or IT service catalog.
      4. List of current and planned IT projects and their resourcing allocations.
      5. List of largest vendor contracts and their key details, such as their expiration/renewal date.
      6. IT department organizational chart and salaries (by role).
    2. Review and analyze each of the documents.
    3. Continue to list potential cost optimization initiatives (step 1.2) to be further analyzed and investigated for feasibility at a later stage.
    InputOutput
    • IT strategy
    • Lists of IT assets, services, and projects
    • Top vendor contracts
    • IT org. chart and salaries
    • Macrolevel list of potential cost optimization initiatives
    MaterialsParticipants
    • Potential cost optimization initiatives list template (slide 24)
    • CIO/IT director
    • IT finance lead

    Prepare all pertinent sources of information

    And start drafting your cost optimization laundry list.

    Documents Benchmarking IT Strategy Other Information Sources
    What
    • Review:
      • Your IT spend trend across several years (ideally three to five years): internal benchmarking report.
      • Your IT spend compared to industry peers: external benchmarking report.
    • Analyze your internal and external benchmarking reports across the four views: service, expense, business, and innovation.
    • Review your business aligned IT strategy to identify cost optimization related initiatives.
    • At a later stage, exploit your IT strategy to prioritize cost optimization initiatives as needed.
    • Review your IT organization chart and salaries to determine whether the IT organization structure is optimal, job descriptions are mapped to the desired structure, employee skillsets and salary scale are adequate and aligned to the job description, etc.
    • Compile and examine lists of assets, vendors, projects, and services.
    • Prepare any other information sources you deem meaningful.
    Who Collaborate with your IT leaders and business partners to:
    • Prepare the necessary reports, documents, and required sources of information.
    • Identify potential cost optimization initiatives around areas of improvement.
    How Discussions and information sessions to analyze and deep dive on raw findings.
    Challenge Time to compile and analyze reports without affecting day-to-day operations:
    • Outsource some activities such as external benchmarking to organizations like Info-Tech.
    • Get consulting support on specific reports or tasks through workshops, calls, etc.

    Phase 2

    Outline Your Cost Optimization Initiatives

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • IT cost optimization initiatives
    • IT cost optimization workbook

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • IT vendor management lead
    • PMO lead
    • IT talent management representative
    • Other IT management

    Outline your cost optimization initiatives

    Across Info-Tech's four levers.

    Levers ASSETS VENDORS PROJECT PORTFOLI WORKFORCE
    What
    • Maintain trustworthy data to optimize cost, reduce risk, and improve services in line with business priorities and requirements:
      • Optimize cost: reallocate unused hardware and software, end unneeded service agreements, and manage renewals and audits.
      • Reduce risk: provide comprehensive asset data for security controls development and incident management - manage equipment disposal.
      • Improve IT service: support incident, problem, request, and change management with ITAM data.
    • Examine your vendor contracts and vendor management practices to optimize your expected value from every IT provider you deal with.
    • Treat vendor management as a proactive, cross-functional practice aiming to create value by improving communication, relationships, processes, performance, and ultimately reducing cost.
    • Reassess your project portfolio to maximize total value in line with business objectives and strategy.
    • Reduce resource waste with a strategic approach to project portfolio management:
      • Ensure that approved projects can be completed by aligning intake with real project capacity.
      • Minimize over-allocation of resources by allocating based on the proportion of project vs. non-project work.
      • Forecast future resource requirements by maintaining accurate resource capacity data.
    • Review your strategic workforce plan to identify cost optimization opportunities.
    • Determine capability gaps to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.
    • Link workforce planning with strategic planning to ensure that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.
    Who Collaborate with your IT leaders and business partners to:
    • Prepare the necessary reports, documents, and required sources of information.
    • Determine cost optimization initiatives across the four levers.
    How You will decide on the best course of action depending on your journey.

    Most common cost optimization challenges

    Across Info-Tech's four levers.

    Levers ASSETS VENDORS PROJECT PORTFOLI WORKFORCE
    Challenge
    • Incomplete or inaccurate data, poor processes, inadequate tools, and lack of support across the organization is leading to bad decision making while damaging value.
    • Spending on IT providers is increasing while vendor contract expected value - results, output, performance, solutions, or outcomes - is not realized.
    • Poor planning, conflicting priorities, and resource scarcity is affecting project outcomes, resulting in suboptimal value.
    • Talent shortages, lack of prioritization, and experience in managing an IT workforce is leading to higher costs and a loss in value.
    Solution
    • Develop a sustainable IT asset management (ITAM) strategy aligned with your business priorities.
    • Establish a vendor management initiative (VMI) with a solid foundation to fit your organization's culture, environment, and goals.
    • Create a coherent strategy to maximize the total value that projects deliver as a portfolio, rather than a collection of individual projects.
    • Develop a strategic workforce plan (SWP) to ensure you have the right people in place at the right time.
    Related Info-Tech Research Develop an IT Asset Management Strategy Jump-start Your Vendor Management Initiative Develop a Project Portfolio Management Strategy Build a Strategic IT Workforce Plan

    2.1 Determine your cost optimization initiatives

    8 hours

    Now that you have identified your journey and understood your constraints:

    1. Review your list of potential cost optimization initiatives and document viable ones in the IT Cost Optimization Workbook.
    2. Think of potential cost optimization initiatives within the four levers: assets, vendors, project portfolio, and workforce. The following slides will help you in this endeavor.

    Download the IT Cost Optimization Workbook

    Input Output
    • Potential cost optimization initiatives list
    • Outline Initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    Plan your cost optimization initiatives

    Your initiatives will differ depending on your journey

    In terms of aggressiveness and objectives.

    Plan cost optimization initiatives

    Cost optimization initiatives pertaining to a reactive journey are characterized by aggressive cost reduction.

    On the other hand, cost optimization initiatives within a strategic journey can vary in aggressiveness across objectives.

    2.1.1 Identify asset optimization initiatives

    2 hours

    1. Review the IT asset management strategy if available. Compile a list of all hardware, software, and facility asset costs for delivery of IT services.
    2. Analyze hardware and software assets for opportunities to consolidate, reduce, eliminate, and/or enhance functionality/automation. Look for:
      1. Redundancy or duplication of functionality not necessary for disaster recovery or business continuity purposes.
      2. Low or no-use software.
      3. Homegrown or legacy systems with high maintenance/support burdens.
      4. Multiple, old, or unsupported versions of current-use software.
      5. Opportunities to delay hardware/software refreshes or upgrades.
      6. Cloud/outsourced options.
      7. Instances of unsanctioned shadow IT.
    3. Reassess your in-house asset management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by asset optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • IT asset management strategy
    • List of current assets including hardware, software, and facilities
    • Outline Initiatives driven by asset optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Example

    Asset optimization

    Some examples to get you started

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Validate the license cost of performance optimization.
    • Review the utilization of software/hardware before renewal or purchase of additional hardware or software.
    • Assess new license cost against projects to determine possibility of differing or canceling software.
    • Postpone the purchases of hardware.
    • Extend the life of hardware.
    • Consolidate and reconfigure hardware.
    • Return damaged/malfunctioning hardware under warranty.
    • Consolidate and reconfigure software.
    • Optimize software/hardware functionality.
    • Implement hardware/software standard or policy.
    • Develop an infrastructure management outsourcing strategy.
    • Optimize cloud management: review utilization, licensing, cost, etc.
    • Develop a sustainable IT asset management (ITAM) strategy aligned with your business priorities.
    • Minimize shadow IT by creating a policy and improving the service request process.
    • Develop or assess a cloud strategy for a certain service.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your asset optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the asset optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.2 Identify vendor optimization initiatives

    2 hours

    1. Revisit the IT vendor classification if available. Identify all existing vendor contracts up for renewal within the current fiscal year and create an inventory.
    2. Examine your vendor contracts to optimize your expected value from every IT provider you deal with. For each contract:
      1. Identify the business purpose/drivers.
      2. Identify the expiration/renewal date to determine time frames for action.
      3. Determine if there is an opportunity to rightsize, cancel, renegotiate costs/service levels, or postpone renewal/purchase.
      4. Identify integrations and interdependencies with other hardware and software systems to understand scope and impact of potential changes.
    3. Reassess your in-house vendor management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by vendor optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor classification
    • Vendors contracts
    • Outline Initiatives driven by vendor optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Example

    Vendor optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Renegotiate and rightsize a vendor contract:
      • Cancel vendor/service/type application contract.
      • Renegotiate vendor/service/type contract.
      • Cancel vendor/service/type licenses.
      • Rationalize number of vendor/service/type licenses.
    • Consolidate vendors/resellers with similar services, products and features.
    • Implement a vendor management initiative to maximize value and minimize risk.
    • Consolidate contracts to take advantage of spending power and volume.
    • Set up custom vendor performance metrics.
    • Establish ongoing monitoring of vendor risk (financial, security, etc.).
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your vendor optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the vendor optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.3 Identify project portfolio optimization initiatives

    2 hours

    1. Review the IT Project Portfolio Strategy if available, and the list of both in-flight and planned projects.
    2. Reassess your project portfolio to maximize total value in line with business objectives and strategy. For each current and pending project on the list, identify a cost optimization initiative, including:
      1. Revisiting, confirming, and documenting actual project rationale with the business in relation to strategic goals.
      2. Rescoping existing projects that are underway.
      3. Accelerating planned or existing projects that enable business cost savings or competitive advantage and revenue growth.
      4. Canceling or postponing projects that are underway or haven't started.
      5. Identifying net-new projects that enhance business capabilities or save business costs.
    3. Reassess your in-house project management and project portfolio management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by project portfolio optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    Input Output
    • Project Portfolio Management Strategy
    • List of current and pending projects
    • Outline Initiatives driven by project portfolio optimization objectives in the IT Cost Optimization Workbook
    Materials Participants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Example

    Project portfolio optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Cancel projects with no executive sponsor.
    • Cancel projects with unacceptable timelines.
    • Postpone projects where there is a more urgent need for related resources.
    • Rescope projects where a more effective business case has been identified.
    • Freeze projects where scope and resourcing are uncertain.
    • Accelerate projects that enable business cost savings or a competitive advantage with revenue growth.
    • Combine projects that are better managed by realigning project managers and coordinators.
    • Break projects into phases to front-load realized value.
    • Outsource projects with commoditized skillset requirements.
    • Reassess the technology requirements when multiple vendors are involved.
    • Reexamine project rationale with the business in relation to strategic goals.
    • Identify net-new projects that offer improved value in relation to current economics.
    • Reassess the strategic drivers for project spending in the face of shifting priorities.
    • Implement a project portfolio governance function.
    • Introduce a benefits realization discipline in relation to the benefits forecasted during project approval.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your project portfolio optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the project portfolio optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.4 Identify workforce optimization initiatives

    2 hours

    1. Review the IT department's strategic workforce plan (SWP) if available, organizational chart, and salaries by role. Do not review IT staffing in terms of named individuals who occupy a given role - focus on functions, roles, and job descriptions.
    2. Determine capability gaps:
      1. Rectify efficiency, effectiveness, and other performance issues.
      2. Train IT staff to enhance or improve skills and effectiveness.
      3. Add roles, skills, or headcount to improve effectiveness.
      4. Integrate teams to improve collaboration and reduce redundancies or break out new ones to increase focus/specialization.
      5. Redesign job roles and responsibilities.
      6. Redeploy/reassign staff to other teams.
      7. Conduct layoff (as a last resort, starting by assessing contractual employees).
    3. Document cost optimization initiatives that could be driven by workforce optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Strategic workforce plan (SWP)
    • Organizational charts
    • Staff lists
    • Outline Initiatives driven by workforce optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Example

    Workforce optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Defer vacancy, position, or role.
    • Freeze all overnight and unessential IT staff travel.
    • Outsource project/function to free internal resources.
    • Postpone nonessential IT staff training as per training plans.
    • Suspend IT team discretionary spend.
    • Streamline workforce related to department/service (develop the process).
    • Relocate role or function from division or group to division or group.
    • Adjust framework and level assignments.
    • Promote and train employees for a certain objective.
    • Implement a strategic workforce plan (SWP) to ensure you have the right people in place, at the right time.
    • Set up a workforce performance monitoring framework or process to optimize staffing capabilities aligned with business value.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your workforce optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the workforce optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.2 Estimate the cost savings of cost optimization initiatives

    8 hours

    Now that you have identified your initiatives:

    1. Review your cost optimization initiatives per lever (Assets, Vendors, Project Portfolio, and Workforce).
    2. Determine whether the implementation cost of each of your initiatives is included as part of your budget.
    3. Estimate your cost savings.
    4. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Potential cost optimization initiatives list
    • Outline Initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    2.2.1 Estimate the costs impacting your asset optimization initiatives

    2 hours

    1. Review each asset optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Asset optimization initiatives
    • Cost and budget information
    • Cost estimates of asset optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each asset optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.2 Estimate the costs impacting your vendor optimization initiatives

    2 hours

    1. Review each vendor optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor optimization initiatives
    • Cost and budget information
    • Cost estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each vendor optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.3 Estimate the costs impacting your project portfolio optimization initiatives

    2 hours

    1. Review each project portfolio optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Cost and budget information
    • Cost estimates of project portfolio optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each project portfolio optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.4 Estimate the costs impacting your workforce optimization initiatives

    2 hours

    1. Review each workforce optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Cost and budget information
    • Cost estimates of workforce optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization –i Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each workforce optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    Phase 3

    Develop Your IT Cost Optimization Roadmap

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • IT cost optimization workbook
    • IT cost optimization roadmap

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • IT vendor management lead
    • PMO lead
    • IT talent management representative
    • Other IT management

    Develop your prioritized and aligned cost optimization roadmap

    The process of developing your roadmap is where you set final cost optimization priorities, conduct a final rationalization to decide what's in and what's out, and document your proposed plan of action.

    First, take a moment to consider if you missed anything. Too often, only the cost cutting elements of the cost optimization equation get attention. Remember that cost optimization also includes making smart investments. Sometimes adding and expanding is better for the business than removing or contracting.

    • Do your proposed initiatives help position the organization to recover quickly if you're dealing with a downturn or recession scenario?
    • Have you fully considered growth or innovation opportunities that will help optimize costs in the long run?

    Feasibility
    Eliminate initiatives from the longlist of potential initiatives that cannot be achieved given the cost optimization goals you determined at the beginning of this exercise.

    Priority
    Rank order the remaining initiatives according to their ability to contribute to goal attainment and dependency relationships with external constraints and one another.

    Action Plan
    Create an overarching visual roadmap that shows how you intend to achieve your cost optimization goals over the short, medium, and long-term.

    3.1 Assess the feasibility of your cost optimization initiatives

    4 hours

    Now that you have identified your initiatives across the four levers and understood the business impacts:

    1. Review each of your cost optimization initiatives and estimate the feasibility in terms of:
      1. Effort required to implement.
      2. Risk: Likelihood of failure and impact on performance.
      3. Approval rights: Within the IT or finance's accountability/domain or not.
    2. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization initiatives
    • Feasibility estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    3.1.1 Estimate the feasibility of your asset optimization initiatives

    1 hour

    1. Review each asset optimization initiative to estimate feasibility implications.
    2. Start by defining the effort required variables. Think in terms of how many dedicated full-time employees you would need to implement the initiative. Document your definition for each of the three variables (High, Medium, or Low) in the IT Cost Optimization Workbook (see next slides). Then, estimate the effort required to implement the related initiative. Consider complexity, scope, and resource availability, before you document it in the IT Cost Optimization Workbook (see next slides).
    3. Define your likelihood of failure variables. Think in terms of probability of failure or percent chance the underlying initiative will not succeed. Document your definition for each of the three variables (High, Medium, or Low) in the IT Cost Optimization Workbook (see next slides). Then, estimate the likelihood of failure to implement the related initiative, and document it in the IT Cost Optimization Workbook (see next slides).
    4. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    5. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    Input Output
    • Asset optimization initiatives
    • Feasibility estimates of asset optimization initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Define your feasibility variables

    Excel Workbook: IT Cost Optimization – Define Variables Worksheet

    Refer to the example and guidelines below on how to define your feasibility variables for standardization purposes. You can adopt a different definition per optimization lever (Assets, Vendors, Project Portfolio, and Workforce), or maintain the same one across initiatives, depending on what makes sense for your organization:

    Define your feasibility variables

    Column ID Input Type Guidelines
    B, G Formula Automatic calculation, no entry required. The ID will populate automatically.
    C, H Text No entry required. Three variables identified: High, Medium, Low.
    D, E Whole Number Review and input the range of each effort required variable, based on the number of dedicated full-time employees needed to implement an initiative, as it works best for your organization.
    I, J Whole Number Review and input the range of each likelihood of failure variable, based on the probability of failure of an initiative, as it works best for your organization. This example should work for most organizations.

    Define your feasibility variables in the Excel Workbook as per guidelines:

    1. Navigate to the Define Variables tab.
    2. Review and enter the range of each effort required and likelihood of failure variable as you see fit for your organization.

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each asset optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.2 Estimate the feasibility of your vendor optimization initiatives

    1 hour

    1. Review each vendor optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor optimization initiatives
    • Feasibility estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each vendor optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.3 Estimate the feasibility of your project portfolio optimization initiatives

    1 hour

    1. Review each project portfolio optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Feasibility estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each project portfolio optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.4 Estimate the feasibility of your workforce optimization initiatives

    1 hour

    1. Review each workforce optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Feasibility estimates of workforce optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each workforce optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.2 Prioritize cost optimization initiatives to create a final shortlist

    4 hours

    Now that you have your cost and feasibility for each cost optimization initiative:

    1. Review each of your cost optimization initiatives and estimate the time and priority by considering:
      1. Preliminary priority assessment based on your cost and feasibility input.
      2. Time frame: start and end date of each initiative.
      3. Current budget cycle: time remaining in the current budget cycle and potential cost savings in this fiscal year.
    2. Determine the final priority of the initiative and decide whether you want to include it in your 12-month roadmap.
    3. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    3.2.1 Prioritize your asset optimization initiatives

    1 hour

    1. Review each asset optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Asset optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each asset optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of estimate cost savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary priority assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority threshold rationale

    Excel Workbook: IT Cost Optimization – Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the priority score and priority level:

    Priority threshold rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each asset optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be permanent or temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each asset optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.2 Prioritize your vendor optimization initiatives

    1 hour

    1. Review each vendor optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    Input Output
    • Vendor optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each vendor optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of estimate cost savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary priority assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization – Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority Threshold Rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each vendor optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each vendor optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.3 Prioritize your project portfolio optimization initiatives

    1 hour

    1. Review each project portfolio optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each project portfolio optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of Estimate Cost Savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary Priority Assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization - Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority threshold rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each project portfolio optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each project portfolio optimization initiative and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.4 Prioritize your workforce optimization initiatives

    1 hour

    1. Review each workforce optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each workforce optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of Estimate Cost Savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary Priority Assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization - Define Priority Threshold

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority Threshold Rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each workforce optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each workforce optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.3 Develop your cost optimization roadmap

    1 hour

    1. Conduct a final evaluation of your timeline, priority decision, and initiatives you wish to include in your 12-month roadmap. Do they make sense, are they achievable, and do they all contribute individually and collectively to reaching your cost optimization goals?
    2. Review your 12-month roadmap outputs in the IT Cost Optimization Workbook (see next slides).
    3. Make adjustments to your 12-month roadmap by adding or removing initiatives as you deem necessary (step 3.2).
    4. Document your final roadmap - including initiatives and relative time frames for execution - in the IT Cost Optimization Roadmap templates provided (see slide 97). The 12-month roadmap outputs from the IT Cost Optimization Workbook (see next slide) can facilitate this task.

    Download the IT Cost Optimization Workbook

    Input Output
    • Outline Initiatives tab in the IT Cost Optimization Workbook, output from previous steps
    • IT Cost Optimization Roadmap
    Materials Participants
    • Outline Initiatives Charts tab in the IT Cost Optimization Workbook
    • Diagram Results tab in the IT Cost Optimization Workbook
    • List Results tab in the IT Cost Optimization Workbook
    • Timeline Result tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT financial lead
    • Other IT management

    Template & Example

    Potential Cost Savings Per Year

    Excel Workbook: IT Cost Optimization - Outline Initiatives Charts Worksheet

    Refer to the example below on charts depicting different views of estimated cost savings per year across the four optimization levers (Assets, Vendors, Project Portfolio, and Workforce) that could help you in your assessment and decision making.

    Potential cost savings per year

    From the Excel Workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to the Outline Initiatives Charts tab.
    2. Review each of the charts.
    3. Navigate back to the Outline Initiatives tab to examine, drill down, and amend individual initiative entries or final decisions as you deem necessary.

    Template & Example

    12-month Roadmap Outputs

    Excel Workbook: IT Cost Optimization - Diagram Results, List Results, and Timeline Result Worksheets

    Refer to the example below depicting different roadmap output that could help you in presentations, assessment, and decision making.

    12-month Roadmap Outputs

    From the Excel Workbook:

    1. Navigate to the Diagram Results tab. This bubble diagram represent cost optimization initiatives by objective where each bubble size is determined by its estimated cost saving per year.
    2. Navigate to the List Results tab. You will find a list of the cost optimizations initiatives you've chosen to include in your roadmap and related charts.
    3. Navigate to the Timeline Result tab. This Gantt chart is a timeline view of the cost optimizations initiatives you've chosen to include in your roadmap.

    Download the IT Cost Optimization Workbook

    IT cost optimization roadmap

    Phase 4

    Communicate and Execute

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • Cost optimization communication plan
    • Cost optimization executive presentation

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Build Your IT Cost Optimization Roadmap

    4.1 Build the communication plan

    45 to 60 minutes

    1. Use the Cost Optimization Communication Plan templates and guidance on the following slides.
    2. Complete the template to develop your communication plan for your cost optimization proposal and initiatives. At a minimum, it should include:
      1. Steps for preparing and presenting your proposal to decision-makers, sponsors, and other stakeholders, including named presenters and points of contact in IT.
      2. Checkpoints for communication throughout the execution of each initiative and the cost optimization roadmap overall, including target audiences, accountabilities, modes and methods of communication, type/scope of information to be communicated at each checkpoint, and any decision/approval steps.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization roadmap
    • Completed draft of the Cost Optimization Communication Plan
    MaterialsParticipants
    • IT Cost Optimization Workbook
    • IT Cost Optimization Roadmap
    • Info-Tech's Cost Optimization Communication Plan template
    • CIO/IT director
    • IT financial lead
    • Other IT management

    Understand a communication strategy's purpose

    Put as much effort into developing your communication strategy as you would into planning and executing the cost optimization initiatives themselves. Don't skip this part.

    Your communication strategy has two major components ...

    1. A tactical plan for how and when you'll communicate with stakeholders about your proposals, activities, and progress toward meeting cost optimization goals.
    2. An executive or board presentation that outlines your final proposed cost optimization initiatives, their respective business cases, and resources/support required with the goal of gaining approval to execute.

    Your communication strategy will need to ...

    • Provide answers to the "What's in it for me?" question from all impacted stakeholders.
    • Roles, responsibilities, and accountabilities before, during, and after initiatives are completed.
    • Descriptions and high-level information about dates, deliverables, and impacts of the specific changes being made.

    You will also develop more detailed operational and project plans for each initiative. IT will use these plans to manage and track the execution of individual initiatives when the time comes.

    Template & Example

    Document the overall what and why of your planned communications

    Component Purpose Context Key Messages Intended Outcomes
    Definition Description of the topic and why you're communicating with this specific audience right now. Background information about the broader situation and how you got to where you are today. The main points you want your target audience to hear/read, absorb, and remember. What you hope you and your audience will get at the end of the communication or effort.
    Our Language
    • IT is proposing an organization-wide array of initiatives in order to reduce IT costs. We are seeking your approval and support to carry out these initiatives.
    • [Purpose]
    • The economy is in active downturn and may become a full recession.
    • IT is anticipating mandatory cost reductions and has opted to take a proactive position.
    • We used an analytical framework to look at all areas of the organization to identify and prioritize IT cost-reduction opportunities.
    • [Context]
    • IT is being proactive.
    • IT is sensitive to the business.
    • IT needs your support.
    • IT is committed to keeping you informed at every step.
    • IT wants to position the organization for rapid recovery when the economy improves.
    • [Message]
    • Buy-in, approval, and ongoing support for cost optimization initiatives proposed.
    • Update on the status of specific initiatives, including what's happened, progress, and what's coming next.
    • [Outcome]

    Template & Example

    Next, note the who, how, and when of your communication plan

    Stakeholder/Approver Initiatives Impact Format Time frame Messenger
    CEO
    • Reduce number of Minitab licenses
    • Defer hiring of new data architecture position
    • Cancel VR simulation project
    Indefinitely delays current strategic projects Monthly meeting discussion Last Wednesday of every month starting Oct. 26, FY1 CIO, IT data analytics project lead, IT VR project lead
    IT Steering Committee
    • Adjust service level framework and level assignments
    • Postpone purchases for network modernization
    • Postpone workstation/laptop upgrades for non-production functions
    • Outsource data analytics project
    Nearly all of these initiatives are enterprise-wide or affect multiple departments. Varying direct and indirect impacts will need to be independently communicated for each initiative if approved by the ITS.

    Formal presentation at quarterly ITS meetings

    Monthly progress updates via email bulletin

    Approval presentation: Oct. 31, FY1

    Quarterly updates: Jan. 31, Apr. 28, and Jul. 28, FY2

    CIO, IT service director, IT infrastructure director, IT data analytics project lead
    VP of Sales
    • Pause Salesforce view redesign project
    Delays new sales tool efficiency improvement. Meeting discussion Nov. FY1 CIO, IT Salesforce view redesign project lead
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]

    4.2 Build the executive presentation

    45-60 minutes

    1. Download Info-Tech's IT Cost Optimization Roadmap Samples and Templates.
    2. Update the content with the outputs of your cost optimization roadmap and data/graph elements from the IT Cost Optimization Workbook. Refer to your organization's standards and norms for executive-level presentations and adapt accordingly.

    Download IT Cost Optimization Roadmap Samples and Templates

    Input Output
    • IT Cost Optimization Roadmap
    • IT Cost Optimization Workbook
    • Completed draft of the IT Cost Optimization Executive Presentation
    Materials Participants
    • IT Cost Optimization Workbook
    • IT Cost Optimization Roadmap Samples and Templates
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Summary of Accomplishment

    Congratulations! You now have an IT cost optimization strategy and a communication plan.

    Throughout this blueprint, you have:

    1. Identified your IT mandate and cost optimization journey.
    2. Outlined your initiatives across the four levers (assets, vendors, project portfolio, and workforce).
    3. Put together a 12-month IT cost optimization roadmap.
    4. Developed a communication strategy and crafted an executive presentation - your initial step to communicate and discuss IT cost optimization initiatives with your key stakeholders.

    What's next?

    Communicate with your stakeholders, then follow your internal project policies and procedures to get the necessary approvals as required. Once obtained, you can start the execution and implementation of your IT cost optimization strategy.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    Research Contributors and Experts

    Jennifer Perrier, Principal Research Director, IT Financial Management

    Jennifer Perrier
    Principal Research Director, IT Financial Management
    Info-Tech Research Group

    Jack Hakimian, Senior Vice President, Research Development

    Jack Hakimian
    Senior Vice President, Research Development
    Info-Tech Research Group

    Graham Price, Senior Executive Counselor, Executive Services

    Graham Price
    Senior Executive Counselor, Executive Services
    Info-Tech Research Group

    Travis Duncan, Research Director, Project & Portfolio Management

    Travis Duncan
    Research Director, Project & Portfolio Management
    Info-Tech Research Group

    Dave Kish, Practice Lead, IT Financial Management

    Dave Kish
    Practice Lead, IT Financial Management
    Info-Tech Research Group

    Baird Miller, PhD, Senior Executive Advisor, Executive Services

    Baird Miller, PhD
    Senior Executive Advisor, Executive Services
    Info-Tech Research Group

    Other Research Contributors and Experts

    Monica Braun
    Research Director, IT Financial Management
    Info-Tech Research Group

    Sandi Conrad
    Principal Advisory Director, Infrastructure & Operations
    Info-Tech Research Group

    Phil Bode
    Principal Advisory Director, Vendor Management
    Info-Tech Research Group

    Donna Glidden
    Advisory Director, Vendor Management
    Info-Tech Research Group

    Barry Cousins
    Distinguished Analyst & Research Fellow
    Info-Tech Research Group

    Andrew Sharp
    Research Director, Infrastructure & Operations Practice
    Info-Tech Research Group

    Frank Sewell
    Advisory Director, Vendor Management
    Info-Tech Research Group

    Related Info-Tech Research

    Achieve IT Spend & Staffing Transparency
    Most CIOs, CFOs, and business function leaders don't enjoy a shared vocabulary when it comes to talking about technology spend. As a result, truly meaningful conversations about where and how to spend technology funds in support of business goals are rare. Enable these important conversations by transparently mapping your IT spend data against four key stakeholder views.

    Reduce Shadow IT With a Service Request Catalog
    As the business gets more innovative to solve its problems, IT finds itself in reactive mode, dealing with software bloat, managing surprise SaaS renewals, and having to integrate products that they didn't know were purchased. To solve this, IT needs to focus on service and visibility to counter Shadow IT.

    Bibliography

    "A Short Guide to Structured Cost Reduction." National Audit Office, 18 June 2010. Web.

    "IT Cost Savings: A Guide to Application Rationalization." LeanIX, 2021. Web.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 30 April 2020. Web.

    Leinwand, Paul, and Vinay Couto. "How to Cut Costs More Strategically." Harvard Business Review, March 2017. Web.

    "Role & Influence of the Technology Decision-Maker 2022." Foundry, 2022. Web.

    "State of the CIO 2022." CIO, 2022. Web.

    "The Definitive Guide to IT Cost Optimization." LeanIX, n.d. Web.

    "Understand the Principles of Cost Optimization." Google Cloud, n.d. Web.

    Establish an Effective IT Steering Committee

    • Buy Link or Shortcode: {j2store}191|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $44,821 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Unfortunately, when CIOs implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Our Advice

    Critical Insight

    • 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    • Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    • Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    Impact and Result

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee:

    • IT Steering Committee Charter: Use this template in combination with this blueprint to form a highly tailored committee.
    • IT Steering Committee Stakeholder Presentation: Build understanding around the goals and purpose of the IT steering committee, and generate support from your leadership team.
    • IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining project prioritization criteria. Track project prioritization and assess your portfolio.

    Establish an Effective IT Steering Committee Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish an IT steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the steering committee charter

    Build your IT steering committee charter using results from the stakeholder survey.

    • Establish an Effective IT Steering Committee – Phase 1: Build the Steering Committee Charter
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter

    2. Define IT steering commitee processes

    Define your high level steering committee processes using SIPOC, and select your steering committee metrics.

    • Establish an Effective IT Steering Committee – Phase 2: Define ITSC Processes

    3. Build the stakeholder presentation

    Customize Info-Tech’s stakeholder presentation template to gain buy-in from your key IT steering committee stakeholders.

    • Establish an Effective IT Steering Committee – Phase 3: Build the Stakeholder Presentation
    • IT Steering Committee Stakeholder Presentation

    4. Define the prioritization criteria

    Build the new project intake and prioritization process for your new IT steering committee.

    • Establish an Effective IT Steering Committee – Phase 4: Define the Prioritization Criteria
    • IT Steering Committee Project Prioritization Tool
    • IT Project Intake Form
    [infographic]

    Workshop: Establish an Effective IT Steering Committee

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build the IT Steering Committee

    The Purpose

    Lay the foundation for your IT steering committee (ITSC) by surveying your stakeholders and identifying the opportunities and threats to implementing your ITSC.

    Key Benefits Achieved

     An understanding of the business environment affecting your future ITSC and identification of strategies for engaging with stakeholders

    Activities

    1.1 Launch stakeholder survey for business leaders.

    1.2 Analyze results with an Info-Tech advisor.

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach.

    Outputs

    Report on business leader governance priorities and awareness

    Refined workshop agenda

    2 Define the ITSC Goals

    The Purpose

    Define the goals and roles of your IT steering committee.

    Plan the responsibilities of your future committee members.

    Key Benefits Achieved

     Groundwork for completing the steering committee charter

    Activities

    2.1 Review the role of the IT steering committee.

    2.2 Identify IT steering committee goals and objectives.

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC.

    2.5 Define ITSC participation.

    Outputs

    IT steering committee key responsibilities and participants identified

    IT steering committee priorities identified

    3 Define the ITSC Charter

    The Purpose

    Document the information required to create an effective ITSC Charter.

    Create the procedures required for your IT steering committee.

    Key Benefits Achieved

    Clearly defined roles and responsibilities for your steering committee

    Completed IT Steering Committee Charter document

    Activities

    3.1 Build IT steering committee participant RACI.

    3.2 Define your responsibility cadence and agendas.

    3.3 Develop IT steering committee procedures.

    3.4 Define your IT steering committee purpose statement and goals.

    Outputs

    IT steering committee charter: procedures, agenda, and RACI

    Defined purpose statement and goals

    4 Define the ITSC Process

    The Purpose

    Define and test your IT steering committee processes.

    Get buy-in from your key stakeholders through your stakeholder presentation.

    Key Benefits Achieved

    Stakeholder understanding of the purpose and procedures of IT steering committee membership

    Activities

    4.1 Define your high-level IT steering committee processes.

    4.2 Conduct scenario testing on key processes, establish ITSC metrics.

    4.3 Build your ITSC stakeholder presentation.

    4.4 Manage potential objections.

    Outputs

    IT steering committee SIPOC maps

    Refined stakeholder presentation

    5 Define Project Prioritization Criteria

    The Purpose

    Key Benefits Achieved

    Activities

    5.1 Create prioritization criteria

    5.2 Customize the project prioritization tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Outputs

    IT Steering Committee Project Prioritization Tool

    Action plan

    Further reading

    Establish an Effective IT Steering Committee

    Have the right people making the right decisions to drive IT success.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • IT Leaders

    This Research Will Also Assist:

    • Business Partners

    This Research Will Help You:

    • Structure an IT steering committee with the appropriate membership and responsibilities
    • Define appropriate cadence around business involvement in IT decision making
    • Define your IT steering committee processes, metrics, and timelines
    • Obtain buy-in for IT steering committee participations
    • Define the project prioritization criteria

    This Research Will Help Them:

    • Understand the importance of IT governance and their role
    • Identify and build the investment prioritization criteria

    Executive Summary

    Situation

    • An effective IT steering committee (ITSC) is one of the top predictors of value generated by IT, yet only 11% of CIOs believe their committees are effective.
    • An effective steering committee ensures that the right people are involved in critical decision making to drive organizational value.

    Complication

    • Unfortunately, when CIOs do implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Resolution

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee. These include:

    1. IT Steering Committee Charter: Customizable charter complete with example purpose, goals, responsibilities, procedures, RACI, and processes. Use this template in combination with this blueprint to get a highly tailored committee.
    2. IT Stakeholder Presentation: Use our customizable presentation guide to build understanding around the goals and purpose of the IT steering committee and generate support from your leadership team.
    3. IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining the project prioritization criteria. Use our template to track project prioritization and assess your portfolio.

    Info-Tech Insight

    1. 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    2. Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    3. Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    IT Steering Committee

    Effective IT governance critical in driving business satisfaction with IT. Yet 88% of CIOs believe that their governance structure and processes are not effective. The IT steering committee (ITSC) is the heart of the governance body and brings together critical organizational stakeholders to enable effective decision making (Info-Tech Research Group Webinar Survey).

    IT STEERING COMMITTEES HAVE 3 PRIMARY OBJECTIVES – TO IMPROVE:

    1. Alignment: IT steering committees drive IT and business strategy alignment by having business partners jointly accountable for the prioritization and selection of projects and investments within the context of IT capacity.
    2. Accountability: The ITSC facilitates the involvement and commitment of executive management through clearly defined roles and accountabilities for IT decisions in five critical areas: investments, projects, risk, services, and data.
    3. Value Generation: The ITSC is responsible for the ongoing evaluation of IT value and performance of IT services. The committee should define these standards and approve remediation plans when there is non-achievement.

    "Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?"

    – Martha Heller, President, Heller Search Associates

    An effective IT steering committee improves IT and business alignment and increases support for IT across the organization

    CEOs’ PERCEPTION OF IT AND BUSINESS ALIGNMENT

    67% of CIOs/CEOs are misaligned on the target role for IT.

    47% of CEOs believe that business goals are going unsupported by IT.

    64% of CEOs believe that improvement is required around IT’s understanding of business goals.

    28% of business leaders are supporters of their IT departments.

    A well devised IT steering committee ensures that core business partners are involved in critical decision making and that decisions are based on business goals – not who shouts the loudest. Leading to faster decision-making time, and better-quality decisions and outcomes.

    Source: Info-Tech CIO/CEO Alignment data

    Despite the benefits, 9 out of 10 steering committees are unsuccessful

    WHY DO IT STEERING COMMITTEES FAIL?

    1. A lack of appetite for an IT steering committee from business partners
    2. An effective ITSC requires participation from core members of the organization’s leadership team. The challenge is that most business partners don’t understand the benefits of an ITSC and the responsibilities aren’t tailored to participants’ needs or interests. It’s the CIOs responsibility to make this case to stakeholders and right-size the committee responsibilities and membership.
    3. IT steering committees are given inappropriate responsibilities
    4. The IT steering committee is fundamentally about decision making; it’s not a working committee. CIOs struggle with clarifying these responsibilities on two fronts: either the responsibilities are too vague and there is no clear way to execute on them within a meeting, or responsibilities are too tactical and require knowledge that participants do not have. Responsibilities should determine who is on the ITSC, not the other way around.
    5. Lack of process around execution
    6. An ITSC is only valuable if members are able to successfully execute on the responsibilities. Without well defined processes it becomes nearly impossible for the ITSC to be actionable. As a result, participants lack the information they need to make critical decisions, agendas are unmet, and meetings are seen as a waste of time.

    GOVERNANCE and ITSC and IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    RELATIONSHIP BETWEEN STRATEGIC, TACTICAL, AND OPERATIONAL GROUPS

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT steering committee. For more information on IT governance see Info-Tech’s blueprint Tailor an IT Governance Plan to Fit Organizational Needs.

    1. Governance of the IT Portfolio & Investments: ensures that funding and resources are systematically allocated to the priority projects that deliver value
    2. Governance of Projects: ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.
    3. Governance of Risks: ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.
    4. Governance of Services: ensures that IT delivers the required services at the acceptable performance levels.
    5. Governance of Information and Data: ensures the appropriate classification and retention of data based on business need.

    If these symptoms resonate with you, it might be time to invest in building an IT steering committee

    SIGNS YOU MAY NEED TO BUILD AN IT STEERING COMMITTEE

    As CIO I find that there is a lack of alignment between business and IT strategies.
    I’ve noticed that projects are thrown over the fence by stakeholders and IT is expected to comply.
    I’ve noticed that IT projects are not meeting target project metrics.
    I’ve struggled with a lack of accountability for decision making, especially by the business.
    I’ve noticed that the business does not understand the full cost of initiatives and projects.
    I don’t have the authority to say “no” when business requests come our way.
    We lack a standardized approach for prioritizing projects.
    IT has a bad reputation within the organization, and I need a way to improve relationships.
    Business partners are unaware of how decisions are made around IT risks.
    Business partners don’t understand the full scope of IT responsibilities.
    There are no SLAs in place and no way to measure stakeholder satisfaction with IT.

    Info-Tech’s approach to implementing an IT steering committee

    Info-Tech’s IT steering committee development blueprint will provide you with the required tools, templates, and deliverables to implement a right-sized committee that’s effective the first time.

    • Measure your business partner level of awareness and interest in the five IT governance areas, and target specific responsibilities for your steering committee based on need.
    • Customize Info-Tech’s IT Steering Committee Charter Template to define and document the steering committee purpose, responsibilities, participation, and cadence.
    • Build critical steering committee processes to enable information to flow into and out of the committee to ensure that the committee is able to execute on responsibilities.
    • Customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to make your first meeting a breeze, providing stakeholders with the information they need, with less than two hours of preparation time.
    • Leverage our workshop guide and prioritization tools to facilitate a meeting with IT steering committee members to define the prioritization criteria for projects and investments and roll out a streamlined process.

    Info-Tech’s Four-Phase Process

    Key Deliverables:
    1 2 3 4
    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter
      • Purpose
      • Responsibilities
      • RACI
      • Procedures
    • IT Steering Committee SIPOC (Suppliers, Inputs, Process, Outputs, Customers)
    • Defined process frequency
    • Defined governance metrics
    • IT Steering Committee Stakeholder Presentation template
      • Introduction
      • Survey outcomes
      • Responsibilities
      • Next steps
      • ITSC goals
    • IT project prioritization facilitation guide
    • IT Steering Committee Project Prioritization Tool
    • Project Intake Form

    Leverage both COBIT and Info-Tech-defined metrics to evaluate the success of your program or project

    COBIT METRICS Alignment
    • Percent of enterprise strategic goals and requirements supported by strategic goals.
    • Level of stakeholder satisfaction with scope of the planned portfolio of programs and services.
    Accountability
    • Percent of executive management roles with clearly defined accountabilities for IT decisions.
    • Rate of execution of executive IT-related decisions.
    Value Generation
    • Level of stakeholder satisfaction and perceived value.
    • Number of business disruptions due to IT service incidents.
    INFO-TECH METRICS Survey Metrics:
    • Percent of business leaders who believe they understand how decisions are made in the five governance areas.
    • Percentage of business leaders who believe decision making involved the right people.
    Value of Customizable Deliverables:
    • Estimated time to build IT steering committee charter independently X cost of employee
    • Estimated time to build and generate customer stakeholder survey and generate reports X cost of employee
    • # of project interruptions due to new or unplanned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    Situation

    A newly hired CIO at a large consumer goods company inherited an IT department with low maturity from her predecessor. Satisfaction with IT was very low across all business units, and IT faced a lot of capacity constraints. The business saw IT as a bottleneck or red tape in terms of getting their projects approved and completed.

    The previous CIO had established a steering committee for a short time, but it had a poorly established charter that did not involve all of the business units. Also the role and responsibilities of the steering committee were not clearly defined. This led the committee to be bogged down in politics.

    Due to the previous issues, the business was wary of being involved in a new steering committee. In order to establish a new steering committee, the new CIO needed to navigate the bad reputation of the previous CIO.

    Solution

    The CIO established a new steering committee engaging senior members of each business unit. The roles of the committee members were clearly established in the new steering committee charter and business stakeholders were informed of the changes through presentations.

    The importance of the committee was demonstrated through the new intake and prioritization process for projects. Business stakeholders were impressed with the new process and its transparency and IT was no longer seen as a bottleneck.

    Results

    • Satisfaction with IT increased by 12% after establishing the committee and IT was no longer seen as red tape for completing projects
    • IT received approval to hire two more staff members to increase capacity
    • IT was able to augment service levels, allowing them to reinvest in innovative projects
    • Project prioritization process was streamlined

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Establish an Effective IT Steering Committee

    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    Best-Practice Toolkit

    1.1 Survey Your Steering Committee Stakeholders

    1.2 Build Your ITSC Charter

    2.1 Build a SIPOC

    2.2 Define Your ITSC Process

    3.1 Customize the Stakeholder Presentation

    4.1 Establish your Prioritization Criteria

    4.2 Customize the Project Prioritization Tool

    4.3 Pilot Test Your New Prioritization Criteria

    Guided Implementations
    • Launch your stakeholder survey
    • Analyze the results of the survey
    • Build your new ITSC charter
    • Review your completed charter
    • Build and review your SIPOC
    • Review your high-level steering committee processes
    • Customize the presentation
    • Build a script for the presentation
    • Practice the presentation
    • Review and select prioritization criteria
    • Review the Project Prioritization Tool
    • Review the results of the tool pilot test
    Onsite Workshop

    Module 1:

    Build a New ITSC Charter

    Module 2:

    Design Steering Committee Processes

    Module 3:

    Present the New Steering Committee to Stakeholders

    Module 4:

    Establish Project Prioritization Criteria

    Phase 1 Results:
    • Customized ITSC charter

    Phase 2 Results:

    • Completed SIPOC and steering committee processes
    Phase 3 Results:
    • Customized presentation deck and script
    Phase 4 Results:
    • Customized project prioritization tool

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Build the IT Steering Committee

    1.1 Launch stakeholder survey for business leaders

    1.2 Analyze results with an Info-Tech Advisor

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach

    Define the ITSC Goals

    2.1 Review the role of the IT steering committee

    2.2 Identify IT steering committee goals and objectives

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC 2.5 Define ITSC participation

    Define the ITSC Charter

    3.1 Build IT steering committee participant RACI

    3.2 Define your responsibility cadence and agendas

    3.3 Develop IT steering committee procedures

    3.4 Define your IT steering committee purpose statement and goals

    Define the ITSC Process

    4.1 Define your high-level IT steering committee processes

    4.2 Conduct scenario testing on key processes, establish ITSC metrics

    4.3 Build your ITSC stakeholder presentation

    4.4 Manage potential objections

    Define Project Prioritization Criteria

    5.1 Create prioritization criteria

    5.2 Customize the Project Prioritization Tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Deliverables
    1. Report on business leader governance priorities and awareness
    2. Refined workshop agenda
    1. IT steering committee priorities identified
    2. IT steering committee key responsibilities and participants identified
    1. IT steering committee charter: procedures, agenda, and RACI
    2. Defined purpose statement and goals
    1. IT steering committee SIPOC maps
    2. Refined stakeholder presentation
    1. Project Prioritization Tool
    2. Action plan

    Phase 1

    Build the IT Steering Committee Charter

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Formalize the Security Policy Program

    Proposed Time to Completion: 1-2 weeks

    Select Your ITSC Members

    Start with an analyst kick-off call:

    • Launch your stakeholder survey

    Then complete these activities…

    • Tailor the survey questions
    • Identify participants and tailor email templates

    With these tools & templates:

    • ITSC Stakeholder Survey
    • ITSC Charter Template

    Review Stakeholder Survey Results

    Review findings with analyst:

    • Review the results of the Stakeholder Survey

    Then complete these activities…

    • Customize the ITSC Charter Template

    With these tools & templates:

    • ITSC Charter Template

    Finalize the ITSC Charter

    Finalize phase deliverable:

    • Review the finalized ITSC charter with an Info-Tech analyst

    Then complete these activities…

    • Finalize any changes to the ITSC Charter
    • Present it to ITSC Members

    With these tools & templates:

    • ITSC Charter Template

    Build the IT Steering Committee Charter

    This step will walk you through the following activities:

    • Launch and analyze the stakeholder survey
    • Define your ITSC goals and purpose statement
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Be exclusive with your IT steering committee membership. Determine committee participation based on committee responsibilities. Select only those who are key decision makers for the activities the committee is responsible for and, wherever possible, keep membership to 5-8 people.

    Tailor Info-Tech’s IT Steering Committee Charter Template to define terms of reference for the ITSC

    1.1

    A charter is the organizational mandate that outlines the purpose, scope, and authority of the ITSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.

    Start by reviewing Info-Tech’s template. Throughout this section we will help you to tailor its contents.

    Committee Purpose: The rationale, benefits of, and overall function of the committee.

    Responsibilities: What tasks/decisions the accountable committee is making.

    Participation: Who is on the committee

    RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.

    Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with business units.

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Charter Template.">

    IT Steering Committee Charter

    Take a data-driven approach to build your IT steering committee based on business priorities

    1.2

    Leverage Info-Tech’s IT Steering Committee Stakeholder Surveyand reports to quickly identify business priorities and level of understanding of how decisions are made around the five governance areas.

    Use these insights to drive the IT steering committee responsibilities, participation, and communication strategy.

    The Stakeholder Survey consists of 17 questions on:

    • Priority governance areas
    • Desired level of involvement in decision making in the five governance areas
    • Knowledge of how decisions are made
    • Five open-ended questions on improvement opportunities

    To simplify your data collection and reporting, Info-Tech can launch a web-based survey, compile the report data and assist in the data interpretation through one of our guided implementations.

    Also included is a Word document with recommended questions, if you prefer to manage the survey logistics internally.

    A screenshot of Info-Tech's first page of the <em data-verified=IT Steering Committee Stakeholder Survey "> A screenshot of Info-Tech's survey.

    Leverage governance reports to define responsibilities and participants, and in your presentation to stakeholders

    1.3

    A screenshot is displayed. It advises that 72% of stakeholders do <strong data-verified= understand how decisions around IT services are made (quality, availability, etc.). Two graphs are included in the screenshot. One of the bar graphs shows the satisfaction with the quality of decisions and transparency around IT services. The other bar graph displays IT decisions around service delivery and quality that involve the right people.">

    OVERALL PRIORITIES

    You get:

    • A clear breakdown of stakeholders’ level of understanding on how IT decisions are made in the five governance areas
    • Stakeholder perceptions on the level of IT and business involvement in decision making
    • Identification of priority areas

    So you can:

    • Get an overall pulse check for understanding
    • Make the case for changes in decision-making accountability
    • Identify which areas the IT steering committee should focus on
    A screenshot is displayed. It advises that 80% of stakeholders do <strong data-verified=not understand how decisions around IT investments or project and service resourcing are made. Two bar graphs are displayed. One of the bar graphs shows the satisfaction with the quality of decisions made around IT investments. The other graph display IT decisions around spending priorities involving the right people.">

    GOVERNANCE AREA REPORTS

    You get:

    • Satisfaction score for decision quality in each governance area
    • Breakdown of decision-making accountability effectiveness
    • Identified level of understanding around decision making
    • Open-ended comments

    So you can:

    • Identify the highest priority areas to change.
    • To validate changes in decision-making accountability
    • To understand business perspectives on decision making.

    Conduct a SWOT analysis of the five governance areas

    1.4

    1. Hold a meeting with your IT leadership team to conduct a SWOT analysis on each of the five governance areas. Start by printing off the following five slides to provide participants with examples of the role of governance and the symptoms of poor governance in each area.
    2. In groups of 1-2 people, have each group complete a SWOT analysis for one of the governance areas. For each consider:
    • Strengths: What is currently working well in this area?
    • Weaknesses: What could you improve? What are some of the challenges you’re experiencing?
    • Opportunities: What are some organizational trends that you can leverage? Consider whether your strengths or weaknesses that could create opportunities?
    • Threats: What are some key obstacles across people, process, and technology?
  • Have each team or individual rotate until each person has contributed to each SWOT. Add comments from the stakeholder survey to the SWOT.
  • As a group rank each of the five areas in terms of importance for a phase one IT steering committee implementation, and highlight the top 10 challenges, and the top 10 opportunities you see for improvement.
  • Document the top 10 lists for use in the stakeholder presentation.
  • INPUT

    • Survey outcomes
    • Governance overview handouts

    OUTPUT

    • SWOT analysis
    • Ranked 5 areas
    • Top 10 challenges and opportunities identified.

    Materials

    • Governance handouts
    • Flip chart paper, pens

    Participants

    • IT leadership team

    Governance of RISK

    Governance of risk establishes the risk framework, establishes policies and standards, and monitors risks.

    Governance of risk ensures that IT is mitigating all relevant risks associated with IT investments, projects, and services.

    GOVERNANCE ROLES:

    1. Defines responsibility and accountability for IT risk identification and mitigation.
    2. Ensures the consideration of all elements of IT risk, including value, change, availability, security, project, and recovery
    3. Enables senior management to make better IT decisions based on the evaluation of the risks involved
    4. Facilitates the identification and analysis of IT risk and ensures the organization’s informed response to that risk.

    Symptoms of poor governance of risk

    • Opportunities for value creation are missed by not considering or assessing IT risk, or by completely avoiding all risk.
    • No formal risk management process or accountabilities exist.
    • There is no business continuity strategy.
    • Frequent security breaches occur.
    • System downtime occurs due to failed IT changes.

    Governance of PPM

    Governance of the IT portfolio achieves optimum ROI through prioritization, funding, and resourcing.

    PPM practices create value if they maximize the throughput of high-value IT projects at the lowest possible cost. They destroy value when they foster needlessly sophisticated and costly processes.

    GOVERNANCE ROLES:

    1. Ensures that the projects that deliver greater business value get a higher priority.
    2. Provides adequate funding for the priority projects and ensures adequate resourcing and funding balanced across the entire portfolio of projects.
    3. Makes the business and IT jointly accountable for setting project priorities.
    4. Evaluate, direct, and monitor IT value metrics and endorse the IT strategy and monitor progress.

    Symptoms of poor governance of PPM/investments

    • The IT investment mix is determined solely by Finance and IT.
    • It is difficult to get important projects approved.
    • Projects are started then halted, and resources are moved to other projects.
    • Senior management has no idea what projects are in the backlog.
    • Projects are approved without a valid business case.

    Governance of PROJECTS

    Governance of projects improves the quality and speed of decision making for project issues.

    Don’t confuse project governance and management. Governance makes the decisions regarding allocation of funding and resources and reviews the overall project portfolio metrics and process methodology.

    Management ensures the project deliverables are completed within the constraints of time, budget, scope, and quality.

    GOVERNANCE ROLES:

    1. Monitors and evaluates the project management process and critical project methodology metrics.
    2. Ensures review and mitigation of project issue and that management is aware of projects in crisis.
    3. Ensures that projects beginning to show characteristics of failure cannot proceed until issues are resolved.
    4. Endorses the project risk criteria, and monitors major risks to project completion.
    5. Approves the launch and execution of projects.

    Symptoms of poor governance of projects

    • Projects frequently fail or get cancelled.
    • Project risks and issues are not identified or addressed.
    • There is no formal project management process.
    • There is no senior stakeholder responsible for making project decisions.
    • There is no formal project reporting.

    Governance of SERVICES

    Governance of services ensures delivery of a highly reliable set of IT services.

    Effective governance of services enables the business to achieve the organization’s goals and strategies through the provision of reliable and cost-effective services.

    GOVERNANCE ROLES:

    1. Ensures the satisfactory performance of those services critical to achieving business objectives.
    2. Monitors and directs changes in service levels.
    3. Ensures operational and performance objectives for IT services are met.
    4. Approves policy and standards on the service portfolio.

    Symptoms of poor governance of service

    • There is a misalignment of business needs and expectations with IT capability.
    • No metrics are reported for IT services.
    • The business is unaware of the IT services available to them.
    • There is no accountability for service level performance.
    • There is no continuous improvement plan for IT services.
    • IT services or systems are frequently unavailable.
    • Business satisfaction with IT scores are low.

    Governance of INFORMATION

    Governance of information ensures the proper handling of data and information.

    Effective governance of information ensures the appropriate classification, retention, confidentiality, integrity, and availability of data in line with the needs of the business.

    GOVERNANCE ROLES:

    1. Ensures the information lifecycle owner and process are defined and endorse by business leadership.
    2. Ensures the controlled access to a comprehensive information management system.
    3. Ensures knowledge, information, and data are gathered, analyzed, stored, shared, used, and maintained.
    4. Ensures that external regulations are identified and met.

    Symptoms of poor governance of information

    • There is a lack of clarity around data ownership, and data quality standards.
    • There is insufficient understanding of what knowledge, information, and data are needed by the organization.
    • There is too much effort spent on knowledge capture as opposed to knowledge transfer and re-use.
    • There is too much focus on storing and sharing knowledge and information that is not up to date or relevant.
    • Personnel see information management as interfering with their work.

    Identify the responsibilities of the IT steering committee

    1.5

    1. With your IT leadership team, review the typical responsibilities of the IT steering committee on the following slide.
    2. Print off the following slide, and in your teams of 1-2 have each group identify which responsibilities they believe the IT steering committee should have, brainstorm any additional responsibilities, and document their reasoning.
    3. Note: The bolded responsibilities are the ones that are most common to IT steering committees, and greyed out responsibilities are typical of a larger governance structure. Depending on their level of importance to your organization, you may choose to include the responsibility.

    4. Have each team present to the larger group, track the similarities and differences between each of the groups, and come to consensus on the list of responsibilities.
    5. Complete a sanity check – review your swot analysis and survey results. Do the responsibilities you’ve identified resolve the critical challenges or weaknesses?
    6. As a group, consider the responsibilities and consider whether you can reasonably implement those in one year, or if there are any that will need to wait until year two of the IT steering committee.
    7. Modify the list of responsibilities in Info-Tech’s IT Steering Committee Charter by deleting the responsibilities you do not need and adding any that you identified in the process.

    INPUT

    • SWOT analysis
    • Survey reports

    OUTPUT

    • Defined ITSC responsibilities documented in the ITSC Charter

    Materials

    • Responsibilities handout
    • Voting dots

    Participants

    • IT leadership team

    Typical IT steering committee and governance responsibilities

    The bolded responsibilities are those that are most common to IT steering committees, and responsibilities listed in grey are typical of a larger governance structure.

    INVESTMENTS / PPM

    • Establish the target investment mix
    • Evaluate and select programs/projects to fund
    • Monitor IT value metrics
    • Endorse the IT budget
    • Monitor and report on program/project outcomes
    • Direct the governance optimization
    • Endorse the IT strategy

    PROJECTS

    • Monitor project management metrics
    • Approve launch of projects
    • Review major obstacles to project completion
    • Monitor a standard approach to project management
    • Monitor and direct project risk
    • Monitor requirements gathering process effectiveness
    • Review feasibility studies and formulate alternative solutions for high risk/high investment projects

    SERVICE

    • Monitor stakeholder satisfaction with services
    • Monitor service metrics
    • Approve plans for new or changed service requirements
    • Monitor and direct changes in service levels
    • Endorse the enterprise architecture
    • Approve policy and standards on the service portfolio
    • Monitor performance and capacity

    RISK

    • Monitor risk management metrics
    • Review the prioritized list of risks
    • Monitor changes in external regulations
    • Maintain risk profiles
    • Approve the risk management emergency action process
    • Maintain a mitigation plan to minimize risk impact and likelihood
    • Evaluate risk management
    • Direct risk management

    INFORMATION / DATA

    • Define information lifecycle process ownership
    • Monitor information lifecycle metrics
    • Define and monitor information risk
    • Approve classification categories of information
    • Approve information lifecycle process
    • Set policies on retirement of information

    Determine committee membership based on the committee’s responsibilities

    • One of the biggest benefits to an IT steering committee is it involves key leadership from the various lines of business across the organization.
    • However, in most cases, more people get involved than is required, and all the committee ends up accomplishing is a lot of theorizing. Participants should be selected based on the identified responsibilities of the IT steering committee.
    • If the responsibilities don’t match the participants, this will negatively impact committee effectiveness as leaders become disengaged in the process and don’t feel like it applies to them or accomplishes the desired goals. Once participants begin dissenting, it’s significantly more difficult to get results.
    • Be careful! When you have more than one individual in a specific role, select only the people whose attendance is absolutely critical. Don’t let your governance collapse under committee overload!

    LIKELY PARTICIPANT EXAMPLES:

    MUNICIPALITY

    • City Manager
    • CIO/IT Leader
    • CCO
    • CFO
    • Division Heads

    EDUCATION

    • Provost
    • Vice Provost
    • VP Academic
    • VP Research
    • VP Public Affairs
    • VP Operations
    • VP Development
    • Etc.

    HEALTHCARE

    • President/CEO
    • CAO
    • EVP/ EDOs
    • VPs
    • CIO
    • CMO

    PRIVATE ORGANIZATIONS

    • CEO
    • CFO
    • COO
    • VP Marketing
    • VP Sales
    • VP HR
    • VP Product Development
    • VP Engineering
    • Etc.

    Identify committee participants and responsibility cadence

    1.6

    1. In a meeting with your IT leadership team, review the list of committee responsibilities and document them on a whiteboard.
    2. For each responsibility, identify the individuals whom you would want to be either responsible or accountable for that decision.
    3. Repeat this until you’ve completed the exercise for each responsibility.
    4. Group the responsibilities with the same participants and highlight groupings with less than four participants. Consider the responsibility and determine whether you need to change the wording to make it more applicable or if you should remove the responsibility.
    5. Review the grouping, the responsibilities within them, and their participants, and assess how frequently you would like to meet about them – annually, quarterly, or monthly. (Note: suggested frequency can be found in the IT Steering Committee Charter.)
    6. Subdivide the responsibilities for the groupings to determine your annual, quarterly, and monthly meeting schedule.
    7. Validate that one steering committee is all that is needed, or divide the responsibilities into multiple committees.
    8. Document the committee participants in the IT Steering Committee Charter and remove any unneeded responsibilities identified in the previous exercise.

    INPUT

    • List of responsibilities

    OUTPUT

    • ITSC participants list
    • Meeting schedule

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    Committees can only be effective if they have clear and documented authority

    It is not enough to participate in committee meetings; there needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the committee.

    Each committee responsibility should have one person who is accountable, and at least one person who is responsible. This is the best way to ensure that committee work gets done.

    An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities. Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity. In this model, accountable means end-to-end accountability for the process.

    RESPONSIBLE: The one responsible for getting the job done.

    ACCOUNTABLE: Only one person can be accountable for each task.

    CONSULTED: Involvement through input of knowledge and information.

    INFORMED: Receiving information about process execution and quality.

    A chart is depicted to show an example of the authority matrix using the RACI model.

    Define IT steering committee participant RACI for each of the responsibilities

    1.7

    1. Use the table provided in the IT Steering Committee Charter and edit he list of responsibilities to reflect the chosen responsibilities of your ITSC.
    2. Along the top of the chart list the participant names, and in the right hand column of the table document the agreed upon timing from the previous exercise.
    3. For each of the responsibilities identify whether participants are Responsible, Accountable, Consulted, or Informed by denoting an R, A, C, I, or N/A in the table. Use N/A if this is a responsibility that the participant has no involvement in.
    4. Review your finalized RACI chart. If there are participants who are only consulted or informed about the majority of responsibilities, consider removing them from the IT steering committee. You only want the decision makers on the committee.

    INPUT

    • Responsibilities
    • Participants

    OUTPUT

    • RACI documented in the ITSC Charter

    Materials

    • ITSC RACI template
    • Projector

    Participants

    • IT leadership

    Building the agenda may seem trivial, but it is key for running effective meetings

    49% of people consider unfocused meetings as the biggest workplace time waster.*

    63% of the time meetings do not have prepared agendas.*

    80% Reduction of time spent in meetings by following a detailed agenda and starting on time.*

    *(Source: http://visual.ly/fail-plan-plan-fail).

    EFFECTIVE MEETING AGENDAS:

    1. Have clearly defined meeting objectives.
    2. Effectively time-boxed based on priority items.
    3. Defined at least two weeks prior to the meetings.
    4. Evaluated regularly – are not static.
    5. Leave time at the end for new business, thus minimizing interruptions.

    BUILDING A CONSENT AGENDA

    A consent agenda is a tool to free up time at meetings by combining previously discussed or simple items into a single item. Items that can be added to the consent agenda are those that are routine, noncontroversial, or provided for information’s sake only. It is expected that participants read this information and, if it is not pulled out, that they are in agreement with the details.

    Members have the option to pull items out of the consent agenda for discussion if they have questions. Otherwise these are given no time on the agenda.

    Define the IT steering committee meeting agendas and procedures

    1.8

    Agendas

    1. Review the listed responsibilities, participants, and timing as identified in a previous exercise.
    2. Annual meeting: Identify if all of the responsibilities will be included in the annual meeting agenda (likely all governance responsibilities).
    3. Quarterly Meeting Agenda: Remove the meeting responsibilities from the annual meeting agenda that are not required and create a list of responsibilities for the quarterly meetings.
    4. Monthly Meeting Agenda: Remove all responsibilities from the list that are only annual or quarterly and compile a list of monthly meeting responsibilities.
    5. Review each responsibility, and estimate the amount of time each task will take within the meeting. We recommend giving yourself at least an extra 10-20% more time for each agenda item for your first meeting. It’s better to have more time than to run out.
    6. Complete the Agenda Template in the IT Steering Committee Charter.

    Procedures:

    1. Review the list of IT steering committee procedures, and replace the grey text with the information appropriate for your organization.

    INPUT

    • Responsibility cadence

    OUTPUT

    • ITSC annual, quarterly, monthly meeting agendas & procedures

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    Draft your IT steering committee purpose statement and goals

    1.9

    1. In a meeting with your IT leadership team – and considering the defined responsibilities, participants, and opportunities and threats identified – review the example goal statement in the IT Steering Committee Charter, and first identify whether any of these statements apply to your organization. Select the statements that apply and collaboratively make any changes needed.
    2. Define unique goal statements by considering the following questions:
      1. What three things would you realistically list for the ITSC to achieve.
      2. If you were to accomplish three things in the next year, what would those be?
    3. Document those goals in the IT Steering Committee Charter.
    4. With those goal statements in mind, consider the overall purpose of the committee. The purpose statement should be a reflection of what the committee does, why it does it, and the goals.
    5. Have each individual review the example purpose statement, and draft what they think a good purpose statement would be.
    6. Present each statement, and work together to determine a best of breed statement.
    7. Document this in the IT Steering Committee Charter.

    INPUT

    • Responsibilities, participants, top 10 lists of challenges and opportunities.

    OUTPUT

    • ITSC goals and purpose statement

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    CASE STUDY

    "Clearly defined Committee Charter allows CIO to escape the bad reputation of previous committee."

    Industry: Consumer Goods

    Source: Interview

    CHALLENGE

    The new CIO at a large consumer goods company had difficulty generating interest in creating a new IT steering committee. The previous CIO had created a steering committee that was poorly organized and did not involve all of the pertinent members. This led to a committee focused on politics that would often devolve into gossip. Also, many members were dissatisfied with the irregular meetings that would often go over their allotted time.

    In order to create a new committee, the new CIO needed to dispel the misgivings of the business leadership.

    SOLUTION

    The new CIO decided to build the new steering committee from the ground up in a systematic way.

    She collected information from relevant stakeholders about what they know/how they feel about IT and used this information to build a detailed charter.

    Using this info she outlined the new steering committee charter and included in it the:

    1. Purpose
    2. Responsibilities
    3. RACI Chart
    4. Procedures

    OUTCOME

    The new steering committee included all the key members of business units, and each member was clear on their roles in the meetings. Meetings were streamlined and effective. The adjustments in the charter and the improvement in meeting quality played a role in improving the satisfaction scores of business leaders with IT by 21%.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is displayed. 1.1 is about surveying your ITSC stakeholders.

    Survey your ITSC stakeholders

    Prior to the workshop, Info-Tech’s advisors will work with you to launch the IT Steering Committee Stakeholder Survey to understand business priorities and level of understanding of how decisions are made. Using this data, we will create the IT steering committee responsibilities, participation, and communication strategy.

    1.7

    A screenshot of activity 1.7 is displayed. 1.7 is about defining a participant RACI for each of the responsibilities.

    Define a participant RACI for each of the responsibilities

    The analyst will facilitate several exercises to help you and your stakeholders create an authority matrix. The output will be defined responsibilities and authorities for members.

    Phase 2

    Build the IT Steering Committee Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define your ITSC Processes
    Proposed Time to Completion: 2 weeks

    Review SIPOCs and Process Creation

    Start with an analyst kick-off call:

    • Review the purpose of the SIPOC and how to build one

    Then complete these activities…

    • Build a draft SIPOC for your organization

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize the SIPOC

    Review Draft SIPOC:

    • Review and make changes to the SIPOC
    • Discuss potential metrics

    Then complete these activities…

    • Test survey link
    • Info-Tech launches survey

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize Metrics

    Finalize phase deliverable:

    • Finalize metrics

    Then complete these activities…

    • Establish ITSC metric triggers

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Build the IT Steering Committee Process

    This step will walk you through the following activities:

    • Define high-level steering committee processes using SIPOC
    • Select steering committee metrics

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Building high-level IT steering committee processes brings your committee to life. Having a clear process will ensure that you have the right information from the right sources so that committees can operate and deliver the appropriate output to the customers who need it.

    Build your high-level IT steering committee processes to enable committee functionality

    The IT steering committee is only valuable if members are able to successfully execute on responsibilities.

    One of the most common mistakes organizations make is that they build their committee charters and launch into their first meeting. Without defined inputs and outputs, a committee does not have the needed information to be able to effectively execute on responsibilities and is unable to meet its stated goals.

    The arrows in this picture represent the flow of information between the IT steering committee, other committees, and IT management.

    Building high-level processes will define how that information flows within and between committees and will enable more rapid decision making. Participants will have the information they need to be confident in their decisions.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    Define the high-level process for each of the IT steering committee responsibilities

    Info-Tech recommends using SIPOC as a way of defining how the IT steering committee will operate.

    Derived from the core methodologies of Six Sigma process management, SIPOC – a model of Suppliers, Inputs, Processes, Outputs, Customers – is one of several tools that organizations can use to build high level processes. SIPOC is especially effective when determining process scope and boundaries and to gain consensus on a process.

    By doing so you’ll ensure that:

    1. Information and documentation required to complete each responsibility is identified.
    2. That the results of committee meetings are distributed to those customers who need the information.
    3. Inputs and outputs are identified and that there is defined accountability for providing these.

    Remember: Your IT steering committee is not a working committee. Enable effective decision making by ensuring participants have the necessary information and appropriate recommendations from key stakeholders to make decisions.

    Supplier Input
    Who provides the inputs to the governance responsibility. The documented information, data, or policy required to effectively respond to the responsibility.
    Process
    In this case this represents the IT steering committee responsibility defined in terms of the activity the ITSC is performing.
    Output Customer
    The outcome of the meeting: can be approval, rejection, recommendation, request for additional information, endorsement, etc. Receiver of the outputs from the committee responsibility.

    Define your SIPOC model for each of the IT steering committee responsibilities

    2.1

    1. In a meeting with your IT leadership, draw the SIPOC model on a whiteboard or flip-chart paper. Either review the examples on the following slides or start from scratch.
    2. If you are adjusting the following slides, consider the templates you already have which would be appropriate inputs and make adjustments as needed.

    For atypical responsibilities:

    1. Start with the governance responsibility and identify what specifically it is that the IT steering committee is doing with regards to that responsibility. Write that in the center of the model.
    2. As a group, consider what information or documentation would be required by the participants to effectively execute on the responsibility.
    3. Identify which individual will supply each piece of documentation. This person will be accountable for this moving forward.
    4. Outputs: Once the committee has met about the responsibility, what information or documentation will be produced. List all of those documents.
    5. Identify the individuals who need to receive the outputs of the information.
    6. Repeat this for all of the responsibilities.
    7. Once complete, document the SIPOC models in the IT Steering Committee Charter.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities.

    Materials

    • Whiteboard
    • Markers
    • ITSC Charter

    Participants

    • IT leadership team

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Establish the target investment mix
    Supplier Input
    CIO
    • Target investment mix and rationale
    Process
    Responsibility: The IT steering committee shall review and approve the target investment mix.
    Output Customer
    • Approval of target investment mix
    • Rejection of target investment mix
    • Request for additional information
    • CFO
    • CIO
    • IT leadership
    SIPOC: Endorse the IT budget
    Supplier Input
    CIO
    • Recommendations

    See Info-Tech’s blueprint IT Budget Presentation

    Process

    Responsibility: Review the proposed IT budget as defined by the CIO and CFO.

    Output Customer
    • Signed endorsement of the IT budget
    • Request for additional information
    • Recommendation for changes to the IT budget.
    • CFO
    • CIO
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor IT value metrics
    Supplier Input
    CIO
    • IT value dashboard
    • Key metric takeaways
    • Recommendations
    CIO Business Vision
    Process

    Responsibility: Review recommendations and either accept or reject recommendations. Refine go-forward metrics.

    Output Customer
    • Launch corrective task force
    • Accept recommendations
    • Define target metrics
    • CEO
    • CFO
    • Business executives
    • CIO
    • IT leadership
    SIPOC: Evaluate and select programs/projects to fund
    Supplier Input
    PMO
    • Recommended project list
    • Project intake documents
    • Prioritization criteria
    • Capacity metrics
    • IT budget

    See Info-Tech’s blueprint

    Grow Your Own PPM Solution
    Process

    Responsibility: The ITSC will approve the list of projects to fund based on defined prioritization criteria – in line with capacity and IT budget.

    It is also responsible for identifying the prioritization criteria in line with organizational priorities.

    Output Customer
    • Approved project list
    • Request for additional information
    • Recommendation for increased resources
    • PMO
    • CIO
    • Project sponsors

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Endorse the IT strategy
    Supplier Input
    CIO
    • IT strategy presentation

    See Info-Tech’s blueprint

    IT Strategy and Roadmap
    Process

    Responsibility: Review, understand, and endorse the IT strategy.

    Output Customer
    • Signed endorsement of the IT strategy
    • Recommendations for adjustments
    • CEO
    • CFO
    • Business executives
    • IT leadership
    SIPOC: Monitor project management metrics
    Supplier Input
    PMO
    • Project metrics report with recommendations
    Process

    Responsibility: Review recommendations around PM metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept project metrics performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • PMO
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve launch of planned and unplanned project
    Supplier Input
    CIO
    • Project list and recommendations
    • Resourcing report
    • Project intake document

    See Info-Tech’s Blueprint:

    Grow Your Own PPM Solution
    Process

    Responsibility: Review the list of projects and approve the launch or reprioritization of projects.

    Output Customer
    • Approved launch of projects
    • Recommendations for changes to project list
    • CFO
    • CIO
    • IT leadership
    SIPOC: Monitor stakeholder satisfaction with services and other service metrics
    Supplier Input
    Service Manager
    • Service metrics report with recommendations
    Info-Tech End User Satisfaction Report
    Process

    Responsibility: Review recommendations around service metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept service level performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • Service manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve plans for new or changed service requirements
    Supplier Input
    Service Manager
    • Service change request
    • Project request and change plan
    Process

    Responsibility: Review IT recommendations, approve changes, and communicate those to staff.

    Output Customer
    • Approved service changes
    • Rejected service changes
    • Service manager
    • Organizational staff
    SIPOC: Monitor risk management metrics
    Supplier Input
    CIO
    • Risk metrics report with recommendations
    Process

    Responsibility: Review recommendations around risk metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Review the prioritized list of risks
    Supplier Input
    Risk Manager
    • Risk register
    • Mitigation strategies
    See Info-Tech’s risk management research to build a holistic risk strategy.
    Process

    Responsibility: Accept the risk registrar and define any additional action required.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • IT leadership
    • CRO
    SIPOC: Define information lifecycle process ownership
    Supplier Input
    CIO
    • List of risk owner options with recommendations
    See Info-Tech’s related blueprint: Information Lifecycle Management
    Process

    Responsibility: Define responsibility and accountability for information lifecycle ownership.

    Output Customer
    • Defined information lifecycle owner
    • Organization wide.

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor information lifecycle metrics
    Supplier Input
    Information lifecycle owner
    • Information metrics report with recommendations
    Process

    Responsibility: Review recommendations around information management metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept information management performance
    • Accept recommendations
    • Launch corrective task force to address challenges
    • Define target metrics
    • IT leadership

    Define which metrics you will report to the IT steering committee

    2.2

    1. Consider your IT steering committee goals and the five IT governance areas.
    2. For each governance area, identify which metrics you are currently tracking and determine whether these metrics are valuable to IT, to the business, or both. For metrics that are valuable to business stakeholders determine whether you have an identified target metric.

    New Metrics:

    1. For each of the five IT governance areas review your SWOT analysis and document your key opportunities and weaknesses.
    2. For each, brainstorm hypotheses around why the opportunity was weak or was a success. For each hypothesis identify if there are any clear ways to measure and test the hypothesis.
    3. Review the list of metrics and select 5-7 metrics to track for each prioritized governance area.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    IT steering committee metric triggers to consider

    RISK

    • Risk profile % increase
    • # of actionable risks outstanding
    • # of issues arising not identified prior
    • # of security breaches

    SERVICE

    • Number of business disruptions due to IT service incidents
    • Number of service requests by department
    • Number of service requests that are actually projects
    • Causes of tickets overall and by department
    • Percentage of duration attributed to waiting for client response

    PROJECTS

    • Projects completed within budget
    • Percentage of projects delivered on time
    • Project completion rate
    • IT completed assigned portion to scope
    • Project status and trend dashboard

    INFORMATION / DATA

    • % of data properly classified
    • # of incidents locating data
    • # of report requests by complexity
    • # of open data sets

    PPM /INVESTMENTS

    • CIO Business Vision (an Info-Tech diagnostic survey that helps align IT strategy with business goals)
    • Level of stakeholder satisfaction and perceived value
    • Percentage of ON vs. OFF cycle projects by area/silo
    • Realized benefit to business units based on investment mix
    • Percent of enterprise strategic goals and requirements supported by strategic goals
    • Target vs. actual budget
    • Reasons for off-cycle projects causing delays to planned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "IT steering committee’s reputation greatly improved by clearly defining its process."

    CHALLENGE

    One of the major failings of the previous steering committee was its poorly drafted procedures. Members of the committee were unclear on the overall process and the meeting schedule was not well established.

    This led to low attendance at the meetings and ineffective meetings overall. Since the meeting procedures weren’t well understood, some members of the leadership team took advantage of this to get their projects pushed through.

    SOLUTION

    The first step the new CIO took was to clearly outline the meeting procedures in her new steering committee charter. The meeting agenda, meeting goals, length of time, and outcomes were outlined, and the stakeholders signed off on their participation.

    She also gave the participants a SIPOC, which helped members who were unfamiliar with the process a high-level overview. It also reacquainted previous members with the process and outlined changes to the previous, out-of-date processes.

    OUTCOME

    The participation rate in the committee meetings improved from the previous rate of approximately 40% to 90%. The committee members were much more satisfied with the new process and felt like their contributions were appreciated more than before.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    An image of an Info-Tech analyst is depicted.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is depicted. Activity 2.1 is about defining a SIPOC for each of the ITSC responsibilities.

    Define a SIPOC for each of the ITSC responsibilities

    Create SIPOCs for each of the governance responsibilities with the help of an Info-Tech advisor.

    2.2

    A screenshot of activity 2.2 is depicted. Activity 2.2 is about establishing the reporting metrics for the ITSC.

    Establish the reporting metrics for the ITSC

    The analyst will facilitate several exercises to help you and your stakeholders define the reporting metrics for the ITSC.

    Phase 3

    Build the Stakeholder Presentation

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Build the Stakeholder Presentation
    Proposed Time to Completion: 1 week

    Customize the Presentation

    Start with an analyst kick-off call:

    • Review the IT Steering Committee Stakeholder Presentation with an analyst

    Then complete these activities…

    • Schedule the first meeting and invite the ITSC members
    • Customize the presentation template

    With these tools & templates:

    IT Steering Committee Stakeholder Presentation


    Review and Practice the Presentation

    Review findings with analyst:

    • Review the changes made to the template
    • Practice the presentation and create a script

    Then complete these activities…

    • Hold the ITSC meeting

    With these tools & templates:

    • IT Steering Committee Stakeholder Presentation
    Review the First ITSC Meeting

    Finalize phase deliverable:

    • Review the outcomes of the first ITSC meeting and plan out the next steps

    Then complete these activities…

    • Review the discussion and plan next steps

    With these tools & templates:

    Establish an Effective IT Steering Committee blueprint

    Build the Stakeholder Presentation

    This step will walk you through the following activities:

    • Organizing the first ITSC meeting
    • Customizing an ITSC stakeholder presentation
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Stakeholder engagement will be critical to your ITSC success, don't just focus on what is changing. Ensure stakeholders know why you are engaging them and how it will help them in their role.

    Hold a kick-off meeting with your IT steering committee members to explain the process, responsibilities, and goals

    3.1

    Don’t take on too much in your first IT steering committee meeting. Many participants may not have participated in an IT steering committee before, or some may have had poor experiences in the past.

    Use this meeting to explain the role of the IT steering committee and why you are implementing one, and help participants to understand their role in the process.

    Quickly customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to explain the goals and benefits of the IT steering committee, and use your own data to make the case for governance.

    At the end of the meeting, ask committee members to sign the committee charter to signify their agreement to participate in the IT steering committee.

    A screenshot of IT Steering Committee: Meeting 1 is depicted. A screenshot of the IT Steering Committee Challenges and Opportunities for the organization.

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 1-5

    3.2 Estimated Time: 10 minutes

    Review the IT Steering Committee Stakeholder Presentation template. This document should be presented at the first IT steering committee meeting by the assigned Committee Chair.

    Customization Options

    Overall: Decide if you would like to change the presentation template. You can change the color scheme easily by copying the slides in the presentation deck and pasting them into your company’s standard template. Once you’ve pasted them in, scan through the slides and make any additional changes needed to formatting.

    Slide 2-3: Review the text on each of the slides and see if any wording should be changed to better suite your organization.

    Slide 4: Review your list of the top 10 challenges and opportunities as defined in section 2 of this blueprint. Document those in the appropriate sections. (Note: be careful that the language is business-facing; challenges and opportunities should be professionally worded.)

    Slide 5: Review the language on slide 5 to make any necessary changes to suite your organization. Changes here should be minimal.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 6-10

    3.2 Estimated Time: 10 minutes

    Customization Options

    Slide 6: The goal of this slide is to document and share the names of the participants on the IT steering committee. Document the names in the right-hand side based on your IT Steering Committee Charter.

    Slides 7-9:

    • Review the agenda items as listed in your IT Steering Committee Charter. Document the annual, quarterly, and monthly meeting responsibilities on the left-hand side of slides 7-9.
    • Meeting Participants: For each slide, list the members who are required for that meeting.
    • Document the key required reading materials as identified in the SIPOC charts under “inputs.”
    • Document the key meeting outcomes as identified in the SIPOC chart under “outputs.”

    Slide 10: Review and understand the rollout timeline. Make any changes needed to the timeline.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Present the information to the IT leadership team to increase your comfort with the material

    3.3 Estimated Time: 1-2 hours

    1. Once you have finished customizing the IT Steering Committee Stakeholder Presentation, practice presenting the material by meeting with your IT leadership team. This will help you become more comfortable with the dialog and anticipate any questions that might arise.
    2. The ITSC chair will present the meeting deck, and all parties should discuss what they think went well and opportunities for improvement.
    3. Each business relationship manager should document the needed changes in preparation for their first meeting.

    INPUT

    • IT Steering Committee Stakeholder Presentation - Meeting 1

    Participants

    • IT leadership team

    Schedule your first meeting of the IT steering committee

    3.4

    By this point, you should have customized the meeting presentation deck and be ready to meet with your IT steering committee participants.

    The meeting should be one hour in duration and completed in person.

    Before holding the meeting, identify who you think is going to be most supportive and who will be least. Consider meeting with those individuals independently prior to the group meeting to elicit support or minimize negative impacts on the meeting.

    Customize this calendar invite script to invite business partners to participate in the meeting.

    Hello [Name],

    As you may have heard, we recently went through an exercise to develop an IT steering committee. I’d like to take some time to discuss the results of this work with you, and discuss ways in which we can work together in the future to better enable corporate goals.

    The goals of the meeting are:

    1. Discuss the benefits of an IT steering committee
    2. Review the results of the organizational survey
    3. Introduce you to our new IT steering committee

    I look forward to starting this discussion with you and working with you more closely in the future.

    Warm regards,

    CASE STUDY

    Industry:Consumer Goods

    Source: Interview

    "CIO gains buy-in from the company by presenting the new committee to its stakeholders."

    CHALLENGE

    Communication was one of the biggest steering committee challenges that the new CIO inherited.

    Members were resistant to joining/rejoining the committee because of its previous failures. When the new CIO was building the steering committee, she surveyed the members on their knowledge of IT as well as what they felt their role in the committee entailed.

    She found that member understanding was lacking and that their knowledge surrounding their roles was very inconsistent.

    SOLUTION

    The CIO dedicated their first steering committee meeting to presenting the results of that survey to align member knowledge.

    She outlined the new charter and discussed the roles of each member, the goals of the committee, and the overarching process.

    OUTCOME

    Members of the new committee were now aligned in terms of the steering committee’s goals. Taking time to thoroughly outline the procedures during the first meeting led to much higher member engagement. It also built accountability within the committee since all members were present and all members had the same level of knowledge surrounding the roles of the ITSC.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of Activity 3.1 is depicted. Activity 3.1 is about creating a presentation for ITSC stakeholders to be presented at the first ITSC meeting.

    Create a presentation for ITSC stakeholders to be presented at the first ITSC meeting

    Work with an Info-Tech advisor to customize our IT Steering Committee Stakeholder Presentation template. Use this presentation to gain stakeholder buy-in by making the case for an ITSC.

    Phase 4

    Define the Prioritization Criteria

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation : Define the Prioritization Criteria
    Proposed Time to Completion: 4 weeks

    Discuss Prioritization Criteria

    Start with an analyst kick-off call:

    • Review sample project prioritization criteria and discuss criteria unique to your organization

    Then complete these activities...

    • Select the criteria that would be most effective for your organization
    • Input these into the tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Customize the IT Steering Committee Project Prioritization Tool

    Review findings with analyst:

    • Review changes made to the tool
    • Finalize criteria weighting

    Then complete these activities…

    • Pilot test the tool using projects from the previous year

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Review Results of the Pilot Test

    Finalize phase deliverable:

    • Review the results of the pilot test
    • Make changes to the tool

    Then complete these activities…

    • Input your current project portfolio into the prioritization tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Define the Project Prioritization Criteria

    This step will walk you through the following activities:

    • Selecting the appropriate project prioritization criteria for your organization
    • Developing weightings for the prioritization criteria
    • Filling in Info-Tech’s IT Steering Committee Project Prioritization Tool

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    The steering committee sets and agrees to principles that guide prioritization decisions. The agreed upon principles will affect business unit expectations and justify the deferral of requests that are low priority. In some cases, we have seen the number of requests drop substantially because business units are reluctant to propose initiatives that do not fit high prioritization criteria.

    Understand the role of the IT steering committee in project prioritization

    One of the key roles of the IT steering committee is to review and prioritize the portfolio of IT projects.

    What is the prioritization based on? Info-Tech recommends selecting four broad criteria with two dimensions under each to evaluate the value of the projects. The criteria are aligned with how the project generates value for the organization and the execution of the project.

    What is the role of the steering committee in prioritizing projects? The steering committee is responsible for reviewing project criteria scores and making decisions about where projects rank on the priority list. Planning, resourcing, and project management are the responsibility of the PMO or the project owner.

    Info-Tech’s Sample Criteria

    Value

    Strategic Alignment: How much a project supports the strategic goals of the organization.

    Customer Satisfaction: The impact of the project on customers and how visible a project will be with customers.

    Operational Alignment: Whether the project will address operational issues or compliance.

    Execution

    Financial: Predicted ROI and cost containment strategies.

    Risk: Involved with not completing projects and strategies to mitigate it.

    Feasibility: How easy the project is to complete and whether staffing resources exist.

    Use Info-Tech’s IT Steering Committee Project Prioritization Tool to catalog and prioritize your project portfolio

    4.1

    • Use Info-Tech’s IT Steering Committee Project Prioritization Tool in conjunction with the following activities to catalog and prioritize all of the current IT projects in your portfolio.
    • Assign weightings to your selected criteria to prioritize projects based on objective scores assigned during the intake process and adjust these weightings on an annual basis to align with changing organizational priorities and goals.
    • Use this tool at steering committee meetings to streamline the prioritization process and create alignment with the PMO and project managers.
    • Monitor ongoing project status and build a communication channel between the PMO and project managers and the IT steering committee.
    • Adjusting the titles in the Settings tab will automatically adjust the titles in the Project Data tab.
    • Note: To customize titles in the document you must unprotect the content under the View tab. Be sure to change the content back to protected after making the changes.
    A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The first page of the tool is shown. A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The page depicted is on the Intake and Prioritization Tool Settings.

    Establish project prioritization criteria and build the matrix

    4.2 Estimated Time: 1 hour

    1. During the second steering committee meeting, discuss the criteria you will be basing your project prioritization scoring on.
    2. Review Info-Tech’s prioritization criteria matrix, located in the Prioritization Criteria List tab of the IT Steering Committee Project Prioritization Tool, to gain ideas for what criteria would best suit your organization.
    3. Write these main criteria on the whiteboard and brainstorm criteria that are more specific for your organization; include these on the list as well.
    4. Discuss the criteria. Eliminate criteria that won’t contribute strongly to the prioritization process and vote on the remaining. Select four main criteria from the list.
    5. After selecting the four main criteria, write these on the whiteboard and brainstorm the dimensions that fall under the criteria. These should be more specific/measurable aspects of the criteria. These will be the statements that values are assigned to for prioritizing projects so they should be clear. Use the Prioritization Criteria List in the tool to help generate ideas.
    6. After creating the dimensions, determine what the scoring statements will be. These are the statements that will be used to determine the score out of 10 that the different dimensions will receive.
    7. Adjust the Settings and Project Data tabs in the IT Steering Committee Project Prioritization Tool to reflect your selections.
    8. Edit Info-Tech’s IT Project Intake Form or the intake form that you currently use to contain these criteria and scoring parameters.

    INPUT

    • Group input
    • IT Steering Committee Project Prioritization Tool

    OUTPUT

    • Project prioritization criteria to be used for current and future projects

    Materials

    • Whiteboard and markers

    Participants

    • IT steering committee
    • CIO
    • IT leadership

    Adjust prioritization criteria weightings to reflect organizational needs

    4.3 Estimated Time: 1 hour

    1. In the second steering committee meeting, after deciding what the project prioritization criteria will be, you need to determine how much weight (the importance) each criteria will receive.
    2. Use the four agreed upon criteria with two dimensions each, determined in the previous activity.
    3. Perform a $100 test to assign proportions to each of the criteria dimensions.
      1. Divide the committee into pairs.
      2. Tell each pair that they have $100 divide among the 4 major criteria based on how important they feel the criteria is.
      3. After dividing the initial $100, ask them to divide the amount they allocated to each criteria into the two sub-dimensions.
      4. Next, ask them to present their reasoning for the allocations to the rest of the committee.
      5. Discuss the weighting allotments and vote on the best one (or combination).
      6. Input the weightings in the Settings tab of the IT Steering Committee Project Prioritization Tool and document the discussion.
    4. After customizing the chart establish the owner of the document. This person should be a member of the PMO or the most suitable IT leader if a PMO doesn’t exist.
    5. Only perform this adjustment annually or if a major strategic change happens within the organization.

    INPUT

    • Group discussion

    OUTPUT

    • Agreed upon criteria weighting
    • Complete prioritization tool

    Materials

    • IT Steering Committee Project Prioritization Tool
    • Whiteboard and sticky notes

    Participants

    • IT steering committee
    • IT leadership

    Document the prioritization criteria weightings in Info-Tech’s IT Steering Committee Project Prioritization Tool.

    Configure the prioritization tool to align your portfolio with business strategy

    4.4 Estimated Time: 60 minutes

    Download Info-Tech’s Project Intake and Prioritization Tool.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool.

    Rank: Project ranking will dynamically update relative to your portfolio capacity (established in Settings tab) and the Size, Scoring Progress, Remove from Ranking, and Overall Score columns. The projects in green represent top priorities based on these inputs, while yellow projects warrant additional consideration should capacity permit.

    Scoring Progress: You will be able to determine some items on the scorecard earlier in the scoring progress (such as strategic and operational alignment). As you fill in scoring columns on the Project Data tab, the Scoring Progress column will dynamically update to track progress.

    The Overall Score will update automatically as you complete the scoring columns (refer to Activity 4.2).

    Days in Backlog: This column will help with backlog management, automatically tracking the number of days since an item was added to the list based on day added and current date.

    Validate your new prioritization criteria using previous projects

    4.5 Estimated Time: 2 hours

    1. After deciding on the prioritization criteria, you need to test their validity.
    2. Look at the portfolio of projects that were completed in the previous year.
    3. Go through each project and score it according to the criteria that were determined in the previous exercise.
    4. Enter the scores and appropriate weighting (according to goals/strategy of the previous year) into the IT Steering Committee Project Prioritization Tool.
    5. Look at the prioritization given to the projects in reference to how they were previously prioritized.
    6. Adjust the criteria and weighting to either align the new prioritization criteria with previous criteria or to align with desired outcomes.
    7. After scoring the old projects, pilot test the tool with upcoming projects.

    INPUT

    • Information on previous year’s projects
    • Group discussion

    OUTPUT

    • Pilot tested project prioritization criteria

    Materials

    • IT Steering Committee Project Prioritization Tool

    Participants

    • IT steering committee
    • IT leadership
    • PMO

    Pilot the scorecard to validate criteria and weightings

    4.6 Estimated Time: 60 minutes

    1. Pilot your criteria and weightings in the IT Steering Committee Project Prioritization Tool using project data from one or two projects currently going through approval process.
    2. For most projects, you will be able to determine strategic and operational alignment early in the scoring process, while the feasibility and financial requirements will come later during business case development. Score each column as you can. The tool will automatically track your progress in the Scoring Progress column on the Project Data tab.

    Projects that are scored but not prioritized will populate the portfolio backlog. Items in the backlog will need to be rescored periodically, as circumstances can change, impacting scores. Factors necessitating rescoring can include:

    • Assumptions in business case have changed.
    • Organizational change – e.g. a new CEO or a change in strategic objectives.
    • Major emergencies or disruptions – e.g. a security breach.

    Score projects using the Project Data tab in Info-Tech’s IT Steering Committee Project Prioritization Tool

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Project Prioritization Tool is depicted. The Data Tab is shown.">

    Use Info-Tech’s IT Project Intake Form to streamline the project prioritization and approval process

    4.7

    • Use Info-Tech’s IT Project Intake Form template to streamline the project intake and prioritization process.
    • Customize the chart on page 2 to include the prioritization criteria that were selected during this phase of the blueprint.
    • Including the prioritization criteria at the project intake phase will free up a lot of time for the steering committee. It will be their job to verify that the criteria scores are accurate.
    A screenshot of Info-Tech's IT Project Intake Form is depicted.

    After prioritizing and selecting your projects, determine how they will be resourced

    Consult these Info-Tech blueprints on project portfolio management to create effective portfolio project management resourcing processes.

    A Screenshot of Info-Tech's Create Project Management Success Blueprint is depicted. Create Project Management Success A Screenshot of Info-Tech's Develop a Project Portfolio Management Strategy Blueprint is depicted. Develop a Project Portfolio Management Strategy

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "Clear project intake and prioritization criteria allow for the new committee to make objective priority decisions."

    CHALLENGE

    One of the biggest problems that the previous steering committee at the company had was that their project intake and prioritization process was not consistent. Projects were being prioritized based on politics and managers taking advantage of the system.

    The procedure was not formalized so there were no objective criteria on which to weigh the value of proposed projects. In addition to poor meeting attendance, this led to the overall process being very inconsistent.

    SOLUTION

    The new CIO, with consultation from the newly formed committee, drafted a set of criteria that focused on the value and execution of their project portfolio. These criteria were included on their intake forms to streamline the rating process.

    All of the project scores are now reviewed by the steering committee, and they are able to facilitate the prioritization process more easily.

    The objective criteria process also helped to prevent managers from taking advantage of the prioritization process to push self-serving projects through.

    OUTCOME

    This was seen as a contributor to the increase in satisfaction scores for IT, which improved by 12% overall.

    The new streamlined process helped to reduce capacity constraints on IT, and it alerted the company to the need for more IT employees to help reduce these constraints further. The IT department was given permission to hire two new additional staff members.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is depicted. Activity 4.1 was about defining your prioritization criteria and customize our <em data-verified=IT Steering Committee Project Prioritization Tool.">

    Define your prioritization criteria and customize our IT Steering Committee Project Prioritization Tool

    With the help of Info-Tech advisors, create criteria for determining a project’s priority. Customize the tool to reflect the criteria and their weighting. Run pilot tests of the tool to verify the criteria and enter your current project portfolio.

    Research contributors and experts

    • Andy Lomasky, Manager, Technology & Management Consulting, McGladrey LLP
    • Angie Embree, CIO, Best Friends Animal Society
    • Corinne Bell, CTO and Director of IT Services, Landmark College
    • John Hanskenecht, Director of Technology, University of Detroit Jesuit High School and Academy
    • Lori Baker, CIO, Village of Northbrook
    • Lynne Allard, IT Supervisor, Nipissing Parry Sound Catholic School Board
    • Norman Allen, Senior IT Manager, Baker Tilly
    • Paul Martinello, VP, IT Services, Cambridge and North Dumfries Hydro Inc.
    • Renee Martinez, IT Director/CIO, City of Santa Fe
    • Sam Wong, Director, IT, Seneca College
    • Suzanne Barnes, Director, Information Systems, Pathfinder International
    • Walt Joyce, CTO, Peoples Bank

    Appendices

    GOVERNANCE & ITSC & IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT Steering committee. For more information on IT governance see Info-Tech’s related blueprint: Tailor an IT Governance Plan to Fit Organizational Needs.

    IT steering committees play an important role in IT governance

    By bucketing responsibilities into these areas, you’ll be able to account for most key IT decisions and help the business to understand their role in governance, fostering ownership and joint accountability.

    The five governance areas are:

    Governance of the IT Portfolio and Investments: Ensures that funding and resources are systematically allocated to the priority projects that deliver value.

    Governance of Projects: Ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.

    Governance of Risks: Ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.

    Governance of Services: Ensures that IT delivers the required services at the acceptable performance levels.

    Governance of Information and Data: Ensures the appropriate classification and retention of data based on business need.

    A survey of stakeholders identified a need for increased stakeholder involvement and transparency in decision making

    A bar graph is depicted. The title is: I understand how decisions are made in the following areas. The areas include risk, services, projects, portfolio, and information. A circle graph is depicted. The title is: Do IT decisions involve the right people?

    Overall, survey respondents indicated a lack of understanding about how decisions are made around risk, services, projects, and investments, and that business involvement in decision making was too minimal.

    Satisfaction with decision quality around investments and PPM are uneven and largely not well understood

    72% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Overall, services were ranked #1 in importance of the 5 areas

    62% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Projects ranked as one of the areas with which participants are most satisfied with the quality of decisions

    70% of stakeholders do not understand how decisions around projects selection, success, and changes are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. The title is: IT decisions around project changes, delays, and metrics involve the right people?

    Stakeholders are largely unaware of how decisions around risk are made and believe business participation needs to increase

    78% of stakeholders do not understand how decisions around risk are made

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions made around risk? A bar graph is depicted. The title is: IT decisions around acceptable risk involve the right people?

    The majority of stakeholders believe that they are aware of how decisions around information are made

    67% of stakeholders believe they do understand how decisions around information (data) retention and classification are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions around information governance? A bar graph is depicted. The title is: IT decisions around information retention and classification involve the right people?

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19

    • Buy Link or Shortcode: {j2store}536|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • COVID-19 is an unprecedented global pandemic. It’s creating significant challenges across every sector.
    • Collapse of financial markets and a steep decline in consumer confidence has most firms nervous about revenue shortfalls and cash burn rates.
    • The economic impact of COVID-19 is freezing IT budgets and sharply changing IT priorities.
    • The human impact of COVID-19 is likely to lead to staffing shortfalls and knowledge gaps.
    • COVID-19 may be in play for up to two years.

    Our Advice

    Critical Insight

    The challenges posed by the virus are compounded by the fact that consumer expectations for strong service delivery remain high:

    • Customers still expect timely, on-demand service from the businesses they engage with.
    • There is uncertainty about how to maintain strong, revenue-driving experiences when faced with the operational challenges posed by the virus.
    • COVID-19 is changing how organizations prioritize spending priorities within their CXM strategies.

    Impact and Result

    • Info-Tech recommends rapidly updating your strategy for customer experience management to ensure it can rise to the occasion.
    • Start by assessing the risk COVID-19 poses to your CXM approach and how it’ll impact marketing, sales, and customer service functions.
    • Implement actionable measures to blunt the threat of COVID-19 while protecting revenue, maintaining consistent product and service delivery, and improving the integrity of your brand. We’ll dive into five proven techniques in this brief!

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Research & Tools

    Start here

    Read our concise Executive Brief to find out why you should examine the impact of COVID-19 on customer experience strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard

    1. Assess the impact of COVID-19 on your CXM strategy

    Create a consolidated, updated view of your current customer experience management strategy and identify which elements can be capitalized on to dampen the impact of COVID-19 and which elements are vulnerabilities that the pandemic may threaten to exacerbate.

    2. Blunt the damage of COVID-19 with new CXM tactics

    Create a roadmap of business and technology initiatives through the lens of customer experience management that can be used to help your organization protect its revenue, maintain customer engagement, and enhance its brand integrity.

    [infographic]

    Build a Winning Business Process Automation Playbook

    • Buy Link or Shortcode: {j2store}407|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $8,065 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Business Analysis
    • Parent Category Link: /business-analysis
    • Organizations often have many business processes that rely on manual, routine, and repetitive data collection and processing work. These processes need to be automated to meet strategic priorities.
    • Your stakeholders may have decided to invest in process automation solutions. They may be ready to begin the planning and delivery of their first automated processes.
    • However, if your processes are costly, slow, defective, and do not generate the value end users want, automation will only magnify these inefficiencies.

    Our Advice

    Critical Insight

    • Put the user front and center. Aim to better understand the end user and their operational environment. Use cases, data models, and quality factors allow you to visualize the human-computer interactions from an end-user perspective and initiate a discussion on how technology and process improvements can be better positioned to help your end users.
    • Build for the future. Automation sets the technology foundations and process governance and management building blocks in your organization. Expect that more automation will be done using earlier investments.
    • Manage automations as part of your application portfolio. Automations are add-ons to your application portfolio. Unmanaged automations, like applications, will sprawl and reduce in value over time. A collaborative rationalization practice pinpoints where automation is required and identifies which business inefficiencies should be automated next.

    Impact and Result

    • Clarify the problem being solved. Gain a grounded understanding of your stakeholders’ drivers for business process automation. Discuss current business operations and systems to identify automation candidates.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes. Take a user-centric perspective to understand how users interact with technology to complete their tasks.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases. This sets the foundations for a broader automation practice.

    Build a Winning Business Process Automation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Business Process Automation Deck – A step-by-step document that walks you through how to optimize and automate your business processes.

    This blueprint helps you develop a repeatable approach to understand your process challenges and to optimize and automate strategic business processes.

    • Build a Winning Business Process Automation Playbook – Phases 1-3

    2. Business Process Automation Playbook – A repeatable set of practices to assess, optimize, and automate your business processes.

    This playbook template gives your teams a step-by-step guide to build a repeatable and standardized framework to optimize and automate your processes.

    • Business Process Automation Playbook

    3. Process Interview Template – A structured approach to interviewing stakeholders about their business processes.

    Info-Tech's Process Interview Template provides a number of sections that you can populate to help facilitate and document your stakeholder interviews.

    • Process Interview Template

    4. Process Mapping Guide – A guide to mapping business processes using BPMN standards.

    Info-Tech's Process Mapping Guide provides a thorough framework for process mapping, including the purpose and benefits, the best practices for facilitation, step-by-step process mapping instructions, and process mapping naming conventions.

    • Process Mapping Guide

    Infographic

    Workshop: Build a Winning Business Process Automation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Opportunities

    The Purpose

    Understand the goals and visions of business process automation.

    Develop your guiding principles.

    Build a backlog of automation opportunities

    Key Benefits Achieved

    Business process automation vision, expectations, and objectives.

    High-priority automation opportunities identified to focus on.

    Activities

    1.1 State your objectives and metrics.

    1.2 Build your backlog.

    Outputs

    Business process automation vision and objectives

    Business process automation guiding principles

    Process automation opportunity backlog

    2 Define Your MVAs

    The Purpose

    Assess and optimize high-strategic-importance business process automation use cases from the end user’s perspective.

    Shortlist your automation solutions.

    Build and plan to deliver minimum viable automations (MVAs).

    Key Benefits Achieved

    Repeatable framework to assess and optimize your business process.

    Selection of the possible solutions that best fit the business process use case.

    Maximized learning with a low-risk minimum viable automation.

    Activities

    2.1 Optimize your processes.

    2.2 Automate your processes.

    2.3 Define and roadmap your MVAs.

    Outputs

    Assessed and optimized business processes with a repeatable framework

    Fit assessment of use cases to automation solutions

    MVA definition and roadmap

    3 Deliver Your MVAs

    The Purpose

    Modernize your SDLC to support business process automation delivery.

    Key Benefits Achieved

    An SDLC that best supports the nuances and complexities of business process automation delivery.

    Activities

    3.1 Deliver your MVAs

    Outputs

    Refined and enhanced SDLC

    TY Advisory Services

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    What is our TY advisory service?

    The TY advisory service is tailored to your needs. It combines the best of traditional IT consulting expertise with the analysis and remedial solutions of an expert bureau.

    When you observe specific symptoms, TY analyses the exact areas that contribute to these symptoms.

    TY specializes in IT Operations and goes really deep in that area.  We define IT Operations as the core service you deliver to your clients:

    When you see your operation running smoothly, it looks obvious and simple, but it is not. IT Operations is a concerto, under the leadership of a competent IT Ops Conductor-Manager. IT Ops keeps the lights on and ensures your reputation with your clients and the market as a whole as a predictable and dependable business partner. And we help you achieve this, based on more than 30 years of IT Ops experience.

    As most companies' business services are linked at the hip with IT, your IT Operations, in other words, are your key to a successful business.

    Value Consulting

    That is why we work via a simple value-based proposition. We discuss your wants and together discover your needs. Once we all agree, only then do we make our proposal. Anything you learned on the way, is yours to keep and use. 

    This means a fixed agreement to deliver the value we promise. No time and material, no extensions, no unforeseen charges.

    How can we deliver this?

    Gert has advised clients on what to do before issues happen. We have also worked to bring companies back from the brink after serious events. TY has brought services back after big incidents.

    You need to get it done, not in theory, but via actionable advice and if required, via our actions and implementation prowess. It's really elementary. Anyone can create a spreadsheet with to-do lists and talk about how resilience laws like DORA and NIS2 need to be implemented.

    It's not the talk that counts, it's the walk. Service delivery is in our DNA. Resilience is our life.

    Efficient policies, procedures and guidelines

    Good governance directly ensures happy clients because staff knows what to do when and allows them leeway in improving the service. And this governance will satisfy auditors.

    • Incident management

      Incidents erode client confidence in your service and company. You must get them fixed in accordance with their importance,  

    • Problem management

      You don't want repeat incidents! Tackle the root causes and fix issues permanently. Save money by doing this right. 

    • Change management

      You must update your services to stay the best in your field. Do it in a controlled yet efficient way. Lose overhead where you can, add the right controls where you must.

    • Configuration management

      The base for most of your processes. You gotta know what you have and how it works together to provide the services to your clients.

    • Monitoring

      IT monitoring delivers business value by catching issues before they become problems. With real-time insights into system performance and security, you can minimize downtime, improve efficiency, and make better decisions that keep your operations strong and your customers happy.

    • Service management

      Bring all the IT Operations services together and measure how they perform versus set business relevant KPI's 

    • Disaster Recovery

      Disaster recovery is your company's safety net for getting critical systems and data back up and running after a major disruption, focusing on fast IT recovery and minimizing financial and operational losses, whereas business continuity ensures the entire business keeps functioning during and after the crisis.

    • Business Continuity

      Business continuity is keeping your company running smoothly during disruptions by having the right plans, processes, and backups in place to minimize downtime and protect your operations, customers, and reputation. We go beyond disaster recovery and make sure your critical processes can continue to function. 

    • Exit Plans

      Hope for the best, but plan for the worst. When you embark on a new venture, know how to get out of it. Planning to exit is best done in the very beginning, but better late than when it is too late.

      Get up to speed

    Your biggest asset, the people who execute your business services

    We base our analysis on over 30 years experience in corporate and large volume dynamic services.  Unique to our service is that we take your company culture into account, while we adjust the mindset of the experts working in these areas.

    Your people are what will make these processes work efficiently. We take their ideas, hard capabilities and leadership capabilities into account and improve upon where needed. That helps your company and the people themselves. 

    We look at the existing governance and analyse where they are best in class or how we can make them more efficient. We identify the gaps and propose remedial updates. Our updates are verified through earlier work, vetted by first and second line and sometimes even regulators 

    Next we decide with you on how to implement the updates to the areas that need them. 

    How does the TY advisory service work?

    • 1. Contact TY

      Fill out the small intake below and get started towards your solution. 

    • 2. Discovery call

      There is no financial commitment required from you. During this meeting we discus further in detail the issue at hand and the direction of the ideal solution and the way of working.

    • 3. TY consolidates and prepares roadmap

      We take in the information of our talks and prepare the the roadmap to the individualized solution for you.

    • 4. Second meeting to finalize roadmap

      By now, TY has a good idea of how we can help you, and we have prepared a roadmap to solving the issue. In this meeting we present the way forward our way of working and what it will require from you.

      If you decide this is not what you expected, you are free to take the information provided so far and work with it yourself. 

    • 5. We get to work

      After the previous meeting and agreement in principle, you will have by now received our offer.

      When you decide to work together, we start our partnership and solve the issue. We work to ensure you are fully satisfied with the result.

    Let's get started

    Continue reading

    Take Control of Cloud Costs on AWS

    • Buy Link or Shortcode: {j2store}425|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $62,500 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive AWS bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for over architecting or overspending on AWS.
    • Many organizations lack sufficient visibility into their AWS spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on AWS Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet

    3. Define processes and procedures

    Establish governance for tagging and cost control, define processes for right-sizing, and define processes for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List

    Infographic

    Workshop: Take Control of Cloud Costs on AWS

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles and responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Chargeback/showback model to provide clear accountability for costs.

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles and responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles and responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes and Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes and procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and Alerts

    4 Build Implementation Plan

    The Purpose

    Document next steps to implement and improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    Identify and Manage Financial Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}218|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.
    • It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Impact and Result

    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Financial Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Financial Risk Impact on Your Organization Deck – Use the research to better understand the negative financial impacts of vendor actions.

    Use this research to identify and quantify the potential financial impacts of vendors’ poor performance. Use Info-Tech’s approach to look at the financial impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Financial Risk Impacts on Your Organization Storyboard

    2. “What If” Financial Risk Impact Tool – Use this tool to help identify and quantify the financial impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Financial Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Financial Risk Impacts on Your Organization

    Good vendor management practices help organizations understand the costs of negative vendor actions.

    Analyst Perspective

    Vendor actions can have significant financial consequences for your organization.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Vendors are becoming more influential and essential to the operation of organizations. Often the sole risk consideration of a business is whether the vendor meets a security standard, but vendors can negatively impact organizations’ budgets in various ways. Fortunately, though inherent risk is always present, organizations can offset the financial impacts of high-risk vendors by employing due diligence in their vendor management practices to help manage the overall risks.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.

    It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.

    Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Info-Tech Insight

    Companies without good vendor management risk initiatives will take on more risk than they should. Solid vendor management practices are imperative –organizations must evolve to ensure that vendors deliver services according to performance objectives and that risks are managed accordingly.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Financial risk impact

    Potential losses to the organization due to financial risks

    In this blueprint, we’ll explore financial risks and their impacts.

    Identifying negative actions is paramount to assessing the overall financial impact on your organization, starting in the due diligence phase of the vendor assessment and continuing throughout the vendor lifecycle.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Financial' highlighted.

    Unbudgeted financial risk impact

    The costs of adverse vendor actions, such as a breach or an outage, are increasing. By knowing these potential costs, leaders can calculate how to avoid them throughout the lifecycle of the relationship.

    Loss of business represents the largest share of the breach

    38%

    Avg. $1.59M
    Global average cost of a vendor breach

    $4.2M

    Percentage of breaches in 2020 caused by business associates

    40.2%

    23.2% YoY
    (year over year)
    (Source: “Cost of a Data Breach Report 2021,” IBM, 2021) (Source: “Vendor Risk Management – A Growing Concern,” Stern Security, 2021)

    Example: Hospital IT System Outage

    Hospitals often rely on vendors to manage their data center environments but rarely understand the downstream financial impacts if that vendor fails to perform.

    For example, a vendor implements a patch out of cycle with no notice to the IT group. Suddenly all IT systems are down. It takes 12 hours for the IT teams to return systems to normal. The downstream impacts are substantial.

    • There is no revenue capture during outage (patient registration, payments).
      • The financial loss is significant, impacting cash on hand and jeopardizing future projects.
    • Clinicians cannot access the electronic health record (EHR) system and shift to downtime paper processes.
      • This can cause potential risks to patient health, such as unknown drug interactions.
      • This could also incur lawsuits, fines, and penalties.
    • Staff must manually add the paper records into the EHR after the incident is corrected.
      • Staff time is lost on creating paper records and overtime is required to reintroduce those records into EMR.
    • Staff time and overtime pay on troubleshooting and solving issues take away from normal operations and could cause delays, having downstream effects on the timing of other projects.

    Insight Summary

    Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

    Insight 1 Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

    Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

    Insight 2 Financial impacts from other risk types deserve just as much focus as security alone, if not more.

    Examples include penalties and fines, loss of revenue due to operational impacts, vendor replacement costs, hidden costs in poorly understood contracts, and lack of contractual protections.

    Insight 3 There is always an inherent risk in working with a vendor, but organizations should financially quantify how much each risk may impact their budget.

    A significant concern for organizations is quantifying different types of risks. When a risk occurs, the financial losses are often poorly understood, with unbudgeted financial impacts.

    Three stages of vendor financial risk assessment

    Assess risk throughout the complete vendor lifecycle

    1. Pre-Relationship Due Diligence: The initial pre-relationship due diligence stage is a crucial point to establish risk management practices. Vendor management practices ensure that a potential vendor’s risk is categorized correctly by facilitating the process of risk assessment.
    2. Monitor & Manage: Once the relationship is in place, organizations should enact ongoing management efforts to ensure they are both getting their value from the vendor and appropriately addressing any newly identified risks.
    3. Termination: When the termination of the relationship arrives, the organization should validate that adequate protections that were established while forming a contract in the pre-relationship stage remain in place.

    Inherent risks from negative actions are pervasive throughout the entire vendor lifecycle. Collaboratively understanding those risks and working together to put proper management in place enables organizations to get the most value out of the relationship with the least amount of risk.

    Flowchart for 'Assessing Financial Risk Impacts', beginning with 'New Vendor' to 'Sourcing' to the six components of 'Vendor Management'. After a gamut of assessments such as ''What If' Game' one can either 'Accept' to move on to 'Pre-Relationship', 'Monitor & Manage', and eventually to 'Termination', or not accept and circle back to 'Sourcing'.

    Stage 1: Pre-relationship assessment

    Do these as part of your due diligence

    • Review and negotiate contract terms and conditions.
      • Ensure that you have the protections to make you whole in the event of an incident, in the event that another entity purchases the vendor, and throughout the entire lifecycle of your relationship with the vendor.
      • Make sure to negotiate your post-termination protections in the initial agreement.
    • Perform a due-diligence financial assessment.
      • Make sure the vendor is positioned in the market to be able to service your organization.
    • Perform an initial risk assessment.
      • Identify and understand all potential factors that may cause financial impacts to your organization.
      • Include total cost of ownership (TCO) and return of investment (ROI) as potential impact offsets.
    • Review case studies – talk to other customers.
      • Research who else has worked with the vendor to get “the good, the bad, and the ugly” stories to form a clear picture of a potential relationship with the vendor.
    • Use proofs of concept.
      • It is essential to know how the vendor and their solutions will work in the environment before committing resources and to incorporate them into organizational strategic plans.
    • Limit vendors’ ability to increase costs over the years. It is not uncommon for a long-term relationship to become more expensive than a new one over time when the increases are unmanaged.
    • Vendor audits can be costly and a significant distraction to your staff. Make sure to contractually limit them.
    • Many vendors enjoy significant revenue from unclear deliverables and vague expectations that lead to change requests at unknown rates – clarifying expectations and deliverables and demanding negotiated rate sheets before engagement will save budget and strengthen the relationship.

    Visit Info-Tech’s VMO ROI Calculator and Tracker

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive financial risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Financial Risk Impact Tool to help drive discussion

    Participants: Vendor Management – Coordinator, IT Operations, Legal/Compliance/Risk Manager, Finance/Procurement

    Vendor management professionals are in an excellent position to collaboratively pull together resources across the organization to determine potential risks. By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Financial Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risks but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Financial Risk Impact Tool

    Stage 2.1: Monitor the financial risk

    Ongoing monitoring activities

    Never underestimate the value of keeping the relationship moving forward.

    Examples of items and activities to monitor include;

    Stock photo of a worker being trained on a computer.
    • Fines
    • Data leaks
    • Performance
    • Credit monitoring
    • Viability/solvency
    • Resource capacity
    • Operational impacts
    • Regulatory penalties
    • Increases in premiums
    • Security breaches (infrastructure)

    Info-Tech Insight

    Many organizations do not have the resources to dedicate to annual risk assessments of all vendors.

    Consider timing ongoing risk assessments to align with contract renewal, when you have the most leverage with the vendor.

    Visit Info-Tech’s Risk Register Tool

    Stage 2.2: Manage the financial risk

    During the lifecycle of the vendor relationship

    • Renew risk assessments annually.
    • Focus your efforts on highly ranked risks.
    • Is there a new opportunity to negotiate?
    • Identify and classify individual vendor risk.
    • Are there better existing contracts in place?
    • Review financial health checks at the same time.
    • Monitor and schedule contract renewals and new service/module negotiations.
    • Perform business alignment meetings to reassess the relationship.
    • Ongoing operational meetings should be supplemental, dealing with day-to-day issues.
    • Develop performance metrics and hold vendors accountable to established service levels.
    Stock image of a professional walking an uneven line over the words 'Risk Management'.

    Stage 3: Termination

    An essential and often overlooked part of the vendor lifecycle is the relationship after termination

    • The risk of a vendor keeping your data for “as long as they want” is high.
      • Data retention becomes a “forever risk” in today’s world of cyber issues if you do not appropriately plan.
    • Ensure that you always know where data resides and where people are allowed to access that data.
      • If there is a regulatory need to house data only in specific locations, ensure that it is explicit in agreements.
    • Protect your data through language in initial agreements that covers what needs to happen when the relationship with the vendor terminates.
      • Typically, all the data that the vendor has retained is returned and/or destroyed at your sole discretion.
    Stock image of a sign reading 'Closure'.

    Related Info-Tech Research

    Stock photo of two co-workers laughing. Design and Build an Effective Contract Lifecycle Management Process
    • Achieve measurable savings in contract time processing, financial risk avoidance, and dollar savings
    • Understand how to identify and mitigate risk to save the organization time and money.
    Stock image of reports and file folders. Identify and Reduce Agile Contract Risk
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Focus on the correct contract clauses to manage Agile risk.
    Stock photo of three co-workers gathered around a computer screen. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Gain visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Map Technical Skills for a Changing Infrastructure & Operations Organization

    • Buy Link or Shortcode: {j2store}333|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Infrastructure & Operations is changing rapidly. It’s a constant challenge to find the right skills to support the next new technology while at the same time maintaining the skills in house that allow you to support your existing platforms.
    • A lack of clarity around required skills makes finding the right skills difficult, and it’s not clear whether you should train, hire, contract, or outsource to address gaps.
    • You need to keep up with changes and new strategy while continuing to support your existing environment.

    Our Advice

    Critical Insight

    • Take a strategic approach to acquiring skills – looking only as far as the needs of the next project will lead to a constant skills shortage with no plan for it to be addressed.
    • Begin by identifying your future state. Identify needed skills in the organization to support planned projects and initiatives, and to mitigate skills-related risks.

    Impact and Result

    • Leverage your infrastructure roadmap and cloud strategy to identify needed skills in your future state environment.
    • Decide how you’ll acquire needed skills based on the characteristics of need for each skill.
    • Communicate the change and create a plan of action for the skills transformation.

    Map Technical Skills for a Changing Infrastructure & Operations Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should map technical skills for a changing Infrastructure & Operations organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify skills needs for the future state environment

    Identify what skills are needed based on where the organization is going.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 1: Identify Skills Needs for Your Future State Environment
    • Future State Playbook
    • IT/Cloud Solutions Architect
    • IT/Cloud Engineer
    • IT/Cloud Administrator
    • IT/Cloud Demand Billing & Accounting Analyst

    2. Acquire needed skills

    Ground skills acquisition decisions in the characteristics of need.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 2: Acquire Needed Skills
    • Technical Skills Map

    3. Maximize the value of the skills map

    Get stakeholder buy-in; leverage the skills map in other processes.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 3: Maximize the Value of Your Skills Map
    • Technical Skills Map Communication Deck Template
    [infographic]

    Workshop: Map Technical Skills for a Changing Infrastructure & Operations Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review Initiatives and Skills-Related Risks

    The Purpose

    Identify process and skills changes required by the future state of your environment.

    Key Benefits Achieved

    Set foundation for alignment between strategy-defined technology initiatives and needed skills.

    Activities

    1.1 Review the list of initiatives and projects with the group.

    1.2 Identify how key support, operational, and deployment processes will change through planned initiatives.

    1.3 Identify skills-related risks and pain points.

    Outputs

    Future State Playbook

    2 Identify Needed Skills and Roles

    The Purpose

    Identify process and skills changes required by the future state of your environment.

    Key Benefits Achieved

    Set foundation for alignment between strategy-defined technology initiatives and needed skills.

    Activities

    2.1 Identify skills required to support the new environment.

    2.2 Map required skills to roles.

    Outputs

    IT/Cloud Architect Role Description

    IT/Cloud Engineer Role Description

    IT/Cloud Administrator Role Description

    3 Create a Plan to Acquire Needed Skills

    The Purpose

    Create a skills acquisition strategy based on the characteristics of need.

    Key Benefits Achieved

    Optimal skills acquisition strategy defined.

    Activities

    3.1 Modify impact scoring scale for key skills decision factors.

    3.2 Apply impact scoring scales to needed skills

    3.3 Decide whether to train, hire, contract, or outsource to acquire needed skills.

    Outputs

    Technical Skills Map

    4 Develop a Communication Plan

    The Purpose

    Create an effective communication plan for different stakeholders across the organization.

    Identify opportunities to leverage the skills map elsewhere.

    Key Benefits Achieved

    Create a concise, clear, consistent, and relevant change message for stakeholders across the organization.

    Activities

    4.1 Review skills decisions and decide how you will acquire skills in each role.

    4.2 Update roles descriptions.

    4.3 Create a change message.

    4.4 Identify opportunities to leverage the skills map in other processes.

    Outputs

    Technical Skills Map Communication Deck

    Build an Application Department Strategy

    • Buy Link or Shortcode: {j2store}180|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $220,866 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application delivery has modernized. There are increasing expectations on departments to deliver on organizational and product objectives with increasing velocity.
    • Application departments produce many diverse, divergent products, applications, and services with expectations of frequent updates and changes based on rapidly changing landscapes

    Our Advice

    Critical Insight

    • There is no such thing as a universal “applications department.” Unlike other domains of IT, there are no widely accepted frameworks that clearly outline universal best practices of application delivery and management.
    • Different software needs and delivery orientations demand a tailored structure and set of processes, especially when managing a mixed portfolio or multiple delivery methods.

    Impact and Result

    Understand what your department’s purpose is through articulating its strategy in three steps:

    • Determining your application department’s values, principles, and orientation.
    • Laying out the goals, objectives, metrics, and priorities of the department.
    • Building a communication plan to communicate your overall department strategy.

    Build an Application Department Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an application department strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of who you are

    Consider and record your department’s values, principles, orientation, and capabilities.

    • Build an Application Department Strategy – Phase 1: Take Stock of Who You Are
    • Application Department Strategy Supporting Workbook

    2. Articulate your strategy

    Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.

    • Build an Application Department Strategy – Phase 2: Articulate Your Strategy
    • Application Department Strategy Template

    3. Communicate your strategy

    Communicate your department’s strategy to your key stakeholders.

    • Build an Application Department Strategy – Phase 3: Communicate Your Strategy

    Infographic

    Workshop: Build an Application Department Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take Stock of Who You Are

    The Purpose

    Understand what makes up your application department beyond the applications and services provided.

    Key Benefits Achieved

    Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.

    Activities

    1.1 Identify your team’s values and guiding principles.

    1.2 Define your department’s orientation.

    Outputs

    A summary of your department’s values and guiding principles

    A clear view of your department’s orientation and supporting capabilities

    2 Articulate Your Strategy

    The Purpose

    Lay out all the details that make up your application department strategy.

    Key Benefits Achieved

    A completed application department strategy canvas containing everything you need to communicate your strategy.

    Activities

    2.1 Write your application department vision statement.

    2.2 Define your application department goals and metrics.

    2.3 Specify your department capabilities and orientation.

    2.4 Prioritize what is most important to your department.

    Outputs

    Your department vision

    Your department’s goals and metrics that contribute to achieving your department’s vision

    Your department’s capabilities and orientation

    A prioritized roadmap for your department

    3 Communicate Your Strategy

    The Purpose

    Lay out your strategy’s communication plan.

    Key Benefits Achieved

    Your application department strategy presentation ready to be presented to your stakeholders.

    Activities

    3.1 Identify your stakeholders.

    3.2 Develop a communication plan.

    3.3 Wrap-up and next steps

    Outputs

    List of prioritized stakeholders you want to communicate with

    A plan for what to communicate to each stakeholder

    Communication is only the first step – what comes next?

    Build an Information Security Strategy

    • Buy Link or Shortcode: {j2store}242|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $45,303 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Many security leaders struggle to decide how to best to prioritize their scarce information security resources
    • The need to move from a reactive approach to security towards a strategic planning approach is clear. The path to getting there is less so.

    Our Advice

    Critical Insight

    The most successful information security strategies are:

    • Holistic – They consider the full spectrum of information security, including people, processes, and technology.
    • Risk aware – They understand that security decisions should be made based on the security risks facing their organization, not just on “best practice.”
    • Business aligned – They demonstrate an understanding of the goals and strategies of the organization and how the security program can support the business.

    Impact and Result

    • Info-Tech has developed a highly effective approach to building an information security strategy, an approach that has been successfully tested and refined for more than seven years with hundreds of different organizations:
    • This approach includes tools for:
      • Ensuring alignment with business objectives.
      • Assessing organizational risk and stakeholder expectations.
      • Enabling a comprehensive current state assessment.
      • Prioritizing initiatives and building out a security roadmap.

    Build an Information Security Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Information Security (IS) Strategy Research – A step-by-step document that helps you build a holistic, risk-based, and business-aligned IS strategy.

    Your security strategy should not be based on trying to blindly follow best practices but on a holistic risk-based assessment that is risk aware and aligns with your business context. Use this storyboard to augment your security strategy by ensuring alignment with business objectives, assessing your organization's risk and stakeholder expectations, understanding your current security state, and prioritizing initiatives and a security roadmap.

    • Build an Information Security Strategy – Phases 1-4

    2. Information Security Requirements Gathering Tool – A tool to make informed security risk decisions to support business needs.

    Use this tool to formally identify business goals and customer and compliance obligations and make explicit links to how security initiatives propose to support these business interests. Then define the scope and boundaries for the security strategy and the risk tolerance definitions that will guide future security risk decisions.

    • Information Security Requirements Gathering Tool

    3. Information Security Pressure Analysis Tool – An evaluation tool to invest in the right security functions using a pressure analysis approach.

    Security pressure posture analysis helps your organization assess your real security context and enables you to invest in the right security functions while balancing the cost and value in alignment with business strategies. Security pressure sets the baseline that will help you avoid over-investing or under-investing in your security functions.

    • Information Security Pressure Analysis Tool

    4. Information Security Program Gap Analysis Tool – A structured tool to systematically understand your current security state.

    Effective security planning should not be one size fits all – it must consider business alignment, security benefit, and resource cost. To enable an effective security program, all areas of security need to be evaluated closely to determine where the organization sits currently and where it needs to go in the future.

    • Information Security Program Gap Analysis Tool

    5. Information Security Strategy Communication Deck – A best-of-breed presentation document to build a clear, concise, and compelling strategy document.

    Use this communication deck template to present the results of the security strategy to stakeholders, demonstrate the progression from the current state to the future state, and establish the roadmap of the security initiatives that will be implemented. This information security communication deck will help ensure that you’re communicating effectively for your cause.

    • Information Security Strategy Communication Deck

    6. Information Security Charter – An essential document for defining the scope and purpose of a security project or program.

    A charter is an essential document for defining the scope and purpose of security. Without a charter to control and set clear objectives for this committee, the responsibility of security governance initiatives will likely be undefined within the enterprise, preventing the security governance program from operating efficiently. This template can act as the foundation for a security charter to provide guidance to the governance of information security.

    • Information Security Charter
    [infographic]

    Workshop: Build an Information Security Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Security Requirements

    The Purpose

    Understand business and IT strategy and plans.

    Key Benefits Achieved

    Defined security obligations, scope, and boundaries.

    Activities

    1.1 Define business and compliance.

    1.2 Establish security program scope.

    1.3 Analyze the organization’s risk and stakeholder pressures.

    1.4 Identify the organizational risk tolerance level.

    Outputs

    Security obligations statement

    Security scope and boundaries statement

    Defined risk tolerance level

    Risk assessment and pressure analysis

    2 Perform a Gap Analysis

    The Purpose

    Define the information security target state.

    Key Benefits Achieved

    Set goals and Initiatives for the security strategy in line with the business objectives.

    Activities

    2.1 Assess current security capabilities.

    2.2 Identify security gaps.

    2.3 Build initiatives to bridge the gaps.

    Outputs

    Information security target state

    Security current state assessment

    Initiatives to address gaps

    3 Complete the Gap Analysis

    The Purpose

    Continue assessing current security capabilities.

    Key Benefits Achieved

    Identification of security gaps and initiatives to bridge them according to the business goals.

    Activities

    3.1 Identify security gaps.

    3.2 Build initiatives to bridge the maturity gaps.

    3.3 Identify initiative list and task list.

    3.4 Define criteria to be used to prioritize initiatives.

    Outputs

    Completed security current state assessment

    Task list to address gaps

    Initiative list to address gaps

    Prioritize criteria

    4 Develop the Roadmap

    The Purpose

    Create a plan for your security strategy going forward.

    Key Benefits Achieved

    Set path forward to achieving the target state for the business through goal cascade and gap initiatives.

    Activities

    4.1 Conduct cost/benefit analysis on initiatives.

    4.2 Prioritize gap initiatives based on cost and alignment with business.

    4.3 Build an effort list.

    4.4 Determine state times and accountability.

    4.5 Finalize security roadmap and action plan.

    4.6 Create communication plan.

    Outputs

    Information security roadmap

    Draft communication deck

    5 Communicate and Implement

    The Purpose

    Finalize deliverables.

    Key Benefits Achieved

    Consolidate documentation into a finalized deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.

    Activities

    5.1 Support communication efforts.

    5.2 Identify resources in support of priority initiatives.

    Outputs

    Security strategy roadmap documentation

    Detailed cost and effort estimates

    Mapping of Info-Tech resources against individual initiatives

    Further reading

    Build an Information Security Strategy

    Create value by aligning your strategy to business goals and business risks.

    Analyst Perspective

    Set your security strategy up for success.

    “Today’s rapid pace of change in business innovation and digital transformation is a call to action to information security leaders.

    Too often, chief information security officers find their programs stuck in reactive mode, a result of years of mounting security technical debt. Shifting from a reactive to proactive stance has never been more important. Unfortunately, doing so remains a daunting task for many.

    While easy to develop, security plans premised on the need to blindly follow ‘best practices’ are unlikely to win over many stakeholders. To be truly successful, an information security strategy needs to be holistic, risk-aware, and business-aligned.”

    Kevin Peuhkurinen

    Research Director – Security, Risk & Compliance

    Info-Tech Research Group

    Executive summary

    Your Challenge

    • Many security leaders struggle to decide how best to prioritize their scarce information security resources.
    • The need to move from a reactive approach to security toward a strategic planning approach is clear. The path to getting there is less clear.

    Common Obstacle

    • Developing a security strategy can be challenging. Complications include:
      • Performing an accurate assessment of your current security program can be extremely difficult when you don’t know what to assess or how.
      • Determining the appropriate target state for security can be even more challenging. A strategy built around following best practices is unlikely to garner significant support from business stakeholders.

    Info-Tech’s Approach

    • Info-Tech has developed a highly effective approach to building an information security strategy, an approach that has been successfully tested and refined for 7+ years with hundreds of organizations.
    • This unique approach includes tools for:
      • Ensuring alignment with business objectives.
      • Assessing organizational risk and stakeholder expectations.
      • Enabling a comprehensive current state assessment.
      • Prioritizing initiatives and building out a security roadmap.

    Info-Tech Insight

    The most successful information security strategies are:

    • Holistic. They consider the full spectrum of information security, including people, processes, and technologies.
    • Risk-Aware. They understand that security decisions should be made based on the security risks facing their organization, not just on best practice.
    • Business-Aligned. They demonstrate an understanding of the goals and strategies of the organization, and how the security program can support the business.

    It’s not a matter of if you have a security incident, but when

    Organizations need to prepare and expect the inevitable security breach.

    Fifty-eight percent of companies surveyed that experienced a breach were small businesses.

    Eighty-nine percent of breaches have a financial or espionage motive.

    Three graphs are depicted. The first is labeled ‘Total Cost for Three Data Breach Root Causes,’ the second ‘Distribution of Benchmark by Root Cause of the Data Breach,’ and the third ‘Per Capita for Three Root Causes of a Data Breach.’ The three root causes are malicious or criminal attack (US$166 million per capita), system glitch ($132 million per capita), and human error ($133 million per capita).

    Source: Ponemon Institute, “2019 Global Cost of Data Breach Study”

    An information security strategy can help you prepare for incidents

    Organizations need to expect the inevitable security breach.

    90%

    of businesses have experienced an external threat in the last year.

    50%

    of IT professionals consider security to be their number one priority.

    53%

    of organizations claimed to have experienced an insider attack in the previous 12 months. 1

    46%

    of businesses believe the frequency of attacks is increasing. 2

    Effective IT leaders approach their security strategy from an understanding that attacks on their organization will occur. Building a strategy around this assumption allows your security team to understand the gaps in your current approach and become proactive instead of being reactive.

    Sources: 1 Kaspersky Lab, “Global IT Security Risks Survey”; 2 CA Technologies, “Insider Threat 2018 Report”

    Persistent Issues

    Evolving Ransomware

    • Continual changes in types and platforms make ransomware a persistent threat. The frequency of ransomware attacks was reported to have increased by 67% in the past five years. 1

    Phishing Attacks

      • Despite filtering and awareness, email remains the most common threat vector for phishing attacks (94%) and an average of 3% of participants in phishing campaigns still click on them. 2

    Insider Privilege and Misuse

    • Typically, 34% of breaches are perpetrated by insiders, with 15% involving privilege misuse. Takeaway: Care less about titles and more about access levels. 3

    Denial of Service

    • The median amount of time that an organization is under attack from DDoS attack is three days.

    Emerging Trends

    Advanced Identity and Access Governance

    • Using emerging technologies in automation, orchestration, and machine learning, the management and governance of identities and access has become more advanced.

    Sources: 1 Accenture, “2019 The Cost of Cyber Crime Study”; 2,3 Verizon, “2019 Data Breach Investigations Report”

    New threat trends in information security aren’t new.

    Previously understood attacks are simply an evolution of prior implementations, not a revolution.

    Traditionally, most organizations are not doing a good-enough job with security fundamentals, which is why attackers have been able to use the same old tricks.

    However, information security has finally caught the attention of organizational leaders, presenting the opportunity to implement a comprehensive security program.

    Cyberattacks have a significant financial impact

    Global average cost of a data breach: $3.92 Million

    Source: Ponemon Institute, “2019 Cost of a Data Breach Study: Global Overview”

    A bar graph, titled ‘Average cost of data breach by industry,’ is depicted. Of 17 industries depicted, public is the lowest average cost (US$1.29 million) and health is the highest average cost ($6.45 million).

    Primary incident type (with a confirmed data breach)

    1. Leading incident type is Denial of Service attacks (DoS), taking up to 70% of all incidents.
    2. When it comes to data breaches, we see that the use of stolen credentials leads to the most cases of confirmed breaches, accounting for 29%.

    Personal records tend to be the most compromised data types, while databases tend to be the most frequently involved asset in breaches.

    Source: Verizon, “2019 Data Breach Investigations Report”

    Security threats are not going away

    We continue to see and hear of security breaches occurring regularly.

    A bar graph depicts the percentage of businesses who experienced a data breach in the last year–US total and global total. Numbers have increased from 2016 to 2019. In 2016, 19 percent of US businesses experienced a breach. In 2019, this number was 59 percent.

    An attacker must be successful only once. The defender – you – must be successful every time.

    Info-Tech’s approach

    Maturing from reactive to strategic information security

    Two circular graphs depict the move from ‘reactive security’ to ‘strategic security’ organizations can accomplish using Info-Tech’s approach.

    Tools icon that is used in the first three stages of the strategic security graph above. Indicates Info-Tech tools included in this blueprint.

    The Info-Tech difference:

    1. A proven, structured approach to mature your information security program from reactive to strategic.
    2. A comprehensive set of tools to take the pain out of each phase in the strategy building exercise.
    3. Visually appealing templates to communicate and socialize your security strategy and roadmap to your stakeholders.

    Info-Tech’s Security Strategy Model

    Info-Tech’s Security Strategy Model is depicted in this rectangular image with arrows. The first level depicts business context (enterprise goals, compliance obligations, scope and boundaries) and pressures (security risks, risk tolerance, stakeholder expectations). The second level depicts security target state (maturity model, security framework, security alignment goals, target maturity, time frame) and current state (current state assessment, gap analysis). The third level depicts the information security roadmap (initiative list, task list, prioritization methodology, and Gantt chart).

    The Info-Tech difference:

    An information security strategy model that is:

    1. Business-Aligned. Determines business context and cascades enterprise goals into security alignment goals.
    2. Risk-Aware. Understands the security risks of the business and how they intersect with the overall organizational risk tolerance.
    3. Holistic. Leverages a best-of-breed information security framework to provide comprehensive awareness of organizational security capabilities.

    Info-Tech’s best-of-breed security framework

    This image shows how Info-Tech’s framework is based on ISO 27000 series, CIS Top 20, COBIT 2019, NIST 800-53, and NIST CSF.

    Info-Tech’s approach

    Creating an information security strategy

    Value to the business

    Outcome

    Best-of-breed security strategy

    Have documentation that paints a picture of the road to compliance. Integrate your framework with your risk tolerance and external pressures.

    Be ready for future changes by aligning your security strategy to security framework best practices.

    Address the nature of your current information security

    Eliminate gaps in process and know what is in scope for your security strategy. Learn what pressures your business and industry are under.

    Gain insight into your current state, allowing you to focus on high-value projects first, transitioning towards a target state.

    Highlight overlooked functions of your current security strategy

    Build a comprehensive security program that brings to light all aspects of your security program.

    Instead of pursing ad hoc projects, know what needs work and how to prioritize your pressing security issues.

    Create a tangible roadmap to your target state

    Create a plan for your future state of information security. Refer to and update your target state as your business needs change.

    Document your current progress and path forward in the future. Know your goals and requirements, codified in a living document.

    Use our prepopulated deliverables to fast track your progress

    Let Info-Tech do the work for you. With completed deliverables, have tangible documents to convey your business needs.

    A comprehensive set of deliverables with concrete, defensible data to justify any business changes.

    A living security strategy

    Pivot and change prioritization to meet the needs of your security deficits.

    Future-proof your security strategy for any contingency.

    The Info-Tech difference:

    Evolve the security program to be more proactive by leveraging Info-Tech’s approach to building a security strategy.

    • Dive deep into security obligations and security pressures to define the business context.
    • Conduct a thorough current state and future state analysis that is aligned with a best-of-breed framework.
    • Prioritize gap-closing initiatives to create a living security strategy roadmap.

    Use Info-Tech’s blueprint to save one to three months

    This image depicts how using Info-Tech’s four-phase blueprint can save an estimated seven to 14 weeks of an organization’s time and effort.

    Iterative benefit

    Over time, experience incremental value from your initial security strategy. Through continual updates your strategy will evolve but with less associated effort, time, and costs.

    These estimates are based on experiences with Info-Tech clients throughout the creation of this blueprint.

    Key deliverable:

    Information Security Strategy Communication Deck (PPT)

    Present your findings in a prepopulated document that can summarizes all key findings of the blueprint.

    Screenshots from Info-Tech’s Information Security Strategy Communication Deck Template.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Information Security Requirements Gathering Tool

    Define the business, customer, and compliance alignment for your security program.

    Information Security Pressure Analysis Tool

    Determine your organization’s security pressures and ability to tolerate risk.

    Information Security Program Gap Analysis Tool

    Use our best-of-breed security framework to perform a gap analysis between your current and target states.

    Information Security Charter

    Ensure the development and management of your security policies meet the broader program vision.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical Guided Implementation on this topic look like?

    Guided Implementation #1 - Assess security requirements
    • Call #1 - Introduce project and complete pressure analysis.
    Guided Implementation #2 - Build a gap initiative strategy
    • Call #1 - Introduce the maturity assessment.
    • Call #2 - Perform gap analysis and translate into initiatives.
    • Call #3 - Consolidate related gap initiatives and define, cost, effort, alignment, and security benefits.
    Guided Implementation #3 - Prioritize initiatives and build roadmap
    • Call #1 - Review cost/benefit analysis and build an effort map.
    • Call #2 - Build implementation waves and introduce Gantt chart.
    Guided Implementation #4 - Execute and maintain
    • Call #1 - Review Gantt chart and ensure budget/buy-in support.
    • Call #2 - Three-month check-in: Execute and maintain.

    A Guided Implementation is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical Guided Implementation is between 2-12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information, or contact workshops@infotech.com or 1-888-670-8889.

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Assess Security Requirements

    Perform a Gap Analysis

    Complete the Gap Analysis

    Develop Roadmap

    Communicate and Implement

    1.1 Understand business and IT strategy and plans

    1.2 Define business and compliance requirements

    1.3 Establish the security program scope

    1.4 Analyze the organization’s risks and stakeholder pressures

    1.5 Identify the organizational risk tolerance level

    2.1 Define the information security target state

    2.2 Assess current security capabilities

    2.3 Identify security gaps

    2.4 Build initiatives to bridge the gaps

    3.1 Continue assessing current security capabilities

    3.2 Identify security gaps

    3.3 Build initiatives to bridge the maturity gaps

    3.4 Identify initiative list and task list

    3.5 Define criteria to be used to prioritize initiatives

    4.1 Conduct cost/benefit analysis on initiatives

    4.2 Prioritize gap initiatives based on cost, time, and alignment with the business

    4.3 Build effort map

    4.4 Determine start times and accountability

    4.5 Finalize security roadmap and action plan

    4.6 Create communication plan

    5.1 Finalize deliverables

    5.2 Support communication efforts

    5.3 Identify resources in support of priority initiatives

    Deliverables

    1.Security obligations statement

    2.Security scope and boundaries statement

    3.Defined risk tolerance level

    4.Risk assessment and pressure analysis

    1.Information security target state

    2.Security current state assessment

    3.Initiatives to address gaps

    1.Completed security current state assessment

    2.Task list to address gaps address gaps

    4.Prioritization criteria

    1.Information security roadmap

    2.Draft communication deck

    1.Security strategy roadmap documentation

    2.Detailed cost and effort estimates

    3.Mapping of Info-Tech resources against individual initiatives

    Executive Brief Case Study

    Credit Service Company

    Industry: Financial Services

    Source: Info-Tech Research group

    Founded over 100 years ago, Credit Service Company (CSC)* operates in the United States with over 40 branches located across four states. The organization services over 50,000 clients.

    Situation

    Increased regulations, changes in technology, and a growing number of public security incidents had caught the attention of the organization’s leadership. Despite awareness, an IT and security strategy had not been previously created. Management was determined to create a direction for the security team that aligned with their core mission of providing exceptional service and expertise.

    Solution

    During the workshop, the IT team and Info-Tech analysts worked together to understand the organization’s ideal state in various areas of information security. Having a concise understanding of requirements was a stepping stone to beginning to develop CSC’s prioritized strategy.

    Results

    Over the course of the week, the team created a document that concisely prioritized upcoming projects and associated costs and benefits. On the final day of the workshop, the team effectively presented the value of the newly developed security strategy to senior management and received buy-in for the upcoming project.

    *Some details have been changed for client privacy.

    Phase 1

    Assess Security Requirements

      Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

      Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

      Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

      Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

    This phase will walk you through the following activities:

    1.1 Define goals and scope of the security strategy.

    1.2 Assess your organization’s current inherent security risks.

    1.3 Determine your organization’s stakeholder pressures for security.

    1.4 Determine your organization’s risk tolerance.

    1.5 Establish your security target state.

    1.1.1 Record your business goals

    Once you have identified your primary and secondary business goals, as well as the corresponding security alignment goals, record them in the Information Security Requirements Gathering Tool. The tool provides an activity status that will let you know if any parts of the tool have not been completed.

    1. Record your identified primary and secondary business goals in the Goals Cascade tab of the Information Security Requirements Gathering Tool.

    Use the drop-down lists to select an appropriate goal or choose “Other.” If you do choose “Other,” you will need to manually enter an appropriate business goal.

    2. For each of your business goals, select one to two security alignment goals. The tool will provide you with recommendations, but you can override these by selecting a different goal from the drop-down lists.

    A screenshot of the ‘Business Goals Cascade,’ which is part of the ‘Information Security Requirements Gathering Tool.’

    A common challenge for security leaders is how to express their initiatives in terms that are meaningful to business executives. This exercise helps to make an explicit link between what the business cares about and what security is trying to accomplish.

    1.1.2 Review your goals cascade

    Estimated Time: 15 minutes

    1. When you have completed the goals cascade, you can review a graphic diagram that illustrates your goals. The graphic is found on the Results tab of the Information Security Requirements Gathering Tool.
      • Security must support the primary business objectives. A strong security program will enable the business to compete in new and creative ways, rather than simply acting as an obstacle.
      • Failure to meet business obligations can result in operational problems, impacting the organization’s ability to function and the organization’s bottom line.
    2. Once you have reviewed the diagram, copy it into the Information Security Strategy Communication Deck.

    A screenshot of the ‘Goal Cascade Diagrams,’ which is part of the ‘Information Security Requirements Gathering Tool.’

    Identify your compliance obligations

    Most conventional regulatory obligations are legally mandated legislation or compliance obligations, such as:

    Sarbanes-Oxley Act (SOX)

    Applies to public companies that have registered equity or debt securities within the SEC to guarantee data integrity against financial fraud.

    Payment Card Industry Data Security Standard (PCI DSS)

    Applies to any organization that processes, transmits, or stores credit card information to ensure cardholder data is protected.

    Health Insurance Portability and Accountability Act (HIPAA)

    Applies to the healthcare sector and protects the privacy of individually identifiable healthcare information.

    Health Information Technology for Economic and Clinical Health (HITECH)

    Applies to the healthcare sector and widens the scope of privacy and security protections available under HIPAA.

    Personal Information Protection and Electronic Documents Act (PIPEDA)

    Applies to private sector organizations that collect personal information in Canada to ensure the protection of personal information in the course of commercial business.

    Compliance obligations also extend to voluntary security frameworks:

    NIST

    National Institute of Standards and Technology; a non-regulatory agency that develops and publicizes measurement

    CIS – 20 CSC

    Center for Internet Security – 20 Critical Security Controls; foundational set of effective cybersecurity practices.

    ISO 27001

    An information security management system framework outlining policies and procedures.

    COBIT 5

    An information technology and management and governance framework.

    HITRUST

    A common security framework for organizations that use or hold regulated personal health information.

    1.1.3 Record your compliance obligations

    Estimated Time: 30 minutes

    1. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      • Laws
      • Government regulations
      • Industry standards
      • Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your security strategy, include only those that have information security or privacy requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Information Security Requirements Gathering Tool.

    A screenshot of ‘Security Compliance Obligations,’ part of the ‘Information Security Requirements Gathering Tool.’

    Establish your scope and boundaries

    It is important to know at the outset of the strategy: what are we trying to secure?

    This includes physical areas we are responsible for, types of data we care about, and departments or IT systems we are responsible for.

    This also includes what is not in scope. For some outsourced services or locations, you may not be responsible for their security. In some business departments, you may not have control of security processes. Ensure that it is made explicit at the outset what will be included and what will be excluded from security considerations.

    Physical Scope and Boundaries

    • How many offices and locations does your organization have?
    • Which locations/offices will be covered by your information security management system (ISMS)?
    • How sensitive is the data residing at each location?
    • You may have many physical locations, and it is not necessary to list every one. Rather, list exceptional cases that are specifically in or out of scope.

    IT Systems Scope and Boundaries

    • There may be hundreds of applications that are run and maintained in your organization. Some of these may be legacy applications. Does your ISMS need to secure all your programs or a select few?
    • Is the system owned or outsourced?
    • Where are we accountable for security?
    • How sensitive is the data that each system handles?

    Organizational Scope and Boundaries

    • Will your ISMS cover all departments within your organization? For example, do certain departments (e.g. Operations) not need any security coverage?
    • Do you have the ability to make security decisions for each department?
    • Who are the key stakeholders/data owners for each department?

    Organizational scope considerations

    Many different groups will fall within the purview of the security strategy. Consider these two main points when deciding which departments will be in scope:

    1. If a group/user has access to data or systems that can impact the organization, then securing that group/user should be included within scope of the security strategy.
    2. If your organization provides some work direction to a group/user, they should be included within scope of the security strategy.
    1. Identify your departments and business groups
      • Start by identifying departments that provide some essential input or service to the organization or departments that interact with sensitive data.
    2. Break out different subsidiaries or divisions
      • Subsidiaries may or may not be responsible for securing themselves and protecting their data, but either way they are often heavily reliant on corporate for guidance and share IT resourcing support.
    3. Identify user groups
      • Many user groups exist, all requiring different levels of security. For example, from on-premises to remote access, from full-time employees to part-time or contractors.

    Physical scope considerations

    List physical locations by type

    Offices

    The primary location(s) where business operations are carried out. Usually leased or owned by the business.

    Regional Offices

    These are secondary offices that can be normal business offices or home offices. These locations will have a VPN connection and some sort of tenant.

    Co-Locations

    These are redundant data center sites set up for additional space, equipment, and bandwidth.

    Remote Access

    This includes all remaining instances of employees or contractors using a VPN to connect.

    Clients and Vendors

    Various vendors and clients have dedicated VPN connections that will have some control over infrastructure (whether owed/laaS/other).

    List physical locations by nature of the location

    Core areas within physical scope

    These are many physical locations that are directly managed. These are high-risk locations with many personal and services, resulting in many possible vulnerabilities and attack vectors.

    Locations on the edge of control

    These are on the edge of the physical scope, and thus, in scope of the security strategy. These include remote locations, remote access connections, etc.

    Third-party connections

    Networks of third-party users are within physical scope and need defined security requirements and definitions of how this varies per user.

    BYOD

    Mostly privately owned mobile devices with either on-network or remote access.

    It would be overkill and unhelpful to list every single location or device that is in scope. Rather, list by broad categories as suggested above or simply list exceptional cases that are in/out of scope.

    IT systems scope considerations

    Consider identifying your IT systems by your level of control or ownership.

    Fully owned systems

    These are systems that are wholly owned or managed by your organization.

    IT is almost always the admin of these systems. Generally they are hosted on premises. All securitization through methods such as patching or antivirus is done and managed by your IT department.

    Cloud/remote hosted (SaaS)

    These are systems with a lot of uncertainties because the vendor or service provided is either not known or what they are doing for security is not fully known.

    These systems need to be secured regardless, but supplier and vendor relationship management becomes a major component of how to manage these systems. Often, each system has varying levels of risk based on vendor practices.

    Hybrid owned (IaaS/PaaS)

    You likely have a good understanding of control for these systems, but they may not be fully managed by you (i.e. ownership of the infrastructure). These systems are often hosted by third parties that do some level of admin work.

    A main concern is the unclear definition of responsibility in maintaining these systems. These are managed to some degree by third parties; it is challenging for your security program to perform the full gamut of security or administrative functions.

    Unknown/unowned systems

    There are often systems that are unowned and even unknown and that very few people are using. These apps can be very small and my not fall under your IT management system framework. These systems create huge levels of risk due to limited visibility.

    For example, unapproved (shadow IT) file sharing or cloud storage applications would be unknown and unowned.

    1.1.4 Record your scope and boundaries

    Estimated Time: 30-60 minutes

    1. Divide into groups and give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the scope buckets.
    2. Collect each group’s responses and discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.
      • Careful attention should be paid to any elements of the strategy that are not in scope.
    3. Discuss and aggregate all responses as to what will be in scope of the security strategy and what will not be. Record these in the Information Security Requirements Gathering Tool.

    A screenshot of ‘Scope and Boundaries,’ part of the ‘Information Security Requirements Gathering Tool.’

    1.2 Conduct a risk assessment

    Estimated Time: 1-3 hours

    1. As a group, review the questions on the Risk Assessment tab of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk elements:
      • Threats
      • Assets
      • Vulnerabilities (people, systems, supply chain)
      • Historical security incidents

    Input

    • List of organizational assets
    • Historical data on information security incidents

    Output

    • Completed risk assessment

    Materials

    • Information Security Pressure Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Risk Management

    Download the Information Security Pressure Analysis Tool

    1.2.1 Complete the risk assessment questionnaire

    Estimated Time: 60-90 minutes

    1. Review each question in the questionnaire and provide the most appropriate response using the drop-down list.
      • If you are unsure of the answer, consult with subject matter experts to obtain the required data.
      • Otherwise, provide your best estimation
    2. When providing responses for the historical incident questions, only count incidents that had a sizeable impact on the business.

    A screenshot of the ‘Organizational Security Risk Assessment,’ part of the ‘Information Security Pressure Analysis Tool.’

    Info-Tech Insight

    Understanding your organization’s security risks is critical to identifying the most appropriate level of investment into your security program. Organizations with more security risks will need more a mature security program to mitigate those risks.

    1.2.2 Review the results of the risk assessment

    Estimated Time: 30 minutes

    1. Once you have completed the risk assessment, you can review the output on the Results tab.
    2. If required, the weightings of each of the risk elements can be customized on the Weightings tab.
    3. Once you have reviewed the results, copy your risk assessment diagram into the Information Security Strategy Communication Deck.

    A screenshot showing sample results of the ‘Organizational Risk Assessment,’ part of the ‘Information Security Pressure Analysis Tool.’

    It is important to remember that the assessment measures inherent risk, meaning the risk that exists prior to the implementation of security controls. Your security controls will be assessed later as part of the gap analysis.

    1.3 Conduct pressure analysis

    Estimated Time: 1-2 hours

    1. As a group, review the questions on the Pressure Analysis tab of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following pressure elements:
      • Compliance and oversight
      • Customer expectations
      • Business expectations
      • IT expectations

    Input

    • Information on various pressure elements within the organization

    Output

    • Completed pressure analysis

    Materials

    • Information Security Pressure Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Leaders
    • Compliance

    Download the Information Security Pressure Analysis Tool

    Risk tolerance considerations

    At this point, we want to frame risk tolerance in terms of business impact. Meaning, what kinds of impacts to the business would we be able to tolerate and how often? This will empower future risk decisions by allowing the impact of a potential event to be assessed, then compared against the formalized tolerance. We will consider impact from three perspectives:

    F

    Functional Impact

    The disruption or degradation of business/organizational processes.

    I

    Informational Impact

    The breach of confidentiality, privacy, or integrity of data/information.

    R

    Recoverability Impact

    The disruption or degradation of the ability to return to conditions prior to a security incident.

    Consider these questions:

    Questions to ask

    Description

    Is there a hard-dollar impact from downtime?

    This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it affects sales, and therefore, revenue.

    Is regulatory compliance a factor?

    Depending on the circumstances of the vulnerabilities, it can be a violation of compliance obligations that would cause significant fines.

    Are any critical services dependent on this asset?

    Functional dependencies are sometimes not obvious, and assets that appear marginal can have huge impacts on critical services.

    Is there a health or safety risk?

    Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure uninterrupted critical health services. An exploited vulnerability that impacts these operations can have life and death consequences.

    ANALYST PERSPECTIVE

    It is crucial to keep in mind that you care about a risk scenario impact to the main business processes.

    For example, imagine a complete functional loss of the corporate printers. For most businesses, even the most catastrophic loss of printer function will have a small impact on their ability to carry out the main business functions.

    On the flip side, even a small interruption to email or servers could have a large functional impact on business processes.

    Risk tolerance descriptions

    High

    • Organizations with high risk tolerances are often found in industries with limited security risk, such as Construction, Agriculture and Fishing, or Mining.
    • A high risk tolerance may be appropriate for organizations that do not rely on highly sensitive data, have limited compliance obligations, and where their customers do not demand strong security controls. Organizations that are highly focused on innovation and rapid growth may also tend towards a higher risk tolerance.
    • However, many organizations adopt a high risk tolerance by default simply because they have not adequately assessed their risks.

    Moderate

    • Organizations with medium risk tolerances are often found in industries with moderate levels of security risk, such as Local Government, Education, or Retail and Wholesale
    • A medium risk tolerance may be appropriate for organizations that store and process some sensitive data, have a modest number of compliance obligations, and where customer expectations for security tend to be implicit rather than explicit.

    Low

    • Organizations with low risk tolerances are often found in industries with elevated security risk, such as Financial Services, Federal Governments, or Defense Contractors.
    • A low risk tolerance may be appropriate for organizations that store very sensitive data, process high-value financial transactions, are highly regulated, and where customers demand strong security controls.
    • Some organizations claim to have a low risk tolerance, but in practice will often allow business units or IT to accept more security risk than would otherwise be permissible. A strong information security program will be required to manage risks to an acceptable level.

    1.4.1 Complete the risk tolerance questionnaire

    Estimated Time: 30-60 minutes

    1. In a group discussion, review the low-, medium-, and high-impact scenarios and examples for each impact category. Ensure that everyone has a consistent understanding of the scenarios.
    2. For each impact type, use the frequency drop-down list to identify the maximum frequency that the organization could tolerate for the event scenarios, considering:
      • The current frequency with which the scenarios are occurring in your organization may be a good indication of your tolerance. However, keep in mind that you may be able to tolerate these incidents happening more frequently than they do.
      • Hoping is not the same as tolerating. While everyone hopes that high-impact incidents never occur, carefully consider whether you could tolerate them occurring more frequently.

    A screenshot showing the ‘Organizational Security Risk Tolerance Assessment,’ part of the ‘Information Security Pressure Analysis Tool.’

    1.4.2 Review the results of the risk tolerance analysis

    Estimated Time: 30 minutes

    1. Once you have completed the risk tolerance exercise, you can review the output on the Results tab.
    2. If required, the weightings of each of the impact types can be customized on the Weightings tab.
    3. Once you have reviewed the results, copy your risk tolerance diagram into the Information Security Strategy Communication Deck.

    A screenshot showing the results of the 'Information Security Risk Tolerance Assessment,' part of the ‘Information Security Pressure Analysis Tool.’

    A low risk tolerance will require a stronger information security program to ensure that operational security risk in the organization is minimized. If this tool reports that your risk tolerance is low, it is recommended that you review the results with your senior stakeholders to ensure agreement and support for the security program.

    1.5 Establish your target state

    Estimated Time: 30-60 minutes

    1. As a group, review the overall results of the requirements gathering exercise:
      • Business goals cascade
      • Compliance obligations
      • Scope
    2. Review the overall results of the risk assessment, pressure analysis, and risk tolerance exercises.
    3. Conduct a group discussion to arrive at a consensus of what the ideal target state for the information security program should look like.
      • Developing mission and vision statements for security may be useful for focusing the group.
      • This discussion should also consider the desired time frame for achieving the target state.

    Download the Information Security Pressure Analysis Tool

    Input

    • Information security requirements (goals cascade, compliance obligations, scope)
    • Risk assessment
    • Pressure analysis
    • Risk tolerance

    Output

    • Completed information security target state

    Materials

    Participants

    • Security Team
    • IT Leadership
    • Risk Management
    • Business Leaders
    • Compliance

    Understanding security target states

    Maturity models are very effective for determining information security target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state for information security in your organization.

    1. AD HOC

      Initial/Ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.
    2. DEVELOPING

      Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.
    3. DEFINED

      A defined security program is holistic, documented, and proactive. At least some governance is in place, however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.
    4. MANAGED

      Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.
    5. OPTIMIZED

      An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.

    1.5.1 Review the results of the target state recommendation

    Estimated Time: 30-60 minutes

    1. Based upon your risk assessment, pressure analysis, and risk tolerance, the Information Security Pressure Analysis Tool will provide a recommended information security target state.
    2. With your group, review the recommendation against your expectations.
    3. If required, the weightings of each of the factors can be customized on the Weightings tab.
    4. Once you have reviewed the results, copy your target state diagram into the Information Security Strategy Communication Deck.

    A screenshot showing the results of the ‘Information Security Target State,’ part of the ‘Information Security Pressure Analysis Tool.’

    Info-Tech Insight

    Higher target states require more investment to attain. It is critical to ensure that all key stakeholders agree on the security target state. If you set a target state that aims too high, you may struggle to gain support and funding for the strategy. Taking this opportunity to ensure alignment from the start will pay off dividends in future.

    1.5.2 Review and adjust risk and pressure weightings

    Estimated Time: 30 minutes

    1. If the results of your risk assessment, pressure analysis, risk tolerance, or target state do not match your expectations, you may need to review and adjust the weightings for the elements within one or more of these areas.
    2. On the Weightings tab, review each of the strategic categories and adjust the weights as required.
      • Each domain is weighted to contribute to your overall pressure score based on the perceived importance of the domain to the organization.
      • The sum of all weights for each category must add up to 100%.

    A screenshot showing the results of the weightings given to each factor in a category, part of the ‘Information Security Pressure Analysis Tool.’

    Case Study

    Credit Service Company

    Industry: Financial Services

    Source: Info-Tech Research group

    Below are some of the primary requirements that influenced CSC’s initial strategy development.

    External Pressure

    Pressure Level: High

    • Highly regulated industries, such as Finance, experience high external pressure.
    • Security pressure was anticipated to increase over the following three years due to an increase in customer requirement.

    Obligations

    Regulatory: Numerous regulations and compliance requirements as a financial institution (PCI, FFIEC guidance).

    Customer: Implicitly assumes personal, financial, and health information will be kept secure.

    Risk Tolerance

    Tolerance Level: Low

    1. Management: Are risk averse and have high visibility into information security.
    2. Multiple locations controlled by a central IT department decreased the organization’s risk tolerance.

    Summary of Security Requirements

    Define and implement dynamic information security program that understands and addresses the business’ inherent pressure, requirements (business, regulatory, and customer), and risk tolerance.

    Phase 2

    Build a Gap Initiative Strategy

      Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

      Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

      Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

      Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

      This phase will walk you through the following activities:

    • 2.1 Review Info-Tech’s framework.
    • 2.2 Assess your current state of security against your target state.
    • 2.3 Identify actions required to close gaps.

    2.1 Review the Info-Tech framework

    Estimated Time: 30-60 minutes

    1. As a group, have the security team review the security framework within the Information Security Gap Analysis Tool.
    2. Customize the tool as required using the instructions on the following slides.

    Input

    • Information security requirements
    • Security target state

    Output

    • Customized security framework

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team

    Download the Information Security Gap Analysis Tool

    Understand the Info-Tech framework

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:

    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    A diagram depicting Info-Tech’s best-of-breed security framework.

    A best-of-breed approach ensures holistic coverage of your information security program while refraining from locking you in to a specific compliance standard.

    2.1.1 Configure the Information Security Gap Analysis Tool

    Estimated Time: 30 minutes

    Review the Setup tab of the Information Security Gap Analysis Tool. This tab contains several configurable settings that should be customized to your organization. For now, the three settings you will need to modify are:

    • The security target state. Enter the target state from your Information Security Pressure Analysis Tool. If you do not enter a target state, the tool will default to a target of 3 (Defined).
    • Your Security Alignment Goals (from your Information Security Requirements Gathering Tool).
    • The starting year for your security roadmap.

    A screenshot showing the ‘Setup’ tab of the ‘Information Security Gap Analysis Tool.’

    2.2 Assess current state of security

    Estimated Time: 8-16 hours

    1. Using the Information Security Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to complete your current state and target state assessment.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Input

    • Security target state
    • Information on current state of security controls, including sources such as audit findings, vulnerability and penetration test results, and risk registers

    Output

    • Gap analysis

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Download the Information Security Gap Analysis Tool

    Example maturity levels

    To help determine appropriate current and target maturity levels, refer to the example below for the control “Email communication is filtered for spam and potential malicious communications.”

    AD HOC 01

    There is no centrally managed spam filter. Spam may be filtered by endpoint email clients.

    DEVELOPING 02

    There is a secure email gateway. However, the processes for managing it are not documented. Administrator roles are not well defined. Minimal fine-tuning is performed, and only basic features are in use.

    DEFINED 03

    There is a policy and documented process for email security. Roles are assigned and administrators have adequate technical training. Most of the features of the solution are being used. Rudimentary reports are generated, and some fine-tuning is performed.

    MANAGED 04

    Metrics are produced to measure the effectiveness of the email security service. Advanced technical features of the solution have been implemented and are regularly fine-tuned based on the metrics.

    OPTIMIZED 05

    There is a dedicated email security administrator with advanced technical training. Custom filters are developed to further enhance security, based on relevant cyber threat intelligence. Email security metrics feed key risk indicators that are reported to senior management.

    2.2.1 Conduct current state assessment

    Estimated Time: 8-16 hours

    1. Carefully review each of the controls in the Gap Analysis tab. For each control, indicate the current maturity level using the drop-down list.
      • You should only use “N/A” if you are confident that the control is not required in your organization.
      • For example, if your organization does not perform any software development then you can select “N/A” for any controls related to secure coding practices.
    2. Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
    3. Select the target maturity for the control. The tool will default to the target state for your security program, but this can be overridden using the drop-down list.

    2.2.1 Conduct current state assessment

    Estimated Time: 8-16 hours

    1. Carefully review each of the controls in the Gap Analysis tab. For each control, indicate the current maturity level using the drop-down list.
      • You should only use “N/A” if you are confident that the control is not required in your organization. For example, if your organization does not perform any software development then you can select “N/A” for any controls related to secure coding practices.
    2. Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
    3. Select the target maturity for the control. The tool will default to the target state for your security program, but this can be overridden using the drop-down list.

    A screenshot showing the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    Review the Gap Analysis Dashboard

    Use the Gap Assessment Dashboard to map your progress. As you fill out the Gap Analysis Tool, check with the Dashboard to see the difference between your current and target state.

    Use the color-coded legend to see how large the gap between your current and target state is. The legend can be customized further if desired.

    Security domains that appear white have not yet been assessed or are rated as “N/A.”

    2.2.3 Identify actions required to close gaps

    Estimated Time: 4-8 hours

    1. Using the Information Security Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to identify gap closure actions for each control that requires improvement.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Input

    • Security control gap information

    Output

    • Gap closure action list

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Download the Information Security Gap Analysis Tool

    2.3.1 Identify gap closure actions

    Estimated Time: 4-8 hours

    1. For each of the controls where there is a gap between the current and target state, a gap closure action should be identified:
      • Review the example actions and copy one or more of them if appropriate. Otherwise, enter your own gap closure action.
    2. Identify whether the action should be managed as a task or as an initiative. Most actions should be categorized as an initiative. However, it may be more appropriate to categorize them as a task when:
      1. They have no costs associated with them
      2. They require a low amount of initial effort to implement and no ongoing effort to maintain
      3. They can be accomplished independently of other tasks

    A screenshot showing gap closure actions, part of the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    Considerations for gap closure actions

    • In small groups, have participants ask, “what would we have to do to achieve the target state?” Document these in the Gap Closure Actions column.
    • The example gap closure actions may be appropriate for your organization, but do not simply copy them without considering whether they are right for you.
    • Not all gaps will require their own action. You can enter one action that may address multiple gaps.
    • If you find that many of your actions are along the lines of “investigate and make recommendations,” you should consider using the estimated gap closure percentage column to track the fact that these gaps will not be fully closed by the actions.

    A screenshot showing considerations for gap closure actions, part of the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    2.3.2 Define gap closure action effectiveness

    Estimated Time: 1-2 hours

    For each of the gap closure actions, optionally enter an estimated gap closure percentage to indicate how effective the action will be in fully closing the gap.

    • For instance, an action to “investigate solutions and make recommendations” will not fully close the gap.
    • This is an optional step but will be helpful to understand how much progress towards your security target state you will make based on your roadmap.
    • If you do not fill in this column, the tool will assume that your actions will fully close all gaps.

    A screenshot showing considerations for estimated gap closure percentage, part of the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    Completing this step will populate the “Security Roadmap Progression” diagram in the Results tab, which will provide a graphic illustration of how close to your target state you will get based upon the roadmap.

    Phase 3

    Prioritize Initiatives and Build Roadmap

    Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

    Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

    Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

    Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

    This phase will walk you through the following activities:

    • 3.1 Define tasks and initiatives.
    • 3.2 Define cost, effort, alignment, and security benefit of each initiative.
    • 3.3 Prioritize initiatives.
    • 3.4 Build the prioritized security roadmap

    3.1 Define tasks and initiatives

    Estimated Time: 2-4 hours

    1. As a group, review the gap actions identified in the Gap Analysis tab.
    2. Using the instructions on the following slides, finalize your task list.
    3. Using the instructions on the following slides, review and consolidate your initiative list.

    Input

    • Gap analysis

    Output

    • List of tasks and initiatives

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.1.1 Finalize your task list

    Estimated Time: 1-2 hours

    1. Obtain a list of all your task actions by filtering on the Action Type column in the Gap Analysis tab.
    2. Paste the list into the table on the Task List tab.
      • Use Paste Values to retain the table formatting
    3. Enter a task owner and due date for each task. Without accountability, it is too easy to fall into complacency and neglect these tasks.

    A screenshot showing the 'Task List' tab of the 'Information Security Gap Analysis Tool.'

    Info-Tech Insight

    Tasks are not meant to be managed to the same degree that initiatives will be. However, they are still important. It is recommended that you develop a process for tracking these tasks to completion.

    3.1.2 Consolidate your gap closure actions into initiatives

    Estimated Time: 2-3 hours

    1. Once you have finalized your task list, you will need to consolidate your list of initiative actions. Obtain a list of all your initiative actions by filtering on the Action Type column in the Gap Analysis tab.
    2. Create initiatives on the Initiative List tab. While creating initiatives, consider the following:
      • As much as possible, it is recommended that you consolidate multiple actions into a single initiative. Reducing the total number of initiatives will allow for more efficient management of the overall roadmap.
      • Start by identifying areas of commonality between gap closure actions, for instance:
        • Group all actions within a security domain into a single initiative.
        • Group together similar actions, such as all actions that require updating policies.
        • Consider combining actions that have inter-dependencies.
      • While it is recommended that you consolidate actions as much as possible, some actions should become initiatives on their own. This will be appropriate when:
        • The action is time sensitive and consolidating it with other actions will cause scheduling issues.
        • Actions that could otherwise be consolidated have different business sponsors or owners and need to be kept separate for funding or accountability reasons.
    3. Link the initiative actions on the Gap Analysis tab using the drop-down list in the Initiative Name column.

    Initiative consolidation example

    In the example below, we see three gap closure actions within the Security Culture and Awareness domain being consolidated into a single initiative “Develop security awareness program.”

    We can also see one gap closure action within the same domain being grouped with two actions from the Security Policies domain into another initiative “Update security policies.”

    Info-Tech Insight

    As you go through this exercise, you may find that some actions that you previously categorized as tasks could be consolidated into an initiative.

    A screenshot showing how six sample gap closure actions can be distilled into two gap closure initiatives. Part of the 'Information Security Gap Analysis Tool.'

    3.1.3 Finalize your initiative list

    Estimated Time: 30 minutes

    1. Review your final list of initiatives and make any required updates.
    2. Optionally, add a description or paste in a list of the individual gap closure actions that are associated with the initiative. This will make it easier to perform the cost and benefit analysis.
    3. Use the drop-down list to indicate which of the security alignment goals most appropriately reflects the objectives of the initiative. If you are unsure, use the legend next to the table to find the primary security domain associated with the initiative and then select the recommended security alignment goal.
      • This step is important to understand how the initiative supports the business goals identified earlier.

     A screenshot showing the primary security alignment goal, part of the 'Initiative List' tab of the 'Information Security Gap Analysis Tool.'

    3.2 Conduct cost/ benefit analysis

    Estimated Time: 1-2 hours

    1. As a group, define the criteria to be used to conduct the cost/benefit analysis, following the instructions on the next slide.
    2. Assign costing and benefits information for each initiative.
    3. Define dependencies or business impacts if they will help with prioritization.

    Input

    • Gap analysis
    • Initiative list

    Output

    • Completed cost/benefit analysis for initiative list

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.2.1 Define costing criteria

    Estimated Time: 30 minutes

    1. On the Setup tab of the Information Security Gap Analysis Tool, enter high, medium, and low ranges for initial and ongoing costs and efforts.
      1. Initial costs are one-time, upfront capital investments (e.g. hardware and software costs, project-based consulting fees, training).
      2. Ongoing cost is any annually recurring operating expenses that are new budgetary costs (e.g. licensing, maintenance, subscription fees).
      3. Initial staffing in hours is total time in person hours required to complete a project. It is not total elapsed time but dedicated time. Consider time required to gather requirements and to design, test, and implement the solution.
      4. Ongoing staffing in FTEs is the ongoing average effort required to support that initiative after implementation.
    2. In addition to ranges, provide an average for each. These will be used to calculate estimated total costs for the roadmap.

    A screenshot showing the initiative costs for estimation, part of the 'Setup' tab of the 'Information Security Gap Analysis Tool.' The range of costs is labeled with an arrow with number 1 on it, and the average cost per initiative is labeled with an arrow with number 2 on it.

    Make sure that your ranges allow for differentiation between initiatives to enable prioritization. For instance, if you set your ranges too low, all your initiatives will be assessed as high cost, providing no help when you must prioritize them.

    3.2.2 Define benefits criteria

    Estimated Time: 30 minutes

    1. On the Setup tab of the Information Security Gap Analysis Tool, enter high, medium, and low values for the Alignment with Business Benefit.
      • This variable is meant to capture how well each initiative aligns with organizational goals and objectives.
      • By default, this benefit is linked directly to business goals through the primary and secondary security alignment goals. This allows the tool to automatically calculate the benefit based on the security alignment goals associated with each initiative.
      • If you change these values, you may need to override the calculated values in the prioritization tab.
    2. Enter a high, medium, and low value for the Security Benefit.
      • This variable is meant to capture the relative security benefit or risk reduction being provided by the gap initiative.
      • By default, this benefit is linked to security risk reduction.

    A screenshot showing the initiative benefits for estimation, part of the 'Setup' tab of the 'Information Security Gap Analysis Tool.'

    Some organizations prefer to use the “Security Benefit” criteria to demonstrate how well each initiative supports specific compliance goals.

    3.2.3 Complete the cost/benefit analysis

    Estimated Time: 1-2 hours

    1. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
      • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
    2. Enter the estimated benefits, also using the criteria defined earlier.
      • The Alignment with Business benefit will be automatically populated, but you can override this value using the drop-down list if desired.

    A screenshot showing the estimated cost, estimated effort, and estimated benefits section, part of the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.' Estimated cost and estimated effort are labeled with an arrow with number 1 on it, and estimated benefits is labeled with an arrow with a number 2 on it.

    3.2.4 Optionally enter detailed cost estimates

    Estimated Time: 30 minutes

    1. For each initiative, the tool will automatically populate the Detailed Cost Estimates and Detailed Staffing Estimates columns using the averages that you provided in steps 3.2.1 and 3.2.2. However, if you have more detailed data about the costs and effort requirements for an initiative, you can override the calculated data by manually entering it into these columns. For example:
      • You are planning to subscribe to a security awareness vendor, and you have a quote from them specifying that the initial cost will be $75,000.
      • You have defined your “Medium” cost range as being “$10-100K”, so you select medium as your initial cost for this initiative in step 3.2.3. As you defined the average for medium costs as being $50,000, this is what the tool will put into the detailed cost estimate.
      • You can override this average by entering $75,000 as the initial cost in the detailed cost estimate column.

    A screenshot showing the detailed cost estimates and detailed staffing estimates columns, part of the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.' These columns are labeled with an arrow with a number 1 on it.

    Case Study

    Credit Service Company

    Industry: Financial Services

    Source: Info-Tech Research Group

    A chart titled 'Framework Components,' displaying how the Credit Service Company profiled in the case study performed a current state assessment, created gap initiatives, and prioritized gap initiatives.

    3.3 Prioritize initiatives

    Estimated Time: 2-3 hours

    1. As a group, review the results of the cost/benefit analysis. Optionally, complete the Other Considerations columns in the Prioritization tab:
      • Dependencies can refer to other initiatives on the list or any other dependency that relates to activities or projects within the organization.
      • Business impacts can be helpful to document as they may require additional planning and communication that could impact initiative timelines.
    2. Follow step 3.3.1 to create an effort map with the results of the cost/benefit analysis.
    3. Follow step 3.3.2 to assign initiatives into execution waves.

    Input

    • Gap analysis
    • Initiative list
    • Cost/benefit analysis

    Output

    • Prioritized list of initiatives

    Materials

    • Information Security Gap Analysis Tool
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.3.1 Create effort map

    Estimated Time: 30 minutes

    1. On a whiteboard, draw the quadrant diagram shown.
    2. Create sticky notes for each initiative on your initiative list.
    3. For each initiative, use the “Cost/Effort Rating” and the “Benefit Rating” calculated on the Prioritization tab to place the corresponding sticky note onto the diagram.

    An effort map is a tool used for the visualization of a cost/benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized. In this example, the initiative “Update Security Policies” was assessed as low cost/effort (3) and high benefit (10).

    An image showing how 'update security policies,' as ranked on a cost/effort and benefit quadrant, translates to a cost/effort and benefit rating on the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.'

    3.3.2 Assign initiatives to execution waves

    Estimated Time: 60 minutes

    1. Using sticky flip chart sheets, create four sheets and label them according to the four execution waves:
      • MUST DO – These are initiatives that need to get moving right away. They may be quick wins, items with critical importance, or foundational projects upon which many other initiatives depend.
      • SHOULD DO – These are important initiatives that need to get done but cannot launch immediately due to budget constraints, dependencies, or business impacts that require preparation.
      • COULD DO – Initiatives that have merit but are not a priority.
      • WON’T DO – Initiatives where the costs outweigh the benefits.
    2. Using the further instructions on the following slides, move the initiative sticky notes from your effort map into the waves.

    Considerations for prioritization

    • Starting from the top right of the effort map, begin pulling stickies off and putting them in the appropriate roadmap category.
    • Keep dependencies in mind. If an important initiative depends on a low-priority one being completed first, then pull dependent initiatives up the list.
    • It may be helpful to think of each wave as representing a specific time frame (e.g. wave 1 = first year of your roadmap, wave 2 = year two, wave 3 = year three).

    Info-Tech Insight

    Use an iterative approach. Most organizations tend to put too many initiatives into wave 1. Be realistic about what you can accomplish and take several passes at the exercise to achieve a balance.

    An image showing how to map the sticky notes from a sample exercise, as placed on a cost/effort and benefit quadrant, into waves.

    3.3.3 Finalize prioritization

    Estimated Time: 30 minutes

    1. Once you have completed placing your initiative sticky notes into the waves, update the Prioritization tab with the Roadmap Wave column.
    2. Optionally, use the Roadmap Sub-Wave column to prioritize initiatives within a single wave.
      • This will allow you more granular control over the final prioritization, especially where dependencies require extra granularity.

    Any initiatives that are currently in progress should be assigned to Wave 0.

    An image showing the roadmap wave and roadmap sub-wave sections, part of the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.' Roadmap wave is labeled with an arrow with a number 1 on it, and roadmap sub-wave is labeled with an arrow with a number 2 on it.

    3.4 Build roadmap

    Estimated Time: 1-3 hours

    1. As a group, follow step 3.4.1 to create your roadmap by scheduling initiatives into the Gantt chart within the Information Security Gap Analysis Tool.
    2. Review the roadmap for resourcing conflicts and adjust as required.
    3. Review the final cost and effort estimates for the roadmap.

    Input

    • Gap analysis
    • Cost/benefit analysis
    • Prioritized initiative list
    • (Optional) List of other non-security IT and business projects

    Output

    • Security strategic roadmap

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.4.1 Schedule initiatives using the Gantt chart

    Estimated Time: 1-2 Hours

    1. On the Gantt Chart tab for each initiative, enter an owner (the individual who will be primarily responsible for execution).
    2. Additionally, enter a start month and year for the initiative and the expected duration in months.
      • You can filter the Wave column to only see specific waves at any one time to assist with the scheduling.
      • You do not need to schedule Wave 4 initiatives as the expectation is that these initiatives will not be done.

    Info-Tech Insight

    Use the Owner column to help identify resourcing constraints. If a single individual is responsible for many different initiatives that are planned to start at the same time, consider staggering those initiatives.

    An image showing the owner and planned start sections, part of the 'Security Roadmap Gantt Chart' tab of the 'Information Security Gap Analysis Tool.' The owner column is labeled with an arrow with a 1 on it, and the planned start column is labeled with an arrow with a 2 on it.

    3.4.2 Review your roadmap

    Estimated Time: 30-60 minutes

    1. When you have completed the Gantt chart, as a group review the overall roadmap to ensure that it is reasonable for your organization. Consider the following:
      • Do you have other IT or business projects planned during this time frame that may impact your resourcing or scheduling?
      • Does your organization have regular change freezes throughout the year that will impact the schedule?
      • Do you have over-subscribed resources? You can filter the list on the Owner column to identify potential over-subscription of resources.
      • Have you considered any long vacations, sabbaticals, parental leaves, or other planned longer-term absences?
      • Are your initiatives adequately aligned to your budget cycle? For instance, if you have an initiative that is expected to make recommendations for capital expenditure, it must be completed prior to budget planning.

    A screenshot image showing parts of the 'Security Roadmap Gantt Chart' tab with sample data in it. Taken from the 'Information Security Gap Analysis Tool.'

    3.4.3 Review your expected roadmap progression

    Estimated Time: 30 minutes

    1. If you complete the optional exercise of filling in the Estimated Gap Closure Percentage column on the Gap Analysis tab, the tool will generate a diagram showing how close to your target state you can expect to get based on the tasks and initiatives in your roadmap. You can review this diagram on the Results tab.
      • Remember that this Expected Maturity at End of Roadmap score assumes that you will complete all tasks and initiatives (including all Wave 4 initiatives).
    2. Copy the diagram into the Information Security Strategy Communication Deck.

    Info-Tech Insight

    Often, internal stakeholders will ask the question “If we do everything on this roadmap, will we be at our target state?” This diagram will help answer that question.

    A screenshot image showing the 'Expected Security Roadmap Progression' with sample data in it. Part of the 'Results' tab of the 'Information Security Gap Analysis Tool.'

    3.4.4 Review your cost/effort estimates table

    Estimated Time: 30 minutes

    1. Once you have completed your roadmap, review the total cost/effort estimates. This can be found in a table on the Results tab. This table will provide initial and ongoing costs and staffing requirements for each wave. This also includes the total three-year investment. In your review consider:
      • Is this investment realistic? Will completion of your roadmap require adding more staff or funding than you otherwise expected?
      • If the investment seems unrealistic, you may need to revisit some of your assumptions, potentially reducing target levels or increasing the amount of time to complete the strategy.
      • This table provides you with the information to have important conversations with management and stakeholders
    2. When you have completed your review, copy the table into the Information Security Strategy Communication Deck.

    A screenshot image showing the 'Information Security Roadmap Cost/Effort Estimates,' part of the 'Results' tab of the 'Information Security Gap Analysis Tool.'

    Phase 4

    Execute and Maintain

    Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

    Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

    Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

    Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

    This phase will walk you through the following activities:

    • 4.1 Build your security strategy communication deck.
    • 4.2 Develop a security charter.
    • 4.3 Execute on your roadmap.

    4.1 Build your communication deck

    Estimated Time: 1-3 hours

    1. As a group, review the Information Security Strategy Communication Deck.
    2. Follow the instructions within the template and on the next few slides to customize the template with the results of your strategic roadmap planning.

    Input

    • Completed Security Requirements Gathering Tool
    • Completed Security Pressure Analysis Tool
    • Completed Security Gap Analysis Tool

    Output

    • Information Security Strategy Communication Deck

    Materials

    • Information Security Strategy Communication Deck

    Participants

    • Security Team
    • IT Leadership

    Download the Information Security Gap Analysis Tool

    4.1.1 Customize the Communication Deck

    Estimated Time: 1-2 hours

    1. When reviewing the Information Security Strategy Communication Deck, you will find slides that contain instructions within green text boxes. Follow the instructions within the boxes, then delete the boxes.
      • Most slides only require that you copy and paste screenshots or tables from your tools into the slides.
      • However, some slides require that you customize or add text explanations that need to reflect your unique organization.
      • It is recommended that you pay attention to the Next Steps slide at the end of the deck. This will likely have a large impact on your audience.
    2. Once you have customized the existing slides, you may wish to add additional slides. For instance, you may wish to add more context to the risk assessment or pressure analysis diagrams or provide details on high-priority initiatives.

    An image showing the 'Business Goals Cascade,' part of the 'Information Security Strategy Communication Deck.' A green box on top of the screenshot instructs you to 'Paste your goals cascade from the Information Security Requirements Gathering Tool here.'

    Consider developing multiple versions of the deck for different audiences. Senior management may only want an executive summary, whereas the CIO may be more interested in the methodology used to develop the strategy.

    Communication considerations

    Developing an information security strategy is only half the job. For the strategy to be successful, you will need to garner support from key internal stakeholders. These may include the CIO, senior executives, and business leaders. Without their support, your strategy may never get the traction it needs. When building your communication deck and planning to present to these stakeholders, consider the following:

    • Gaining support from stakeholders requires understanding their needs. Before presenting to a new audience, carefully consider their priorities and tailor your presentation to address them.
    • Use the communication deck to clarify the business context and how your initiatives that will support business goals.
    • When presenting to senior stakeholders, anticipate what questions they might ask and be sure to prepare answers in advance. Always be prepared to speak to any data point within the deck.
    • If you are going to present your strategy to a group and you anticipate that one or more members of that group may be antagonistic, seek out an opportunity to speak to them before the meeting and address their concerns one on one.

    If you have already fully engaged your key stakeholders through the requirements gathering exercises, presenting the strategy will be significantly easier. The stakeholders will have already bought in to the business goals, allowing you to show how the security strategy supports those goals.

    Info-Tech Insight

    Reinforce the concept that a security strategy is an effort to enable the organization to achieve its core mission and goals and to protect the business only to the degree that the business demands. It is important that stakeholders understand this point.

    4.2 Develop a security charter

    Estimated Time: 1-3 hours

    1. As a group, review the Information Security Charter.
    2. Customize the template as required to reflect your information security program. It may include elements such as:
      • A mission and vision statement for information security in your organization
      • The objectives and scope of the security program
      • A description of the security principles upon which your program is built
      • High-level roles and responsibilities for information security within the organization

    Input

    • Completed Security Requirements Gathering Tool
    • Completed Security Pressure Analysis Tool
    • Completed Security Gap Analysis Tool

    Output

    • Information security charter

    Materials

    • Information Security Charter

    Participants

    • Security Team

    Download the Information Security Gap Analysis Tool

    4.2.1 Customize the Information Security Charter

    Estimated Time: 1-3 hours

    1. Involve the stakeholders that were present during Phase 1 activities to allow you to build a charter that is truly reflective of your organization.
    2. The purpose of the security charter is too:
      • Establish a mandate for information security within the organization.
      • Communicate executive commitment to risk and information security management.
      • Outline high-level responsibilities for information security within the organization.
      • Establish awareness of information security within the organization.

    A screenshot of the introduction of the 'Information Security Charter' template.

    A security charter is a formalized and defined way to document the scope and purpose of your security program. It will define security governance and allow it to operate efficiently through your mission and vision.

    4.3 Execute on your roadmap

    1. Executing on your information security roadmap will require coordinated effort by multiple teams within your organization. To ensure success, consider the following recommendations:
      1. If you have a project management office, leverage them to help apply formal project management methodologies to your initiatives.
      2. Develop a process to track the tasks on your strategy task list. Because these will not be managed as formal initiatives, it will be easy to lose track of them.
      3. Develop a schedule for regular reporting of progress on the roadmap to senior management. This will help hold yourself and others accountable for moving the project forward.
    2. Plan to review and update the strategy and roadmap on a regular basis. You may need to add, change, or remove initiatives as priorities shift.

    Input

    • Completed Security Gap Analysis Tool

    Output

    • Execution of your strategy and roadmap

    Materials

    • Information Security Gap Analysis Tool
    • Project management tools as required

    Participants

    • Security Team
    • Project Management Office
    • IT and Corporate Teams, as required

    Info-Tech Insight

    Info-Tech has many resources that can help you quickly and effectively implement most of your initiatives. Talk to your account manager to learn more about how we can help your strategy succeed.

    Summary of Accomplishment

    Knowledge Gained

    • Knowledge of organizational pressures and the drivers behind them
    • Insight into stakeholder goals and obligations
    • A defined security risk tolerance information and baseline
    • Comprehensive knowledge of security current state and summary initiatives required to achieve security objectives

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Information Security Program Gap Analysis Tool

    Use our best-of-breed security framework to perform a gap analysis between your current and target states.

    Information Security Requirements Gathering Tool

    Define the business, customer, and compliance alignment for your security program.

    Related Info-Tech Research

    Develop a Security Operations Strategy

    A unified security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes, addressing the increasing sophistication of cyberthreats, and guiding continuous improvement.

    This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Implement a Security Governance and Management Program

    Your security governance and management program needs to be aligned with business goals to be effective.

    This approach also helps to provide a starting point to develop a realistic governance and management program.

    This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

    Align Your Security Controls to Industry Frameworks for Compliance

    Don’t reinvent the wheel by reassessing your security program using a new framework.

    Instead, use the tools in this blueprint to align your current assessment outcomes to required standards.

    Bibliography

    “2015 Cost of Data Breach Study: United States.” Sponsored by IBM. Ponemon Institute, May 2015. Web.

    “2016 Cost of Cyber Crime Study & the Risk of Business Innovation.” Ponemon Institute, Oct. 2016. Web. 25 Oct. 2016.

    “2016 Cost of Data Breach Study: Global Analysis.” Ponemon Institute, June 2016. Web. 26 Oct. 2016.

    “2016 Data Breach Investigations Report.” Verizon, 2016. Web. 25 Oct. 2016.

    “2016 NowSecure Mobile Security Report.” NowSecure, 2016. Web. 5 Nov. 2016.

    “2017 Cost of Cyber Crime Study.” Ponemon Institute, Oct. 2017. Web.

    “2018 Cost of Data Breach Study: Global Overview.” Ponemon Institute, July 2018. Web.

    “2018 Data Breach Investigations Report.” Verizon, 2018. Web. Oct. 2019.

    “2018 Global State of Information Security Survey.” CSO, 2017. Web.

    “2018 Thales Data Threat Report.” Thales eSecurity, 2018. Web.

    “2019 Data Breach Investigations Report.” Verizon, 2020. Web. Feb. 2020.

    “2019 Global Cost of a Data Breach Study.” Ponemon Institute, Feb. 2020. Web.

    “2019 The Cost of Cyber Crime Study.” Accenture, 2019. Web Jan 2020.

    “2020 Thales Data Threat Report Global Edition.” Thales eSecurity, 2020. Web. Mar. 2020.

    Ben Salem, Malek. “The Cyber Security Leap: From Laggard to Leader.” Accenture, 2015. Web. 20 Oct. 2016.

    “Cisco 2017 Annual Cybersecurity Report.” Cisco, Jan. 2017. Web. 3 Jan. 2017.

    “Cyber Attack – How Much Will You Lose?” Hewlett Packard Enterprise, Oct. 2016. Web. 3 Jan. 2017.

    “Cyber Crime – A Risk You Can Manage.” Hewlett Packard Enterprise, 2016. Web. 3 Jan. 2017.

    “Global IT Security Risks Survey.” Kaspersky Lab, 2015. Web. 20 October 2016.

    “How Much Is the Data on Your Mobile Device Worth?” Ponemon Institute, Jan. 2016. Web. 25 Oct. 2016.

    “Insider Threat 2018 Report.” CA Technologies, 2018. Web.

    “Kaspersky Lab Announces the First 2016 Consumer Cybersecurity Index.” Press Release. Kaspersky Lab, 8 Sept. 2016. Web. 3 Jan. 2017.

    “Kaspersky Lab Survey Reveals: Cyberattacks Now Cost Large Businesses an Average of $861,000.” Press Release. Kaspersky Lab, 13 Sept. 2016. Web. 20 Oct. 2016.

    “Kaspersky Security Bulletin 2016.” Kaspersky Lab, 2016. Web. 25 Oct. 2016.

    “Managing Cyber Risks in an Interconnected World: Key Findings From the Global State of Information Security Survey 2015.” PwC, 30 Sept. 2014. Web.

    “Measuring Financial Impact of IT Security on Business.” Kaspersky Lab, 2016. Web. 25 Oct. 2016.

    “Ponemon Institute Releases New Study on How Organizations Can Leapfrog to a Stronger Cyber Security Posture.” Ponemon Institute, 10 Apr. 2015. Web. 20 Oct. 2016.

    “Predictions for 2017: ‘Indicators of Compromise’ Are Dead.” Kaspersky Lab, 2016. Web. 4 Jan. 2017.

    “Take a Security Leap Forward.” Accenture, 2015. Web. 20 Oct. 2016.

    “Trends 2016: (In)security Everywhere.” ESET Research Laboratories, 2016. Web. 25 Oct. 2016.

    Research Contributors

    • Peter Clay, Zeneth Tech Partners, Principal
    • Ken Towne, Zeneth Tech Partners, Security Architect
    • Luciano Siqueria, Road Track, IT Security Manager
    • David Rahbany, The Hain Celestial Group, Director IT Infrastructure
    • Rick Vadgama, Cimpress, Head of Information Privacy and Security
    • Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
    • Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
    • Trevor Butler, City of Lethbridge, Information Technology General Manager
    • Shane Callahan, Tractor Supply, Director of Information Security
    • Jeff Zalusky, Chrysalis, President/CEO
    • Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
    • Dan Humbert, YMCA of Central Florida, Director of Information Technology
    • Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
    • Jason Bevis – FireEye, Senior Director Orchestration Product Management - Office of the CTO
    • Joan Middleton, Village of Mount Prospect, IT Director
    • Jim Burns, Great America Financial Services, Vice President Information Technology
    • Ryan Breed, Hudson’s Bay, Information Security Analyst
    • James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems

    Agile Enterprise Architecture Operating Model

    • Buy Link or Shortcode: {j2store}581|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $31,106 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model

    Establish an enterprise architecture practice that:

    • Leverages an operating model that promotes/supports agility within the organization.
    • Embraces business, data, application, and technology architectures in an optimal mix.
    • Is Agile in itself and will be sustainable and reactive to business needs, staying relevant and “profitable” – continuously delivering business value.

    Our Advice

    Critical Insight

    • Use your business and EA strategy and design principles to right-size standardized operating models to fit your EA organization’s needs.
    • You need to define a sound set of design principles before commencing with the design of your EA organization.
    • The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provides services to.
    • A phased approach and a good communication strategy is key to the success of the new EA organization.
    • Start with one group and work out the hurdles before rolling it out organization-wide.
    • Make sure that you communicate regularly on wins but also on hurdles and how to overcome them.

    Impact and Result

    • The organization design approach proposed will aim to provide twofold agility: the ability to stretch and shrink depending on business requirements and the promotion of agility in architecture delivery.
    • By recognizing that agility comes in different flavors, organizations using more traditional design patterns will also benefit from the approach advocated by this blueprint.

    Agile Enterprise Architecture Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out create an Agile EA operating model to execute the EA function, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design your EA operating model

    You need to define a sound set of design principles before commencing with the design of your EA organization.

    • Agile EA Operating Model Communication Deck
    • Agile EA Operating Model Workbook
    • Business Architect
    • Application Architect
    • Data Architect
    • Enterprise Architect

    2. Define your EA organizational structure

    The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.

    • EA Views Taxonomy
    • EA Operating Model Template
    • Architecture Board Charter Template
    • EA Policy Template
    • EA Compliance Waiver Form Template

    3. Implement the EA operating model

    A phased approach and a good communications strategy are key to the success of the new EA organization.

    • EA Roadmap
    • EA Communication Plan Template
    [infographic]

    Workshop: Agile Enterprise Architecture Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 EA Function Design

    The Purpose

    Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.

    Key Benefits Achieved

    EA is designed to be the most appropriately placed and structured for the organization.

    Activities

    1.1 Place the EA department.

    1.2 Define roles for each team member.

    1.3 Find internal and external talent.

    1.4 Create job descriptions with required proficiencies.

    Outputs

    EA organization design

    Role-based skills and competencies

    Talent acquisition strategy

    Job descriptions

    2 EA Engagement Model

    The Purpose

    Create a thorough engagement model to interact with stakeholders.

    Key Benefits Achieved

    An understanding of each process within the engagement model.

    Create stakeholder interaction cards to plan your conversations.

    Activities

    2.1 Define each engagement process for your organization.

    2.2 Document stakeholder interactions.

    Outputs

    EA Operating Model Template

    EA Stakeholder Engagement Model Template

    3 EA Governance

    The Purpose

    Develop EA boards, alongside a charter and policies to effectively govern the function.

    Key Benefits Achieved

    Governance that aids the EA function instead of being a bureaucratic obstacle.

    Adherence to governace.

    Activities

    3.1 Outline the architecture review process.

    3.2 Position the architecture review board.

    3.3 Create a committee charter.

    3.4 Make effective governance policy.

    Outputs

    Architecture Board Charter Template

    EA Policy Template

    4 Architecture Development Framework

    The Purpose

    Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.

    Key Benefits Achieved

    A thoroughly articulated development framework.

    Understanding of the views that influence each domain.

    Activities

    4.1 Tailor an architecture development framework to your organizational context.

    Outputs

    EA Operating Model Template

    Enterprise Architecture Views Taxonomy

    5 Operational Plan

    The Purpose

    Create a change management and communication plan or roadmap to execute the operating model.

    Key Benefits Achieved

    Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.

    Effectively execute the roadmap.

    Activities

    5.1 Create a sponsorship action plan.

    5.2 Outline a communication plan.

    5.3 Execute a communication roadmap.

    Outputs

    Sponsorship Action Plan

    EA Communication Plan Template

    EA Roadmap

    Build a Platform-Based Organization

    • Buy Link or Shortcode: {j2store}98|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $3,420 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The organization is riddled with bureaucracy. Some even believe that bureaucracy is inevitable and is an outcome of a complex business operating in a complex market and regulatory environment.
    • Time to market for new products and services is excruciatingly long.
    • Digital natives like Facebook, Netflix, and Spotify do not compare well with the organization and cannot be looked to for inspiration.

    Our Advice

    Critical Insight

    • Large corporations often consist of a few operating units, each with its own idiosyncracies about strategies, culture, and capabilities. These tightly integrated operating units make a company prone to bureaucracy.
    • The antidote to this bureaucracy is a platform structure: small, autonomous teams operating as startups within the organization.

    Impact and Result

    • Platforms consist of related activities and associated technologies that deliver on a specific organizational goal. A platform can therefore be run as a business or as a service. This structure of small autonomous teams that are loosely joined will make your employees directly accountable to the customers. In a way, they become entrepreneurs and do not remain just employees.

    Build a Platform-Based Organization Research & Tools

    Build a platform-based organization

    Download our guide to learn how you can get started with a platform structure.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Build a Platform-Based Organization Storyboard
    [infographic]

    Further reading

    Build a Platform-Based Organization

    Use a platform structure to overcome bureaucracy.

    Analyst Perspective

    Build a platform-based organization.

    Bureaucracy saps innovation out of large corporations. Some even believe that bureaucracy is inevitable and is an outcome of a complex business operating in a complex market and regulatory environment.

    So, what is the antidote to bureaucracy? Some look to startups like Uber, Airbnb, Netflix, and Spotify, but they are digital native and don’t compare well to a large monolithic corporation.

    However, all is not lost for large corporations. Inspiration can be drawn from a company in China – Haier, which is not a typical poster child of the digital age like Spotify. In fact, three decades ago, it was a state-owned company with a shoddy product quality.

    Haier uses an intriguing organization structure based on microenterprises and platforms that has proven to be an antidote to bureaucracy.

    Vivek Mehta
    Research Director, Digital & Innovation
    Info-Tech Research Group

    Executive Summary

    The Challenge

    Large corporations are prone to bureaucracies, which sap their organizations of creativity and make them blind to new opportunities. Though many executives express the desire to get rid of it, bureaucracy is thriving in their organizations.

    Why It Happens

    As organizations grow and become more complex over time, they yearn for efficiency and control. Some believe bureaucracy is the natural outcome of running a complex organization in a complex business and regulatory environment.

    Info-Tech’s Approach

    A new organizational form – the platform structure – is challenging the bureaucratic model. The platform structure makes employees directly accountable to customers and organizes them in an ecosystem of autonomous units.

    As a starting point, sketch out a platform structure that works for your organization. Then, establish a governance model and identify and nurture key capabilities for the platform structure.

    Info-Tech Insight

    The antidote to bureaucracy is a platform structure: small, autonomous teams operating as startups within the organization.

    Executive Brief Case Study

    Small pieces, loosely joined

    Haier

    Industry: Manufacturing
    Source: Harvard Business Review November-December 2018

    Haier, based in China, is currently the world’s largest appliance maker. Zhang Ruimin, Haier’s CEO, has built an intriguing organizing structure where every employee is directly accountable to customers – internal and/or external. A large corporation often consists of a few operating units, each with its own idiosyncrasies, which makes it slow to innovate. To avoid that, Haier has divided itself into 4,000 microenterprises (MEs), most of which have ten to 15 employees. There are three types of microenterprises in Haier:

    1. Approximately 200 “transforming” MEs: market-facing units like Zhisheng, which manufactures refrigerators, a legacy Haier product, for today’s young urbanites.
    2. Approximately 50 “incubating” MEs: entirely new businesses like Xinchu that wrap existing products into entirely new business models.
    3. Approximately 3,800 “node” MEs: units that sell component products and services such as design, manufacturing, and human resources support to Haier’s market-facing MEs.

    Each ME operates as an autonomous unit with its own targets – an organizing structure that enables innovation at Haier.

    (Harvard Business Review, 2018)

    The image is a rectangular graphic with the words Refrigeration Platform in the centre. There are six text boxes around the centre, reading (clockwise from top left): Zhisheng Young urbanites; Langdu Premium; Jinchu Mid-priced; Xinchu Internet-connected; Overseas Export markets; Leader Value-priced. There are a series of white boxes bordering the graphic, with the following labels: at top--Sales nodes; at right--Support nodes (R&D, HR, supply chain, etc.); at bottom left---Design nodes; at bottom right--Production nodes.

    Markets disproportionately reward platform structure

    Tech companies like Facebook, Netflix, and Spotify are organized around a set of modular platforms run by accountable platform teams. This modular org structure enables them to experiment, learn, and scale quickly – a key attribute of innovative organizations.

    Facebook ~2,603 million monthly active users

    India ~1,353 million population

    Netflix ~183 million monthly paid subscribers

    Spotify ~130 million premium subscribers

    Canada ~37 million population

    (“Facebook Users Worldwide 2020,” “Number of Netflix Subscribers 2019,” “Spotify Users - Subscribers in 2020,” Statista.)

    1. Sketch Out the Platform Structure

    What is a platform anyway?

    A modular component of an org structure

    Platforms consist of a logical cluster of activities and associated technology that delivers on a specific business goal and can therefore be run as a business, or ‘as a service’ … Platforms focus on business solutions to serve clients (internal or external) and to supply other platforms.” – McKinsey, 2019

    Platforms operate as independent units with their own business, technology, governance, processes, and people management. As an instance, a bank could have payments platform under a joint business and IT leadership. This payments-as-a-service platform could provide know-how, processes, and technology to the bank’s internal customers such as retail and commercial business units.

    Many leading IT organizations are set up in a platform-based structure that allows them to rapidly innovate. It’s an imperative for organizations in other industries that they must pilot and then scale with a platform play.

    What a platform-based org looks like

    It looks like a multicellular organism, where each cell is akin to a platform

    An organism consists of multiple cells of different types, sizes, and shapes. Each cell is independent in its working. Regardless of the type, a cell would have three features –the nucleus, the cell membrane, and, between the two, the cytoplasm.

    Similarly, an organization could be imagined as one consisting of several platforms of different types and sizes. Each platform must be autonomous, but they all share a few common features – have a platform leader, set up and monitor targets, and enable interoperability amongst platforms. Platforms could be of three types (McKinsey, 2019):

    1. Customer-journey platforms enable customer proposition and experience built on reusable code. They provide “journey as a service”; for example, Account Opening in a bank.
    2. Business-solution platforms are modular and run as a business or as a service. They provide “company as a service”; for example, Payments or Fraud Detection in a bank.
    3. Core IT provisioning platforms provide core IT services for the organization, for example, cloud, data, automation.

    There are two images: in the lower part of the graphic shows a multicellular organism, and has text pointing to a single cell. At the top, there is a zoomed in image of that single cell, with its component parts labelled: Cell Membrane, Nucleus, and Cytoplasm.

    Case study: Payments platform in a bank

    Payments as a service to internal business units

    The payments platform is led by an SVP – the platform leader. Business and IT teams are colocated and have joint leadership. The platform team works with a mindset of a startup, serving internal customers of the bank – retail and commercial lines of business.

    A diagram showing Advisory Council in a large grey box on the left. To the right are smaller dark blue boxes labeled 'Real-time peer-to-peer payments,' Wire transfers,' 'Batch payments,' 'Mobile wallets,' and 'International payments (VISA, WU, etc.),' and one light blue box labeled 'Payments innovation.'


    Advisory Council: An Advisory Council is responsible for strategy, business, and IT architecture and for overseeing the work within the team. The Advisory Council prioritizes the work, earmarks project budgets, sets standards such as for APIs and ISO 20022, and leads vendor evaluation.

    International payments (VISA, WU, etc.): Project execution teams are structured around payment modes. Teams collaborate with each other whenever a common functionality is to be developed, like fraud check on a payment or account posting for debits and credits.

    Payments innovation: A think tank keeping track of trends in payments and conducting proof of concepts (POCs) with prospective fintech partners and with new technologies.

    Use a capability map to sketch out a platform-based structure

    Corral your organization’s activities and associated tech into a set of 20 to 40 platforms that cover customer journeys, business capabilities, and core IT. Business and IT teams must jointly work on this activity and could use a capability map as an aid to facilitate the discussion.

    The image is an example of a capability map, shown in more detail in the following section.

    An example of sketching a platform-based org structure for an insurance provider (partial)

    Design Policy Create Policy Issue Policy Service Customers Process Claims Manage Investments
    Defining Market Research & Analysis Underwriting Criteria Selection Customer Targeting Interaction Management First Notice of Loss (FNOL) Investment Strategy
    Actuarial Analysis Product Reserving Needs Assessment & Quotes Payments Claims Investigation Portfolio Management
    Catastrophe Risk Modeling Reinsurance Strategy Contract Issuance Adjustments Claims Adjudication Deposits & Disbursements
    Product Portfolio Strategy Product Prototyping Application Management Renewals Claims Recovery (Subrogation) Cash & Liquidity Management
    Rate Making Product Testing Sales Execution Offboarding Dispute Resolution Capital Allocation
    Policy Definition Product Marketing Contract Change Management

    Customer Retention

    [Servicing a customer request is a customer-journey platform.]

    Claims Inquiry

    [Filing a claim is a customer-journey platform.]

    Credit Bureau Reporting
    Shared Customer Management

    Account Management

    [Customer and account management is a business-capability platform to enable journeys.]

    Channel Management Risk Management Regulatory & Compliance Knowledge Management
    Partner Management

    Access and Identity Management

    [Access and identity management is a core IT platform.]

    Change Management Enterprise Data Management Fraud Detection [Fraud detection is a business-capability platform to enable journeys.] Product Innovation
    Enabling Corporate Governance Strategic Planning Reporting Accounting Enterprise Architecture Human Resources
    Legal Corporate Finance IT Facilities Management

    2. Establish Governance and Nurture Key Capabilities

    Two ingredients of the platform structure

    Establish a governance

    Advisory Council (AC) operates like a conductor at an orchestra, looking across all the activities to understand and manage the individual components.

    Nurture key capabilities

    Team structure, processes and technologies must be thoughtfully orchestrated and nurtured.

    Establish strong governance

    Empowerment does not mean anarchy

    While platforms are distinct units, they must be in sync with each other, like individual musicians in an orchestra. The Advisory Council (AC) must act like a conductor of the orchestra and lead and manage across platforms in three ways.

    1. Prioritize spend and effort. The AC team makes allocation decisions and prioritizes spend and effort on those platforms that can best support organizational goals and/or are in most urgent technical need. The best AC teams have enterprise architects who can understand business and dive deep enough into IT to manage critical interdependencies.
    2. Set and enforce standards. The AC team establishes both business and technology standards for interoperability. For example, the AC team can set the platform and application interfaces standards and the industry standards like ISO 20022 for payments. The AC team can also provide guidance on common apps and tools to use, for example, a reconciliation system for payments.
    3. Facilitate cross-platform work. The AC team has a unique vantage point where it can view and manage interdependencies among programs. As these complexities emerge, the AC team can step in and facilitate the interaction among the involved platform teams. In cases when a common capability is required by multiple platforms, the AC team can facilitate the dialogue to have it built out.

    Nurture the following capabilities:

    Design thinking

    “Zero distance from the customer” is the focus of platform structure. Each platform must operate with a mindset of a startup serving internal and/or external users.

    Agile delivery model

    Platform teams iteratively develop their offerings. With guidance from Advisory Council, they can avoid bottlenecks of formal alignment and approvals.

    Enterprise architecture

    The raison d'être of enterprise architecture discipline is to enable modularity in the architecture, encourage reusability of assets, and simplify design.

    Microservices

    Microservices allow systems to grow with strong cohesion and weak coupling and enable teams to scale components independently.

    APIs

    With their ability to link systems and data, APIs play a crucial role in making IT systems more responsive and adaptable.

    Machine learning

    With the drop in its cost, predictability is becoming the new electricity for business. Platforms use machine learning capability for better predictions.

    Related Info-Tech Research

    Drive Digital Transformation With Platform Strategies
    Innovate and transform your business models with digital platforms.

    Implement Agile Practices That Work
    Guide your organization through its Agile transformation journey.

    Design a Customer-Centric Digital Operating Model
    Putting the customer at the center of digital transformation.

    Bibliography

    Bossert, Oliver, and Jürgen Laartz. “Perpetual Evolution—the Management Approach Required for Digital Transformation.” McKinsey, 5 June 2017. Accessed 21 May 2020.

    Bossert, Oliver, and Driek Desmet. “The Platform Play: How to Operate like a Tech Company.” McKinsey, 28 Feb. 2019. Accessed 21 May 2020.

    “Facebook Users Worldwide 2020.” Statista. Accessed 21 May 2020.

    Hamel, Gary, and Michele Zanini. “The End of Bureaucracy.” Harvard Business Review. Nov.-Dec. 2018. Accessed 21 May 2020.

    “Number of Netflix Subscribers 2019.” Statista. Accessed 21 May 2020.

    “Spotify Users - Subscribers in 2020.” Statista. Accessed 21 May 2020.

    Improve Requirements Gathering

    • Buy Link or Shortcode: {j2store}523|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $153,578 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • Poor requirements are the number one reason that projects fail. Requirements gathering and management has been an ongoing issue for IT professionals for decades.
    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives and will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also create significant damage to the working relationship between IT and the business.
    • Often, business analysts haven’t developed the right competencies to successfully execute requirements gathering processes, even when they are in place.

    Our Advice

    Critical Insight

    • To avoid makeshift solutions, an organization needs to gather requirements with the desired future state in mind.
    • Creating a unified set of standard operating procedures is essential for effectively gathering requirements, but many organizations fail to do it.
    • Centralizing governance of requirements processes with a requirements gathering steering committee or requirements gathering center of excellence can bring greater uniformity and cohesion when gathering requirements across projects.
    • Business analysts must be targeted for competency development to ensure that the processes developed above are being successfully executed and the right questions are being asked of project sponsors and stakeholders.

    Impact and Result

    • Enhanced requirements analysis will lead to tangible reductions in cycle time and reduced project overhead.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs.
    • More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to successfully execute their day-to-day responsibilities.

    Improve Requirements Gathering Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should invest in optimizing your requirements gathering processes.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the target state for the requirements gathering process

    Capture a clear understanding of the target needs for the requirements process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process
    • Requirements Gathering SOP and BA Playbook
    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst
    • Requirements Gathering Communication Tracking Template

    2. Define the elicitation process

    Develop best practices for conducting and structuring elicitation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process
    • Business Requirements Document Template
    • Scrum Documentation Template

    3. Analyze and validate requirements

    Standardize frameworks for analysis and validation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements
    • Requirements Gathering Documentation Tool
    • Requirements Gathering Testing Checklist

    4. Create a requirements governance action plan

    Formalize change control and governance processes for requirements gathering.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan
    • Requirements Traceability Matrix
    [infographic]

    Workshop: Improve Requirements Gathering

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Current State and Target State for Requirements Gathering

    The Purpose

    Create a clear understanding of the target needs for the requirements gathering process.

    Key Benefits Achieved

    A comprehensive review of the current state for requirements gathering across people, processes, and technology.

    Identification of major challenges (and opportunity areas) that should be improved via the requirements gathering optimization project.

    Activities

    1.1 Understand current state and document existing requirement process steps.

    1.2 Identify stakeholder, process, outcome, and training challenges.

    1.3 Conduct target state analysis.

    1.4 Establish requirements gathering metrics.

    1.5 Identify project levels 1/2/3/4.

    1.6 Match control points to project levels 1/2/3/4.

    1.7 Conduct project scoping and identify stakeholders.

    Outputs

    Requirements Gathering Maturity Assessment

    Project Level Selection Tool

    Requirements Gathering Documentation Tool

    2 Define the Elicitation Process

    The Purpose

    Create best practices for conducting and structuring elicitation of business requirements.

    Key Benefits Achieved

    A repeatable framework for initial elicitation of requirements.

    Prescribed, project-specific elicitation techniques.

    Activities

    2.1 Understand elicitation techniques and which ones to use.

    2.2 Document and confirm elicitation techniques.

    2.3 Create a requirements gathering elicitation plan for your project.

    2.4 Build the operating model for your project.

    2.5 Define SIPOC-MC for your selected project.

    2.6 Practice using interviews with business stakeholders to build use case models.

    2.7 Practice using table-top testing with business stakeholders to build use case models.

    Outputs

    Project Elicitation Schedule

    Project Operating Model

    Project SIPOC-MC Sub-Processes

    Project Use Cases

    3 Analyze and Validate Requirements

    The Purpose

    Build a standardized framework for analysis and validation of business requirements.

    Key Benefits Achieved

    Policies for requirements categorization, prioritization, and validation.

    Improved project value as a result of better prioritization using the MOSCOW model.

    Activities

    3.1 Categorize gathered requirements for use.

    3.2 Consolidate similar requirements and eliminate redundancies.

    3.3 Practice prioritizing requirements.

    3.4 Build the business process model for the project.

    3.5 Rightsize the requirements documentation template.

    3.6 Present the business requirements document to business stakeholders.

    3.7 Identify testing opportunities.

    Outputs

    Requirements Gathering Documentation Tool

    Requirements Gathering Testing Checklist

    4 Establish Change Control Processes

    The Purpose

    Create formalized change control processes for requirements gathering.

    Key Benefits Achieved

    Reduced interjections and rework – strengthened formal evaluation and control of change requests to project requirements.

    Activities

    4.1 Review existing CR process.

    4.2 Review change control process best practices and optimization opportunities.

    4.3 Build guidelines for escalating changes.

    4.4 Confirm your requirements gathering process for project levels 1/2/3/4.

    Outputs

    Requirements Traceability Matrix

    Requirements Gathering Communication Tracking Template

    5 Establish Ongoing Governance for Requirements Gathering

    The Purpose

    Establish governance structures and ongoing oversight for business requirements gathering.

    Key Benefits Achieved

    Consistent governance and oversight of the requirements gathering process, resulting in fewer “wild west” scenarios.

    Better repeatability for the new requirements gathering process, resulting in less wasted time and effort at the outset of projects.

    Activities

    5.1 Define RACI for the requirements gathering process.

    5.2 Define the requirements gathering steering committee purpose.

    5.3 Define RACI for requirements gathering steering committee.

    5.4 Define the agenda and cadence for the requirements gathering steering committee.

    5.5 Identify and analyze stakeholders for communication plan.

    5.6 Create communication management plan.

    5.7 Build the action plan.

    Outputs

    Requirements Gathering Action Plan

    Further reading

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Analyst Perspective

    A strong process for business requirements gathering is essential for application project success. However, most organizations do not take a strategic approach to optimizing how they conduct business analysis and requirements definition.

    "Robust business requirements are the basis of a successful project. Without requirements that correctly articulate the underlying needs of your business stakeholders, projects will fail to deliver value and involve significant rework. In fact, an Info-Tech study found that of projects that fail over two-thirds fail due to poorly defined business requirements.

    Despite the importance of good business requirements to project success, many organizations struggle to define a consistent and repeatable process for requirements gathering. This results in wasted time and effort from both IT and the business, and generates requirements that are incomplete and of dubious value. Additionally, many business analysts lack the competencies and analytical techniques needed to properly execute the requirements gathering process.

    This research will help you get requirements gathering right by developing a set of standard operating procedures across requirements elicitation, analysis, and validation. It will also help you identify and fine-tune the business analyst competencies necessary to make requirements gathering a success."

    – Ben Dickie, Director, Enterprise Applications, Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • The IT applications director who has accountability for ensuring that requirements gathering procedures are both effective and efficient.
    • The designated business analyst or requirements gathering professional who needs a concrete understanding of how to execute upon requirements gathering SOPs.

    This Research Will Help You:

    • Diagnose your current state and identify (and prioritize) gaps that exist between your target requirements gathering needs and your current capabilities and processes.
    • Build a requirements gathering SOP that prescribes a framework for requirements governance and technology usage, as well as techniques for elicitation, analysis, and validation.

    This Research Will Also Assist:

    • The business partner/stakeholder who is interested in ways to work with IT to improve upon existing procedures for requirements gathering.
    • Systems analysts and developers who need to understand how business requirements are effectively gathered upstream.

    This Research Will Help Them:

    • Understand the significance and importance of business requirements gathering on overall project success and value alignment.
    • Create rules of engagement for assisting IT with the collection of requirements from the right stakeholders in a timely fashion.

    Executive summary

    Situation

    • Strong business requirements are essential to project success – inadequate requirements are the number one reason that projects fail.
    • Organizations need a consistent, repeatable, and prescriptive set of standard operating procedures (SOPs) that dictate how business requirements gathering should be conducted.

    Complication

    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives, and they will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also damage the relationship between IT and the business.

    Resolution

    • To avoid delivering makeshift solutions (paving the cow path), organizations need to gather requirements with the desired future state in mind. Organizations need to keep an open mind when gathering requirements.
    • Creating a unified set of SOPs is essential for effectively gathering requirements; these procedures should cover not just elicitation, analysis, and validation, but also include process governance and documentation.
    • BAs who conduct requirements gathering must demonstrate proven competencies for stakeholder management, analytical techniques, and the ability to speak the language of both the business and IT.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs. More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to execute their day-to-day responsibilities.

    Info-Tech Insight

    1. Requirements gathering SOPs should be prescriptive based on project complexity. Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques like user story development.
    2. Business analysts (BA) can make or break the execution of the requirements gathering process. A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Understand what constitutes a strong business requirement

    A business requirement is a statement that clearly outlines the functional capability that the business needs from a system or application. There are several attributes to look at in requirements:

    Verifiable
    Stated in a way that can be easily tested

    Unambiguous
    Free of subjective terms and can only be interpreted in one way

    Complete
    Contains all relevant information

    Consistent
    Does not conflict with other requirements

    Achievable
    Possible to accomplish with budgetary and technological constraints

    Traceable
    Trackable from inception through to testing

    Unitary
    Addresses only one thing and cannot be decomposed into multiple requirements

    Agnostic
    Doesn’t pre-suppose a specific vendor or product

    Not all requirements will meet all of the attributes.

    In some situations, an insight will reveal new requirements. This requirement will not follow all of the attributes listed above and that’s okay. If a new insight changes the direction of the project, re-evaluate the scope of the project.

    Attributes are context specific.

    Depending on the scope of the project, certain attributes will carry more weight than others. Weigh the value of each attribute before elicitation and adjust as required. For example, verifiable will be a less-valued attribute when developing a client-facing website with no established measuring method/software.

    Build a firm foundation: requirements gathering is an essential step in any project, but many organizations struggle

    Proper requirements gathering is critical for delivering business value from IT projects, but it remains an elusive and perplexing task for most organizations. You need to have a strategy for end-to-end requirements gathering, or your projects will consistently fail to meet business expectations.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of delivered features are utilized by end users. (The Standish Group)

    78% of IT professionals believe the business is “usually” or “always” out of sync with project requirements. (Blueprint Software Systems)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems)

    Requirements gathering is truly an organization-spanning issue, and it falls directly on the IT directors who oversee projects to put prudent SOPs in place for managing the requirements gathering process. Despite its importance, the majority of organizations have challenges with requirements gathering.

    What happens when requirements are no longer effective?

    • Poor requirements can have a very visible and negative impact on deployed apps.
    • IT receives the blame for any project shortcomings or failures.
    • IT loses its credibility and ability to champion future projects.
    • Late projects use IT resources longer than planned.

    Requirements gathering is a core component of the overall project lifecycle that must be given its due diligence

    PMBOK’s Five Phase Project Lifecycle

    Initiate – Plan: Requirements Gathering Lives Here – Execute – Control – Close

    Inaccurate requirements is the 2nd most common cause of project failure (Project Management Institute ‒ Smartsheet).

    Requirements gathering is a critical stage of project planning.

    Depending on whether you take an Agile or Waterfall project management approach, it can be extended into the initiate and execute phases of the project lifecycle.

    Strong stakeholder satisfaction with requirements gathering results in higher satisfaction in other areas

    Organizations that had high satisfaction with requirements gathering were more likely to be highly satisfied with the other areas of IT. In fact, 72% of organizations that had high satisfaction with requirements gathering were also highly satisfied with the availability of IT capacity to complete projects.

    A bar graph measuring % High Satisfaction when projects have High Requirements Gathering vs. Not High Requirements Gathering. The graph shows a substantially higher percentage of high satisfaction on projects with High Requirements Gathering

    Note: High satisfaction was classified as organizations with a score greater or equal to 8. Not high satisfaction was every other organization that scored below 8 on the area questions.

    N=395 organizations from Info-Tech’s CIO Business Vision diagnostic

    Requirements gathering efforts are filled with challenges; review these pitfalls to avoid in your optimization efforts

    The challenges that afflict requirements gathering are multifaceted and often systemic in nature. There isn’t a single cure that will fix all of your requirements gathering problems, but an awareness of frequently encountered challenges will give you a basis for where to consider establishing better SOPs. Commonly encountered challenges include:

    Process Challenges

    • Requirements may be poorly documented, or not documented at all.
    • Elicitation methods may be inappropriate (e.g. using a survey when collaborative whiteboarding is needed).
    • Elicitation methods may be poorly executed.
    • IT and business units may not be communicating requirements in the same terms/language.
    • Requirements that conflict with one another may not be identified during analysis.
    • Requirements cannot be traced from origin to testing.

    Stakeholder Challenges

    • Stakeholders may be unaware of the requirements needed for the ideal solution.
    • Stakeholders may have difficulty properly articulating their desired requirements.
    • Stakeholders may have difficulty gaining consensus on the ideal solution.
    • Relevant stakeholders may not be consulted on requirements.
    • Sign-off may not be received from the proper stakeholders.

    70% of projects fail due to poor requirements. (Info-Tech Research Group)

    Address the root cause of poor requirements to increase project success

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures don’t exist.
    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign-off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality.
    • Final deliverables are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • There are high levels of end-user dissatisfaction.
    • There are high levels of project sponsor dissatisfaction.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been and continues to be the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle when it is time to optimize the requirements gathering process.

    Reduce wasted project work with clarity of business goals and analysis of requirements

    You can reduce the amount of wasted work by making sure you have clear business goals. In fact, you could see an improvement of as much as 50% by going from a low level of satisfaction with clarity of business goals (<2) to a high level of satisfaction (≥5).

    A line graph demonstrating that as the amount of wasted work increases, clarity of business goals satisfaction decreases.

    Likewise, you could see an improvement of as much as 43% by going from a low level of satisfaction with analysis of requirements (less than 2) to a high level of satisfaction (greater than or equal to 5).

    A line graph demonstrating that as the Amount of Wasted Work decreases, the level of satisfaction with analysis of requirements shifts from low to high.

    Note: Waste is measured by the amount of cancelled projects; suboptimal assignment of resources; analyzing, fixing, and re-deploying; inefficiency, and unassigned resources.

    N=200 teams from the Project Portfolio Management diagnostic

    Effective requirements gathering supports other critical elements of project management success

    Good intentions and hard work aren’t enough to make a project successful. As you proceed with a project, step back and assess the critical success factors. Make sure that the important inputs and critical activities of requirements gathering are supporting, not inhibiting, project success.

    1. Streamlined Project Intake
    2. Strong Stakeholder Management
    3. Defined Project Scope
    4. Effective Project Management
    5. Environmental Analysis

    Don’t improvise: have a structured, end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers the foundational issues (elicitation, analysis, and validation) and prescribes techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Don’t forget resourcing: the best requirements gathering process will still fail if you don’t develop BA competencies

    When creating the process for requirements gathering, think about how it will be executed by your BAs, and what the composition of your BA team should look like. A strong BA needs to serve as an effective translator, being able to speak the language of both the business and IT.

    1. To ensure alignment of your BAs to the requirements gathering process, undertake a formal skills assessment to identify areas where analysts are strong, and areas that should be targeted for training and skills development.
    2. Training of BAs on the requirements gathering process and development of intimate familiarity with SOPs is essential; you need to get BAs on the same page to ensure consistency and repeatability of the requirements process.
    3. Consider implementing a formal mentorship and/or job shadowing program between senior and junior BAs. Many of our members report that leveraging senior BAs to bootstrap the competencies of more junior team members is a proven approach to building skillsets for requirements gathering.

    What are some core competencies of a good BA?

    • Strong stakeholder management.
    • Proven track record in facilitating elicitation sessions.
    • Ability to bridge the gulf between IT and the business by speaking both languages.
    • Ability to ask relevant probing questions to uncover latent needs.
    • Experience with creating project operating models and business process diagrams.
    • Ability to set and manage expectations throughout the process.

    Throughout this blueprint, look for the “BA Insight” box to learn how steps in the requirements gathering process relate to the skills needed by BAs to facilitate the process effectively.

    A mid-sized local government overhauls its requirements gathering approach and sees strong results

    CASE STUDY

    Industry

    Government

    Source

    Info-Tech Research Group Workshop

    The Client

    The organization was a local government responsible for providing services to approximately 600,000 citizens in the southern US. Its IT department is tasked with deploying applications and systems (such as HRIS) that support the various initiatives and mandate of the local government.

    The Requirements Gathering Challenge

    The IT department recognized that a strong requirements gathering process was essential to delivering value to its stakeholders. However, there was no codified process in place – each BA unilaterally decided how they would conduct requirements gathering at the start of each project. IT recognized that to enhance both the effectiveness and efficiency of requirements gathering, it needed to put in place a strong, prescriptive set of SOPs.

    The Improvement

    Working with a team from Info-Tech, the IT leadership and BA team conducted a workshop to develop a new set of SOPs that provided clear guidance for each stage of the requirements process: elicitation, analysis, and validation. As a result, business satisfaction and value alignment increased.

    The Requirements Gathering SOP and BA Playbook offers a codified set of SOPs for requirements gathering gave BAs a clear playbook.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Strong Approach to Business Requirements Gathering – project overview

    1. Build the Target State for Requirements Gathering 2. Define the Elicitation Process 3. Analyze and Validate Requirements 4. Create a Requirements Governance Action Plan
    Best-Practice Toolkit

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    Guided Implementations
    • Review Info-Tech’s requirements gathering methodology.
    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.
    • Assess elicitation techniques and determine best fit to projects and business environment.
    • Review options for structuring the output of requirements elicitation (i.e. SIPOC).
    • Create policies for requirements categorization and prioritization.
    • Establish best practices for validating the BRD with project stakeholders.
    • Discuss how to handle changes to requirements, and establish a formal change control process.
    • Review options for ongoing governance of the requirements gathering process.
    Onsite Workshop Module 1: Define the Current and Target State Module 2: Define the Elicitation Process Module 3: Analyze and Validate Requirements Module 4: Governance and Continuous Improvement Process
    Phase 1 Results: Clear understanding of target needs for the requirements process. Phase 2 Results: Best practices for conducting and structuring elicitation. Phase 3 Results: Standardized frameworks for analysis and validation of business requirements. Phase 4 Results: Formalized change control and governance processes for requirements.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Define Current State and Target State for Requirements Gathering

    • Understand current state and document existing requirement process steps.
    • Identify stakeholder, process, outcome, and reigning challenges.
    • Conduct target state analysis.
    • Establish requirements gathering metrics.
    • Identify project levels 1/2/3/4.
    • Match control points to project levels 1/2/3/4.
    • Conduct project scoping and identify stakeholders.

    Define the Elicitation Process

    • Understand elicitation techniques and which ones to use.
    • Document and confirm elicitation techniques.
    • Create a requirements gathering elicitation plan for your project.
    • Practice using interviews with business stakeholders to build use case models.
    • Practice using table-top testing with business stakeholders to build use case models.
    • Build the operating model for your project

    Analyze and Validate Requirements

    • Categorize gathered requirements for use.
    • Consolidate similar requirements and eliminate redundancies.
    • Practice prioritizing requirements.
    • Rightsize the requirements documentation template.
    • Present the business requirements document (BRD) to business stakeholders.
    • Identify testing opportunities.

    Establish Change Control Processes

    • Review existing CR process.
    • Review change control process best practices & optimization opportunities.
    • Build guidelines for escalating changes.
    • Confirm your requirements gathering process for project levels 1/2/3/4.

    Establish Ongoing Governance for Requirements Gathering

    • Define RACI for the requirements gathering process.
    • Define the requirements gathering governance process.
    • Define RACI for requirements gathering governance.
    • Define the agenda and cadence for requirements gathering governance.
    • Identify and analyze stakeholders for communication plan.
    • Create communication management plan.
    • Build the action plan.
    Deliverables
    • Requirements gathering maturity assessment
    • Project level selection tool
    • Requirements gathering documentation tool
    • Project elicitation schedule
    • Project operating model
    • Project use cases
    • Requirements gathering documentation tool
    • Requirements gathering testing checklist
    • Requirements traceability matrix
    • Requirements gathering communication tracking template
    • Requirements gathering action plan

    Phase 1: Build the Target State for the Requirements Gathering Process

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Build the Target State

    Proposed Time to Completion: 2 weeks

    Step 1.1: Understand the Benefits of Requirements Optimization

    Start with an analyst kick off call:

    • Review Info-Tech’s requirements gathering methodology.

    Then complete these activities…

    • Hold a fireside chat.

    With these tools & templates:

    Requirements Gathering SOP and BA Playbook

    Step 1.2: Determine Your Target State for Requirements Gathering

    Review findings with analyst:

    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.

    Then complete these activities…

    • Identify your business process model.
    • Define project levels.
    • Match control points to project level.
    • Identify and analyze stakeholders.

    With these tools & templates:

    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst job description
    • Requirements Gathering Communication Tracking Template

    Phase 1 Results & Insights:

    Clear understanding of target needs for the requirements process.

    Step 1.1: Understand the Benefits of Requirements Optimization

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Identifying challenges with requirements gathering and identifying objectives for the workshop.
    This step involves the following participants:
    • Business stakeholders
    • BAs
    Outcomes of this step
    • Stakeholder objectives identified.

    Requirements optimization is powerful, but it’s not free; gauge the organizational capital you’ll need to make it a success

    Optimizing requirements management is not something that can be done in isolation, and it’s not necessarily going to be easy. Improving your requirements will translate into better value delivery, but it takes real commitment from IT and its business partners.

    There are four “pillars of commitment” that will be necessary to succeed with requirements optimization:

    1. Senior Management Organizational Capital
      • Before organizations can establish revised SOPs for requirements gathering, they’ll need a strong champion in senior management to ensure that updated elicitation and sign-off techniques do not offend people. A powerful sponsor can lead to success, especially if they are in the business.
    2. End-User Organizational Capital
      • To overcome cynicism, you need to focus on convincing end users that there is something to be gained from participating in requirements gathering (and the broader process of requirements optimization). Frame the value by focusing on how good requirements mean better apps (e.g. faster, cheaper, fewer errors, less frustration).
    3. Staff Resourcing
      • You can have a great SOP, but if you don’t have the right resources to execute on it you’re going to have difficulty. Requirements gathering needs dedicated BAs (or equivalent staff) who are trained in best practices and can handle elicitation, analysis, and validation successfully.
    4. Dedicated Cycle Time
      • IT and the business both need to be willing to demonstrate the value of requirements optimization by giving requirements gathering the time it needs to succeed. If these parties are convinced by the concept in theory, but still try to rush moving to the development phase, they’re destined for failure.

    Rethink your approach to requirements gathering: start by examining the business process, then tackle technology

    When gathering business requirements, it’s critical not to assume that layering on technology to a process will automatically solve your problems.

    Proper requirements gathering views projects holistically (i.e. not just as an attempt to deploy an application or technology, but as an endeavor to enable new or re-engineered business processes). Neglecting to see requirements gathering in the context of business process enablement leads to failure.

    • Far too often, organizations automate an existing process without putting much thought into finding a better way to do things.
    • Most organizations focus on identifying a series of small improvements to make to a process and realize limited gains.
    • The best way to generate transformational gains is to reinvent how the process should be performed and work backwards from there.
    • You should take a top-down approach and begin by speaking with senior management about the business case for the project and their vision for the target state.
    • You should elicit requirements from the rank-and-file employees while centering the discussion and requirements around senior management’s target state. Don’t turn requirements gathering into a griping session about deficiencies with a current application.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers both the foundational issues (elicitation, analysis, and validation) as well as prescribing techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Requirements gathering fireside chat

    1.1.1 – 45 minutes

    Output
    • Stakeholder objectives
    Materials
    • Whiteboard, markers, sticky notes
    Participants
    • BAs

    Identify the challenges you’re experiencing with requirements gathering, and identify objectives.

    1. Hand out sticky notes to participants, and ask the group to work independently to think of challenges that exist with regards to requirements gathering. (Hint: consider stakeholder challenges, process challenges, outcome challenges, and training challenges.) Ask participants to write their current challenges on sticky notes, and place them on the whiteboard.
    2. As a group, review all sticky notes and group challenges into themes.
    3. For each theme you uncover, work as a group to determine the objective that will overcome these challenges throughout the workshop and write this on the whiteboard.
    4. Discuss how these challenges will be addressed in the workshop.

    Don’t improvise: have a structured, prescriptive end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Use Info-Tech’s Requirements Gathering SOP and BA Playbook to assist with requirements gathering optimization

    Info-Tech’s Requirements Gathering SOP and BA Playbook template forms the basis of this blueprint. It’s a structured document that you can fill out with defined procedures for how requirements should be gathered at your organization.

    Info-Tech’s Requirements Gathering SOP and BA Playbook template provides a number of sections that you can populate to provide direction for requirements gathering practitioners. Sections provided include: Organizational Context Governance Procedures Resourcing Model Technology Strategy Knowledge Management Elicitation SOPs Analysis SOPs Validation SOPs.

    The template has been pre-populated with an example of requirements management procedures. Feel free to customize it to fit your specific needs.

    Download the Requirements Gathering SOP and BA Playbook template.

    Step 1.2: Determine Your Target State for Requirements Gathering

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Conduct a current and target state analysis.
    • Identify requirements gathering business process model.
    • Establish requirements gathering performance metrics.
    • Define project levels – level 1/2/3/4.
    • Match control points to project level.
    • Conduct initial brainstorming on the project.
    This step involves the following participants:
    • BAs
    Outcomes of this step:
    • Requirements gathering maturity summary.
    • Requirements gathering business process model.
    • Identification of project levels.
    • Identification of control points.

    Plan for requirements gathering

    The image is the Requirements Gathering Framework from earlier slides, but with all parts of the graphic grey-out, except for the arrows containing Plan and Monitor, at the top.

    Establishing an overarching plan for requirements governance is the first step in building an SOP. You must also decide who will actually execute the requirements gathering processes, and what technology they will use to accomplish this. Planning for governance, resourcing, and technology is something that should be done repeatedly and at a higher strategic level than the more sequential steps of elicitation, analysis, and validation.

    Establish your target state for requirements gathering processes to have a cogent roadmap of what needs to be done

    Visualize how you want requirements to be gathered in your organization. Do not let elements of the current process restrict your thinking.

    • First, articulate the impetus for optimizing requirements management and establish clear goals.
    • Use these goals to drive the target state.

    For example:

    • If the goal is to improve the accuracy of requirements, then restructure the validation process.
    • If the goal is to improve the consistency of requirements gathering, then create SOPs or use electronic templates and tools.

    Refrain from only making small changes to improve the existing process. Think about the optimal way to structure the requirements gathering process.

    Define the attributes of a good requirement to help benchmark the type of outputs that you’re looking for

    Attributes of Good Requirements

    Verifiable – It is stated in a way that can be tested.

    Unambiguous – It is free of subjective terms and can only be interpreted in one way.

    Complete – It contains all relevant information.

    Consistent – It does not conflict with other requirements.

    Achievable – It is possible to accomplish given the budgetary and technological constraints.

    Traceable – It can tracked from inception to testing.

    Unitary – It addresses only one thing and cannot be decomposed into multiple requirements.

    Accurate – It is based on proven facts and correct information.

    Other Considerations:

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need as it can be really easy to fall into the technology solution trap.

    Use Info-Tech’s Requirements Gathering Maturity Assessment tool to help conduct current and target state analysis

    Use the Requirements Gathering Maturity Assessment tool to help assess the maturity of your requirements gathering function in your organization, and identify the gaps between the current state and the target state. This will help focus your organization's efforts in closing the gaps that represent high-value opportunities.

    • On tab 2. Current State, use the drop-down responses to provide the answer that best matches your organization, where 1= Strongly disagree and 5 = Strongly agree. On tab 3. Target State, answer the same questions in relation to where your organization would like to be.
    • Based on your responses, tab 4. Maturity Summary will display a visual of the gap between the current and target state.

    Conduct a current and target state analysis

    1.2.1 – 1 hour

    Complete the Requirements Gathering Maturity Assessment tool to define your target state, and identify the gaps in your current state.

    Input
    • Current and target state maturity rating
    Output
    • Requirements gathering maturity summary
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    1. For each component of requirements gathering, write out a series of questions to evaluate your current requirements gathering practices. Use the Requirements Gathering Maturity Assessment tool to assist you in drafting questions.
    2. Review the questions in each category, and agree on a rating from 1-5 on their current maturity: 1= Strongly disagree and 5 = Strongly agree. (Note: it will likely be very rare that they would score a 5 in any category, even for the target state.)
    3. Once the assigned categories have been completed, have groups present their assessment to all, and ensure that there is consensus. Once consensus has been reached, input the information into the Current State tab of the tool to reveal the overall current state of maturity score for each category.
    4. Now that the current state is complete, go through each category and define the target state goals.
    5. Document any gaps or action items that need to be addressed.

    Example: Conduct a current and target state analysis

    The Requirements Gathering Maturity Assessment - Target State, with example data inputted.

    Select the project-specific KPIs that will be used to track the value of requirements gathering optimization

    You need to ensure your requirements gathering procedures are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.

    • Without following up on requirements gathering by tracking project metrics and KPIs, organizations will not be able to accurately gauge if the requirements process re-engineering is having a tangible, measurable effect. They will also not be able to determine what changes (if any) need to be made to SOPs based on project performance.
    • This is a crucial step that many organizations overlook. Creating a retroactive list of KPIs is inadequate, since you must benchmark pre-optimization project metrics in order to assess and isolate the value generated by reducing errors and cycle time and increasing value of deployed applications.

    Establish requirements gathering performance metrics

    1.2.2 – 30 minutes

    Input
    • Historical metrics
    Output
    • Target performance metrics
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. Identify the following information for the last six months to one year:
      1. Average number of reworks to requirements.
      2. Number of change requests.
      3. Percent of feature utilization by end users.
      4. User adoption rate.
      5. Number of breaches in regulatory requirements.
      6. Percent of final deliverables implemented on time.
      7. End-user satisfaction score (if possible).
    2. As a group, look at each metric in turn and set your target metrics for six months to one year for each of these categories.

    Document the output from this exercise in section 2.2 of the Requirements Gathering SOP and BA Playbook.

    Visualize your current and target state process for requirements gathering with a business process model

    A business process model (BPM) is a simplified depiction of a complex process. These visual representations allow all types of stakeholders to quickly understand a process, how it affects them, and enables more effective decision making. Consider these areas for your model:

    Stakeholder Analysis

    • Identify who the right stakeholders are
    • Plan communication
    • Document stakeholder responsibilities in a RACI

    Elicitation Techniques

    • Get the right information from stakeholders
    • Document it in the appropriate format
    • Define business need
    • Enterprise analysis

    Documentation

    • How are outputs built?
    • Process flows
    • Use cases
    • Business rules
    • Traceability matrix
    • System requirements

    Validation & Traceability

    • Make sure requirements are accurate and complete
    • Trace business needs to requirements

    Managing Requirements

    • Organizing and prioritizing
    • Gap analysis
    • Managing scope
    • Communicating
    • Managing changes

    Supporting Tools

    • Templates to standardize
    • Checklists
    • Software to automate the process

    Your requirements gathering process will vary based on the project level

    It’s important to determine the project levels up front, as each project level will have a specific degree of elicitation, analysis, and validation that will need to be completed. That being said, not all organizations will have four levels.

    Level 4

    • Very high risk and complexity.
    • Projects that result in a transformative change in the way you do business. Level 4 projects affect all lines of business, multiple technology areas, and have significant costs and/or risks.
    • Example: Implement ERP

    Level 3

    • High risk and complexity.
    • Projects that affect multiple lines of business and have significant costs and/or risks.
    • Example: Implement CRM

    Level 2

    • Medium risk and complexity.
    • Projects with broader exposure to the business that present a moderate level of risk to business operations.
    • Example: Deploy Office 365

    Level 1

    • Low risk and complexity.
    • Routine/straightforward projects with limited exposure to the business and low risk of negative business impact.
    • Example: SharePoint Update

    Use Info-Tech’s Project Level Selection Tool to classify your project level and complexity

    1.3 Project Level Selection Tool

    The Project Level Selection Tool will classify your projects into four levels, enabling you to evaluate the risk and complexity of a particular project and match it with an appropriate requirements gathering process.

    Project Level Input

    • Consider the weighting criteria for each question and make any needed adjustments to better reflect how your organization values each of the criterion.
    • Review the option levels 1-4 for each of the six questions, and make any modifications necessary to better suit your organization.
    • Review the points assigned to each of the four buckets for each of the six questions, and make any modifications needed.

    Project Level Selection

    • Use this tab to evaluate the project level of each new project.
    • To do so, answer each of the questions in the tool.

    Define project levels – Level 1/2/3/4

    1.2.3 – 1 hour

    Input
    • Project level assessment criteria
    Output
    • Identification of project levels
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Define the project levels to determine the appropriate requirements gathering process for each.

    1. Begin by asking participants to review the six criteria for assessing project levels as identified in the Project Level Selection Tool. Have participants review the list and ensure agreement around the factors. Create a chart on the board using Level 1, Level 2, Level 3, and Level 4 as column headings.
    2. Create a row for each of the chosen factors. Begin by filling in the chart with criteria for a level 4 project: What constitutes a level 4 project according to these six factors?
    3. Repeat the exercise for Level 3, Level 2, and Level 1. When complete, you should have a chart that defines the four project levels at your organization.
    4. Input this information into the tool, and ask participants to review the weighting factors and point allocations and make modifications where necessary.
    5. Input the details from one of the projects participants had selected prior to the workshop beginning and determine its project level. Discuss whether this level is accurate, and make any changes needed.

    Document the output from this exercise in section 2.3 of the Requirements Gathering SOP and BA Playbook.

    Define project levels

    1.2.3 – 1 hour

    Category Level 4 Level 3 Level 2 Level 1
    Scope of Change Full system update Full system update Multiple modules Minor change
    Expected Duration 12 months + 6 months + 3-6 months 0-3 months
    Impact Enterprise-wide, globally dispersed Enterprise-wide Department-wide Low users/single division
    Budget $1,000,000+ $500,000-1,000,000 $100,000-500,000 $0-100,000
    Services Affected Mission critical, revenue impacting Mission critical, revenue impacting Pervasive but not mission critical Isolated, non-essential
    Confidentiality Yes Yes No No

    Define project levels

    1.2.3 – 1 hour

    The tool is comprised of six questions, each of which is linked to at least one type of project risk.

    Using the answers provided, the tool will calculate a level for each risk category. Overall project level is a weighted average of the individual risk levels, based on the importance weighting of each type of risk set by the project manager.

    This tool is an excerpt from Info-Tech’s exhaustive Project Level Assessment Tool.

    The image shows the Project Level Tool, with example data filled in.

    Build your initial requirements gathering business process models: create different models based on project complexity

    1.2.4 – 30 minutes

    Input
    • Current requirements gathering process flow
    Output
    • Requirements gathering business process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Brainstorm the ideal target business process flows for your requirements gathering process (by project level).

    1. As a group, create a process flow on the whiteboard that covers the entire requirements gathering lifecycle, incorporating the feedback from exercise 1.2.1. Draw the process with input from the entire group.
    2. After the process flow is complete, compare it to the best practice process flow on the following slide. You may want to create different process flows based on project level (i.e. a process model for Level 1 and 2 requirements gathering, and a process model for how to collect requirements for Level 3 and 4). As you work through the blueprint, revisit and refine these models – this is the initial brainstorming!

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: requirements gathering business process model

    An example of the requirements gathering business process model. The model depicts the various stages of the requirements gathering process.

    Develop your BA team to accelerate collecting, analyzing, and translating requirements

    Having an SOP is important, but it should be the basis for training the people who will actually execute the requirements gathering process. Your BA team is critical for requirements gathering – they need to know the SOPs in detail, and you need to have a plan for recruiting those with an excellent skill set.

    • The designated BA(s) for the project have responsibility for end-to-end requirements management – they are responsible for executing the SOPs outlined in this blueprint, including elicitation, analysis, and validation of requirements during the project.
    • Designated BAs must work collaboratively with their counterparts in the business and IT (e.g. developer teams or procurement professionals) to ensure that the approved requirements are met in a timely and cost-effective manner.

    The ideal candidates for requirements gathering are technically savvy analysts (but not necessarily computer science majors) from the business who are already fluent with the business’ language and cognizant of the day-to-day challenges that take place. Organizationally, these BAs should be in a group that bridges IT and the business (such as an RGCOE or PMO) and be specialists rather than generalists in the requirements management space.

    A BA resourcing strategy is included in the SOP. Customize it to suit your needs.

    "Make sure your people understand the business they are trying to provide the solution for as well if not better than the business folks themselves." – Ken Piddington, CIO, MRE Consulting

    Use Info-Tech’s Business Requirements Analyst job description template for sourcing the right talent

    1.4 Business Requirements Analyst

    If you don’t have a trained group of in-house BAs who can execute your requirements gathering process, consider sourcing the talent from internal candidates or calling for qualified applicants. Our Business Requirements Analyst job description template can help you quickly get the word out.

    • Sometimes, you will have a dedicated set of BAs, and sometimes you won’t. In the latter case, the template covers:
      • Job Title
      • Description of Role
      • Responsibilities
      • Target Job Skills
      • Target Job Qualifications
    • The template is primarily designed for external hiring, but can also be used to find qualified internal candidates.

    Info-Tech Deliverable
    Download the Business Requirements Analyst job description template.

    Standardizing process begins with establishing expectations

    CASE STUDY

    Industry Government

    Source Info-Tech Workshop

    Challenge

    A mid-sized US municipality was challenged with managing stakeholder expectations for projects, including the collection and analysis of business requirements.

    The lack of a consistent approach to requirements gathering was causing the IT department to lose credibility with department level executives, impacting the ability of the team to engage project stakeholders in defining project needs.

    Solution

    The City contracted Info-Tech to help build an SOP to govern and train all BAs on a consistent requirements gathering process.

    The teams first set about establishing a consistent approach to defining project levels, defining six questions to be asked for each project. This framework would be used to assess the complexity, risk, and scope of each project, thereby defining the appropriate level of rigor and documentation required for each initiative.

    Results

    Once the project levels were defined, the team established a formalized set of steps, tools, and artifacts to be created for each phase of the project. These tools helped the team present a consistent approach to each project to the stakeholders, helping improve credibility and engagement for eliciting requirements.

    The project level should set the level of control

    Choose a level of control that facilitates success without slowing progress.

    No control Right-sized control Over-engineered control
    Final deliverable may not satisfy business or user requirements. Control points and communication are set at appropriate stage-gates to allow for deliverables to be evaluated and assessed before proceeding to the next phase. Excessive controls can result in too much time spent on stage-gates and approvals, which creates delays in the schedule and causes milestones to be missed.

    Info-Tech Insight

    Throughout the requirements gathering process, you need checks and balances to ensure that the projects are going according to plan. Now that we know our stakeholder, elicitation, and prioritization processes, we will set up the control points for each project level.

    Plan your communication with stakeholders

    Determine how you want to receive and distribute messages to stakeholders.

    Communication Milestones Audience Artifact Final Goal
    Project Initiation Project Sponsor Project Charter Communicate Goals and Scope of Project
    Elicitation Scheduling Selected Stakeholders (SMEs, Power Users) Proposed Solution Schedule Elicitation Sessions
    Elicitation Follow-Up Selected Stakeholders Elicitation Notes Confirm Accuracy of Notes
    First Pass Validation Selected Stakeholders Consolidated Requirements Validate Aggregated Requirements
    Second Pass Validation Selected Stakeholders Prioritized Requirements Validate Requirements Priority
    Eliminated Requirements Affected Stakeholders Out of Scope Requirements Affected Stakeholders Understand Impact of Eliminated Requirements
    Solution Selection High Authority/Expertise Stakeholders Modeled Solutions Select Solution
    Selected Solution High Authority/Expertise Stakeholders and Project Sponsor Requirements Package Communicate Solution
    Requirements Sign-Off Project Sponsor Requirements Package Obtain Sign-Off

    Setting control points – approvals and sign-offs

    # – Control Point: A decision requiring specific approval or sign-off from defined stakeholders involved with the project. Control points result in accepted or rejected deliverables/documents.

    A – Plan Approval: This control point requires a review of the requirements gathering plan, stakeholders, and elicitation techniques.

    B – Requirements Validation: This control point requires a review of the requirements documentation that indicates project and product requirements.

    C – Prioritization Sign-Off: This requires sign-off from the business and/or user groups. This might be sign-off to approve a document, prioritization, or confirm that testing is complete.

    D – IT or Peer Sign-Off: This requires sign-off from IT to approve technical requirements or confirm that IT is ready to accept a change.

    Match control points to project level and identify these in your requirements business process models

    1.2.5 – 45 minutes

    Input
    • Activity 1.2.4 business process diagram
    Output
    • Identify control points
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Business stakeholders
    • BAs

    Define all of the key control points, required documentation, and involved stakeholders.

    1. On the board, post the initial business process diagram built in exercise 1.2.4. Have participants suggest appropriate control points. Write the control point number on a sticky note and place it where the control point should be.
    2. Now that we have identified the control points, consider each control point and define who will be involved in each one, who provides the approval to move forward, the documentation required, and the overall goal.

    Document the output from this exercise in section 6.1 of the Requirements Gathering SOP and BA Playbook.

    A savvy BA should clarify and confirm project scope prior to embarking on requirements elicitation

    Before commencing requirements gathering, it’s critical that your practitioners have a clear understanding of the initial business case and rationale for the project that they’re supporting. This is vital for providing the business context that elicitation activities must be geared towards.

    • Prior to commencing the requirements gathering phase, the designated BA should obtain a clear statement of scope or initial project charter from the project sponsor. It’s also advisable for the BA to have an in-person meeting with the project sponsor(s) to understand the overarching strategic or tactical impetus for the project. This initial meeting should be less about eliciting requirements and more about understanding why the project is moving forward, and the business processes it seeks to enable or re-engineer (the target state).
    • During this meeting, the BA should seek to develop a clear understanding of the strategic rationale for why the project is being undertaken (the anticipated business benefits) and why it is being undertaken at this time. If the sponsor has any business process models they can share, this would be a good time to review them.

    During requirements gathering, BAs should steer clear of solutions and focus on capturing requirements. Focus on traceable, hierarchical, and testable requirements. Focusing on solution design means you are out of requirements mode.

    Identify constraints early and often, and ensure that they are adequately communicated to project sponsors and end users

    Constraints come in many forms (i.e. financial, regulatory, and technological). Identifying these constraints prior to entering requirements gathering enables you to remain alert; you can separate what is possible from what is impossible, and set stakeholder expectations accordingly.

    • Most organizations don’t inventory their constraints until after they’ve gathered requirements. This is dangerous, as clients may inadvertently signal to end users or stakeholders that an infeasible requirement is something they will pursue. As a result, stakeholders are disappointed when they don’t see it materialize.
    • Organizations need to put advanced effort into constraint identification and management. Too much time is wasted pursuing requirements that aren't feasible given existing internal (e.g. budgets and system) and external (e.g. legislative or regulatory) constraints.
    • Organizations need to manage diverse stakeholders for requirements analysis. Communication will not always be solely with internal teams, but also with suppliers, customers, vendors, and system integrators.

    Stakeholder management is a critical aspect of the BA’s role. Part of the BA’s responsibility is prioritizing solutions and demonstrating to stakeholders the level of effort required and the value attained.

    A graphic, with an arrow running down the left side, pointing downward, which is labelled Constraint Malleability. On the right side of the arrow are three rounded arrows, stacked. The top arrow is labelled Legal/Regulatory Constraints, the second is labelled System/Technical Constraints and the third is labelled Stakeholder Constraints

    Conduct initial brainstorming on the scope of a selected enterprise application project (real or a sample of your choice)

    1.2.6 – 30 minutes

    Input
    • Project details
    Output
    • Initial project scoping
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Begin the requirements gathering process by conducting some initial scoping on why we are doing the project, the goals, and the constraints.

    1. Share the project intake form/charter with each member of the group, and give them a few minutes to read over the project details.
    2. On the board write the project topic and three sub-topics:
      • Why does the business want this?
      • What do you want customers (end users) to be able to do?
      • What are the constraints?
    3. As a group, brainstorm answers to each of these questions and write them on the board.

    Example: Conduct initial brainstorming on the project

    Image shows an example for initial brainstorming on a project. The image shows the overall idea, Implement CRM, with question bubbles emerging out of it, and space left blank to brainstorm the answers to those questions.

    Identify stakeholders that must be consulted during the elicitation part of the process; get a good spectrum of subject matter experts (SMEs)

    Before you can dive into most elicitation techniques, you need to know who you’re going to speak with – not all stakeholders hold the same value.

    There are two broad categories of stakeholders:

    Customers: Those who ask for a system/project/change but do not necessarily use it. These are typically executive sponsors, project managers, or interested stakeholders. They are customers in the sense that they may provide the funding or budget for a project, and may have requests for features and functionality, but they won’t have to use it in their own workflows.

    Users: Those who may not ask for a system but must use it in their routine workflows. These are your end users, those who will actually interact with the system. Users don’t necessarily have to be people – they can also be other systems that will require inputs or outputs from the proposed solution. Understand their needs to best drive more granular functional requirements.

    "The people you need to make happy at the end of the day are the people who are going to help you identify and prioritize requirements." – Director of IT, Municipal Utilities Provider

    Need a hand with stakeholder identification? Leverage Info-Tech’s Stakeholder Planning Tool to catalog and prioritize the stakeholders your BAs will need to contact during the elicitation phase.

    Exercise: Identify and analyze stakeholders for the application project prior to beginning formal elicitation

    1.2.7 – 45 minutes

    Input
    • List of stakeholders
    Output
    • Stakeholder analysis
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Practice the process for identifying and analyzing key stakeholders for requirements gathering.

    1. As a group, generate a complete list of the project stakeholders. Consider who is involved in the problem and who will be impacted by the solution, and record the names of these stakeholders/stakeholder groups on a sticky note. Categories include:
      1. Who is the project sponsor?
      2. Who are the user groups?
      3. Who are the project architects?
      4. Who are the specialty stakeholders (SMEs)?
      5. Who is your project team?
    2. Now that you’ve compiled a complete list, review each user group and indicate their level of influence against their level of involvement in the project to create a stakeholder power map by placing their sticky on a 2X2 grid.
    3. At the end of the day, record this list in the Requirements Gathering Communication Tracking Template.

    Use Info-Tech’s Requirements Gathering Communication Tracking Template

    1.5 Requirements Gathering Communication Tracking Template

    Use the Requirements Gathering Communication Tracking Template for structuring and managing ongoing communications among key requirements gathering implementation stakeholders.

    An illustration of the Stakeholder Power Map Template tab of the Requirements Gathering Communication Tracking Template

    Use the Stakeholder Power Map tab to:

    • Identify the stakeholder's name and role.
    • Identify their position on the power map using the drop-down menu.
    • Identify their level of support.
    • Identify resisters' reasons for resisting as: unwilling, unable, and/or unknowing.
    • Identify which committees they currently sit on, and which they will sit on in the future state.
    • Identify any key objections the stakeholder may have.

    Use the Communication Management Plan tab to:

    • Identify the vehicle/communication medium (status update, meeting, training, etc.).
    • Identify the audience for the communication.
    • Identify the purpose for communication.
    • Identify the frequency.
    • Identify who is responsible for the communication.
    • Identify how the communication will be distributed, and the level of detail.

    Right-size your investments in requirements management technology; sometimes the “suite spot” isn’t necessary

    Recording and analyzing requirements needs some kind of tool, but don’t overinvest in a dedicated suite if you can manage with a more inexpensive solution (such as Word, Excel, and/or Visio). Top-tier solutions may be necessary for an enterprise ERP deployment, but you can use a low-cost solution for low-level productivity application.

    • Many companies do things in the wrong order. Organizations need to right-size the approach that they take to recording and analyzing requirements. Taking the suite approach isn’t always better – often, inputting the requirements into Word or Excel will suffice. An RM suite won’t solve your problems by itself.
    • If you’re dealing with strategic approach or calculated approach projects, their complexity likely warrants a dedicated RM suite that can trace system dependencies. If you’re dealing with primarily elementary or fundamental approach projects, use a more basic tool.

    Your SOP guide should specify the technology platform that your analysts are expected to use for initial elicitation as well as analysis and validation. You don’t want them to use Word if you’ve invested in a full-out IBM RM solution.

    The graphic shows a pyramid shape next to an arrow, pointing up. The arrow is labelled Project Complexity. The pyramid includes three text boxes, reading (from top to bottom) Dedicated RM Suite; RM Module in PM Software; and Productivity APP (Word/Excel/Visio)

    If you need to opt for a dedicated suite, these vendors should be strong contenders in your consideration set

    Dedicated requirements management suites are a great (although pricey) way to have full control over recording, analysis, and hierarchical categorization of requirements. Consider some of the major vendors in the space if Word, Excel, and Visio aren’t suitable for you.

    • Before you purchase a full-scale suite or module for requirements management, ensure that the following contenders have been evaluated for your requirements gathering technology strategy:
      • Micro Focus Requirements Management
      • IBM Requisite Pro
      • IBM Rational DOORS
      • Blueprint Requirements Management
      • Jama Software
      • Polarion Software (a Siemens Company)

    A mid-sized consulting company overhauls its requirement gathering software to better understand stakeholder needs

    CASE STUDY

    Industry Consulting

    Source Jama Software

    Challenge

    ArcherPoint is a leading Microsoft Partner responsible for providing business solutions to its clients. Its varied customer base now requires a more sophisticated requirements gathering software.

    Its process was centered around emailing Word documents, creating versions, and merging issues. ArcherPoint recognized the need to enhance effectiveness, efficiency, and accuracy of requirements gathering through a prescriptive set of elicitation procedures.

    Solution

    The IT department at ArcherPoint recognized that a strong requirements gathering process was essential to delivering value to stakeholders. It needed more scalable and flexible requirements gathering software to enhance requirements traceability. The company implemented SaaS solutions that included traceability and seamless integration features.

    These features reduced the incidences of repetition, allowed for tracing of requirements relationships, and ultimately led to an exhaustive understanding of stakeholders’ needs.

    Results

    Projects are now vetted upon an understanding of the business client’s needs with a thorough requirements gathering collection and analysis.

    A deeper understanding of the business needs also allows ArcherPoint to better understand the roles and responsibilities of stakeholders. This allows for the implementation of structures and policies which makes the requirements gathering process rigorous.

    There are different types of requirements that need to be gathered throughout the elicitation phase

    Business Requirements

    • Higher-level statements of the goals, objectives, or needs of the enterprise.
    • Describe the reasons why a project has been initiated, the objectives that the project will achieve, and the metrics that will be used to measure its success.
    • Business requirements focus on the needs of the organization as a whole, not stakeholders within it.
    • Business requirements provide the foundation on which all further requirements analysis is based:
      • Ultimately, any detailed requirements must map to business requirements. If not, what business need does the detailed requirement fulfill?

    Stakeholder Requirements

    • Statements of the needs of a particular stakeholder or class of stakeholders, and how that stakeholder will interact with a solution.
    • Stakeholder requirements serve as a bridge between business requirements and the various classes of solution requirements.
    • When eliciting stakeholder requirements, other types of detailed requirements may be identified. Record these for future use, but keep the focus on capturing the stakeholders’ needs over detailing solution requirements.

    Solution options or preferences are not requirements. Be sure to identify these quickly to avoid being forced into untimely discussions and sub-optimal solution decisions.

    Requirement types – a quick overview (continued)

    Solution Requirements: Describe the characteristics of a solution that meet business requirements and stakeholder requirements. They are frequently divided into sub-categories, particularly when the requirements describe a software solution:

    Functional Requirements

    • Describe the behavior and information that the solution will manage. They describe capabilities the system will be able to perform in terms of behaviors or operations, i.e. specific information technology application actions or responses.
    • Functional requirements are not detailed solution specifications; rather, they are the basis from which specifications will be developed.

    Non-Functional Requirements

    • Capture conditions that do not directly relate to the behavior or functionality of the solution, but rather describe environmental conditions under which the solution must remain effective or qualities that the systems must have. These can include requirements related to capacity, speed, security, availability, and the information architecture and presentation of the user interface.
    • Non-functional requirements often represent constraints on the ultimate solution. They tend to be less negotiable than functional requirements.
    • For IT solutions, technical requirements would fit in this category.
    Info-Tech Insight

    Remember that solution requirements are distinct from solution specifications; in time, specifications will be developed from the requirements. Don’t get ahead of the process.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2.1 Conduct current and target state analysis

    An analyst will facilitate a discussion to assess the maturity of your requirements gathering process and identify any gaps in the current state.

    1.2.2 Establish requirements gathering performance metrics

    Speak to an analyst to discuss and determine key metrics for measuring the effectiveness of your requirements gathering processes.

    1.2.4 Identify your requirements gathering business process model

    An analyst will facilitate a discussion to determine the ideal target business process flow for your requirements gathering.

    1.2.3; 1.2.5 Define control levels and match control points

    An analyst will assist you with determining the appropriate requirements gathering approach for different project levels. The discussion will highlight key control points and define stakeholders who will be involved in each one.

    1.2.6; 1.2.7 Conduct initial scoping and identify key stakeholders

    An analyst will facilitate a discussion to highlight the scope of the requirements gathering optimization project as well as identify and analyze key stakeholders in the process.

    Phase 2: Define the Elicitation Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define the Elicitation Process

    Proposed Time to Completion: 2 weeks

    Step 2.1: Determine Elicitation Techniques

    Start with an analyst kick off call:

    • Understand and assess elicitation techniques.
    • Determine best fit to projects and business environment.

    Then complete these activities…

    • Understand different elicitation techniques.
    • Record the approved elicitation techniques.
    Step 2.2: Structure Elicitation Output

    Review findings with analyst:

    • Review options for structuring the output of requirements elicitation.
    • Build the requirements gathering operating model.

    Then complete these activities…

    • Build use case model.
    • Use table-top testing to build use case models.
    • Build the operating model.

    With these tools & templates:

    • Business Requirements Document Template
    • Scrum Documentation Template
    Phase 2 Results & Insights:
    • Best practices for conducting and structuring elicitation.

    Step 2.1: Determine Elicitation Techniques

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Understand requirements elicitation techniques.

    This step involves the following participants:

    • BAs
    • Business stakeholders

    Outcomes of this step

    • Select and record best-fit elicitation techniques.

    Eliciting requirements is all about effectively creating the initial shortlist of needs the business has for an application

    The image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Elicit in the center of the image, with three bullet points beneath it that read: Prepare; Conduct; Confirm.

    The elicitation phase is where the BAs actually meet with project stakeholders and uncover the requirements for the application. Major tasks within this phase include stakeholder identification, selecting elicitation techniques, and conducting the elicitation sessions. This phase involves the most information gathering and therefore requires a significant amount of time to be done properly.

    Good requirements elicitation leverages a strong elicitation framework and executes the right elicitation techniques

    A mediocre requirements practitioner takes an order taker approach to elicitation: they elicit requirements by showing up to a meeting with the stakeholder and asking, “What do you want?” This approach frequently results in gaps in requirements, as most stakeholders cannot free-form spit out an accurate inventory of their needs.

    A strong requirements practitioner first decides on an elicitation framework – a mechanism to anchor the discussion about the business requirements. Info-Tech recommends using business process modelling (BPM) as the most effective framework. The BA can now work through several key questions:

    • What processes will this application need to support?
    • What does the current process look like?
    • How could we improve the process?
    • In a target state process map, what are the key functional requirements necessary to support this?

    The second key element to elicitation is using the right blend of elicitation techniques: the tactical approach used to actually collect the requirements. Interviews are the most popular means, but focus groups, JAD sessions, and observational techniques can often yield better results – faster. This section will touch on BPM/BPI as an elicitation framework, then do deep dive on different elicitation techniques.

    The elicitation phase of most enterprise application projects follows a similar four-step approach

    Prepare

    Stakeholders must be identified, and elicitation frameworks and techniques selected. Each technique requires different preparation. For example, brainstorming requires ground rules; focus groups require invitations, specific focus areas, and meeting rooms (perhaps even cameras). Look at each of these techniques and discuss how you would prepare.

    Conduct

    A good elicitor has the following underlying competencies: analytical thinking, problem solving, behavioral characteristics, business knowledge, communication skills, interaction skills, and proficiency in BA tools. In both group and individual elicitation techniques, interpersonal proficiency and strong facilitation is a must. A good BA has an intuitive sense of how to manage the flow of conversations, keep them results-oriented, and prevent stakeholder tangents or gripe sessions.

    Document

    How you document will depend on the technique you use. For example, recording and transcribing a focus group is probably a good idea, but you still need to analyze the results and determine the actual requirements. Use cases demand a software tool – without one, they become cumbersome and unwieldy. Consider how you would document the results before you choose the technique. Some analysts prefer to use solutions like OneNote or Evernote for capturing the raw initial notes, others prefer pen and paper: it’s what works best for the BA at hand.

    Confirm

    Review the documentation with your stakeholder and confirm the understanding of each requirement via active listening skills. Revise requirements as necessary. Circulating the initial notes of a requirements interview or focus group is a great practice to get into – it ensures jargon and acronyms are correctly captured, and that nothing has been lost in the initial translation.

    BPM is an extremely useful framework for framing your requirements elicitation discussions

    What is BPM? (Source: BPMInstitute.org)

    BPMs can take multiple forms, but they are created as visual process flows that depict a series of events. They can be customized at the discretion of the requirements gathering team (swim lanes, legends, etc.) based on the level of detail needed from the input.

    When to use them?

    BPMs can be used as the basis for further process improvement or re-engineering efforts for IT and applications projects. When the requirements gathering process owner needs to validate whether or not a specific step involved in the process is necessary, BPM provides the necessary breakdown.

    What’s the benefit?

    Different individuals absorb information in a variety of ways. Visual representations of a process or set of steps tend to be well received by a large sub-set of individuals, making BPMs an effective analysis technique.

    This related Info-Tech blueprint provides an extremely thorough overview of how to leverage BPM and process improvement approaches.

    Use a SIPOC table to assist with zooming into a step in a BPM to help define requirements

    Build a Sales Report
    • Salesforce
    • Daily sales results
    • Sales by product
    • Sales by account rep
    • Receive customer orders
    • Process invoices
    • GL roll-up
    • Sales by region
    • Sales by rep
    • Director of Sales
    • CEO
    • Report is accurate
    • Report is timely
    • Balance to GL
    • Automated email notification

    Source: iSixSigma

    Example: Extract requirements from a BPM for a customer service solution

    Look at an example for a claims process, and focus on the Record Claim task (event).

    Task Input Output Risks Opportunities Condition Sample Requirements
    Record Claim Customer Email Case Record
    • An agent accidentally misses the email and the case is not submitted.
    • The contents of the email are not properly ported over into the case for the claim.
    • The claim is routed to the wrong recipient within the claims department.
    • There is translation risk when the claim is entered in another language from which it is received.
    • Reduce the time to populate a customer’s claim information into the case.
    • Automate the data capture and routing.
    • Pre-population of the case with the email contents.
    • Suggested routing based on the nature of the case.
    • Multi-language support.

    Business:

    • The system requires email-to-case functionality.

    Non-Functional:

    • The cases must be supported in multiple languages.
    • Case management requires Outlook integration.

    Functional:

    • The case must support the following information:
    • Title; Customer; Subject; Case Origin; Case Type; Owner; Status; Priority
    • The system must pre-populate the claims agent based on the nature of the case.

    The image is an excerpt from a table, with the title Claims Process at the top. The top row is labelled Customer Service, and includes a textbox that reads Record Claim. The bottom row is labelled Claims, and includes a textbox that reads Manage Claim. A downward-pointing arrow connects the two textboxes.

    Identify the preferred elicitation techniques in your requirements gathering SOP: outline order of operations

    Conducting elicitation typically takes the greatest part of the requirements management process. During elicitation, the designated BA(s) should be reviewing documentation, and conducting individual and group sessions with key stakeholders.

    • When eliciting requirements, it’s critical that your designated BAs use multiple techniques; relying only on stakeholder interviews while neglecting to conduct focus groups and joint whiteboarding sessions will lead to trouble.
    • Avoid makeshift solutions by focusing on target state requirements, but don’t forget about the basic user needs. These can often be neglected because one party assumes that the other already knows about them.
    • The SOP guide should provide your BAs with a shortlist of recommended/mandated elicitation techniques based on business scenarios (examples in this section). Your SOP should also suggest the order in which BAs use the techniques for initial elicitation. Generally, document review comes first, followed by group, individual, and observational techniques.

    Elicitation is an iterative process – requirements should be refined in successive steps. If you need more information in the analysis phases, don’t be afraid to go back and conduct more elicitation.

    Understand different elicitation techniques

    2.1.1 – 1 hour

    Input
    • Elicitation techniques
    Output
    • Elicitation technique assessment
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. For this exercise, review the following elicitation techniques: observation, document review, surveys, focus groups, and interviews. Use the material in the next slides to brainstorm around the following questions:
      1. What types of information can the technique be used to collect?
      2. Why would you use this technique over others?
      3. How will you prepare to use the technique?
      4. How will you document the technique?
      5. Is this technique suitable for all projects?
      6. When wouldn’t you use it?
    2. Have each group present their findings from the brainstorming to the group.

    Document any changes to the elicitation techniques in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Understand different elicitation techniques – Interviews

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Structured One-on-One Interview In a structured one-on-one interview, the BA has a fixed list of questions to ask the stakeholder and follows up where necessary. Structured interviews provide the opportunity to quickly home in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose, i.e. to receive specific stakeholder feedback on proposed requirements or to help identify systemic constraints. Generally speaking, they should be 30 minutes or less. Low Medium
    Unstructured One-on-One Interview In an unstructured one-on-one interview, the BA allows the conversation to flow free form. The BA may have broad themes to touch on but does not run down a specific question list. Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should be 60 minutes or less. Medium Low
    Info-Tech Insight

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).

    Understand the diverse approaches for interviews

    Use a clear interview approach to guide the preparation, facilitation styles, participants, and interview schedules you manage for a specific project.

    Depending on your stakeholder audience and interview objectives, apply one or more of the following approaches to interviews.

    Interview Approaches

    • Unstructured
    • Semi-structured
    • Structured

    The Benefits of Interviews

    Fosters direct engagement

    IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.

    Offers greater detail

    With interviews, a greater degree of insight can be gained by leveraging information that wouldn’t be collected through traditional surveys. Face-to-face interactions provide thorough answers and context that helps inform requirements.

    Removes ambiguity

    Face-to-face interactions allow opportunities for follow-up around ambiguous answers. Clarify what stakeholders are looking for and expect in a project.

    Enables stakeholder management

    Interviews are a direct line of communication with a project stakeholder. They provide input and insight, and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

    Select an interview structure based on project objectives and staff types

    Consider stakeholder types and characteristics, in conjunction with the best way to maximize time, when selecting which of the three interview structures to leverage during the elicitation phase of requirements gathering.

    Structured Interviews

    • Interviews conducted using this structure are modelled after the typical Q&A session.
    • The interviewer asks the participant a variety of closed-ended questions.
    • The participant’s response is limited to the scope of the question.

    Semi-Structured Interviews

    • The interviewer may prepare a guide, but it acts as more of an outline.
    • The goal of the interview is to foster and develop conversation.
    • Participants have the ability to answer questions on broad topics without compromising the initial guide.

    Unstructured Interviews

    • The interviewer may have a general interview guide filled with open-ended questions.
    • The objective of the questions is to promote discussion.
    • Participants may discuss broader themes and topics.

    Select the best interview approach

    Review the following questions to determine what interview structure you should utilize. If you answer the question with “Yes,” then follow the corresponding recommendations for the interview elements.

    Question Structure Type Facilitation Technique # of Participants
    Do you have to interview multiple participants at once because of time constraints? Semi-structured Discussion 1+
    Does the business or stakeholders want you to ask specific questions? Structured Q&A 1
    Have you already tried an unsuccessful survey to gather information? Semi-structured Discussion 1+
    Are you utilizing interviews to understand the area? Unstructured Discussion 1+
    Do you need to gather requirements for an immediate project? Structured Q&A 1+

    Decisions to make for interviews

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements during the analysis and validation stages.

    Who to engage?

    • Individuals with an understanding of the project scope, constraints and considerations, and high-level objectives.
    • Project stakeholders from across different functional units to solicit a varied set of requirement inputs.

    How to engage?

    • Approach selected interview candidate(s) with a verbal invitation to participate in the requirements gathering process for [Project X].
    • Take the initiative to book time in the candidate’s calendar. Include in your calendar invitation a description of the preparation required for the interview, the anticipated outputs, and a brief timeline agenda for the interview itself.

    How to drive participant engagement?

    • Use introductory interview questions to better familiarize yourself with the interviewee and to create an environment in which the individual feels welcome and at ease.
    • Once acclimatized, ensure that you hold the attention of the interviewee by providing further probing, yet applicable, interview questions.

    Manage each point of the interaction in the interview process

    Interviews generally follow the same workflow regardless of which structure you select. You must manage the process to ensure that the interview runs smoothly and results in an effective gathering requirements process.

    1. Prep Schedule
      • Recommended Actions
        • Send an email with a proposed date and time for the meeting.
        • Include an overview of what you will be discussing.
        • Mention if other people will be joining (if group interview).
    2. Meeting Opening
      • Recommended Actions
        • Provide context around the meeting’s purpose and primary focal points.
        • Let interviewee(s) know how long the interview will last.
        • Ask if they have any blockers that may cause the meeting to end early.
    3. Meeting Discussion
      • Recommended Actions
        • Ask questions and facilitate discussion in accordance with the structure you have selected.
        • Ensure that the meeting’s dialogue is being either recorded using written notes (if possible) or a voice recorder.
    4. Meeting Wrap-Up
      • Recommended Actions
        • Provide a summary of the big findings and what was agreed upon.
        • Outline next steps or anything else you will require from the participant.
        • Let the interviewee(s) know that you will follow up with interview notes, and will require feedback from them.
    5. Meeting Follow-Up
      • Recommended Actions
        • Send an overview of what was covered and agreed upon during the interview.
        • Show the mock-ups of your work based on the interview, and solicit feedback.
        • Give the interviewee(s) the opportunity to review your notes or recording and add value where needed.

    Solve the problem before it occurs with interview troubleshooting techniques

    The interview process may grind to a halt due to challenging situations. Below are common scenarios and corresponding troubleshooting techniques to get your interview back on track.

    Scenario Technique
    Quiet interviewee Begin all interviews by asking courteous and welcoming questions. This technique will warm the interviewee up and make them feel more comfortable. Ask prompting questions during periods of silence in the interview. Take note of the answers provided by the interviewee in your interview guide, along with observations and impact statements that occur throughout the duration of the interview process.
    Disgruntled interviewee Avoid creating a hostile environment by eliminating the interviewee’s perception that you are choosing to focus on issues that the interviewee feels will not be resolved. Ask questions to contextualize the issue. For example, ask why they feel a particular way about the issue, and determine whether they have valid concerns that you can resolve.
    Interviewee has issues articulating their answer Encourage the interviewee to use a whiteboard or pen and paper to kick start their thought process. Make sure you book a room with these resources readily available.

    Understand different elicitation techniques – Observation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Casual Observation The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. Capture true behavior through observation of stakeholders performing tasks without informing them they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. Low Medium
    Formal Observation The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. Formal observation allows BAs to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the BA and modify their behavior if they feel their job responsibilities or job security are at risk Low Medium

    Info-Tech Insight

    Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.

    Understand different elicitation techniques – Surveys

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Closed-Response Survey A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. Closed response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements not listed. As such, closed response surveys are best used after initial elicitation or brainstorming to validate feature groups. Low Medium
    Open-Response Survey A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. Open-response surveys are a useful supplement (and occasionally replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. Low Medium

    Info-Tech Insight

    Surveys can be useful mechanisms for initial drafting of raw requirements (open-response) and gauging user interest in proposed requirements or feature sets (closed-response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the BA.

    Be aware: Know the implications of leveraging surveys

    What are surveys?

    Surveys take a sample population’s written responses for data collection. Survey respondents can identify themselves or choose to remain anonymous. Anonymity removes the fear of repercussions for giving critical responses to sensitive topics.

    Who needs to be involved?

    Participants of a survey include the survey writer, respondent(s), and results compiler. There is a moderate amount of work that comes from both the writer and compiler, with little work involved on the end of the respondent.

    What are the benefits?

    The main benefit of surveys is their ability to reach large population groups and segments without requiring personal interaction, thus saving money. Surveys are also very responsive and can be created and modified rapidly to address needs as they arise on an on-going basis.

    When is it best to employ a survey method?

    Surveys are most valuable when completed early in the requirements gathering stage.

    Intake and Scoping → Requirements Gathering → Solution Design → Development/ Procurement → Implementation/ Deployment

    When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.

    Use surveys to profile the demand for specific requirements.

    It is often difficult to determine if requirements are must haves or should haves. Surveys are a strong method to assist in narrowing down a wide range of requirements.

    • If all survey respondents list the same requirement, then that requirement is a must have.
    • If no participants mention a requirement, then that requirement is not likely to be important to project success.
    • If the results are scattered, it could be that the organization is unsure of what is needed.

    Are surveys worth the time and effort? Most of the time.

    Surveys can generate insights. However, there are potential barriers:

    • Well-constructed surveys are difficult to make – asking the right questions without being too long.
    • Participants may not take surveys seriously, giving non-truthful or half-hearted answers.

    Surveys should only be done if the above barriers can easily be overcome.

    Scenario: Survey used to gather potential requirements

    Scenario

    There is an unclear picture of the business needs and functional requirements for a solution.

    Survey Approach

    Use open-ended questions to allow respondents to propose requirements they see as necessary.

    Sample questions

    • What do you believe _______ (project) should include to be successful?
    • How can _______ (project) be best made for you?
    • What do you like/dislike about ________ (process that the project will address)?

    What to do with your results

    Take a step back

    If you are using surveys to elicit a large number of requirements, there is probably a lack of clear scope and vision. Focus on scope clarification. Joint development sessions are a great technique for defining your scope with SMEs.

    Moving ahead

    • Create additional surveys. Additional surveys can help narrow down the large list of requirements. This process can be reiterated until there is a manageable number of requirements.
    • Move onto interviews. Speak directly with the users to get a grasp of the importance of the requirements taken from surveys.

    Employ survey design best practices

    Proper survey design determines how valuable the responses will be. Review survey principles released by the University of Wisconsin-Madison.

    Provide context

    Include enough detail to contextualize questions to the employee’s job duties.

    Where necessary:

    • Include conditions
    • Timeline considerations
    • Additional pertinent details

    Give clear instructions

    When introducing a question identify if it should be answered by giving one answer, multiple answers, or a ranking of answers.

    Avoid IT jargon

    Ensure the survey’s language is easily understood.

    When surveying colleagues from the business use their own terms, not IT’s.

    E.g. laptops vs. hardware

    Saying “laptops” is more detailed and is a universal term.

    Use ranges

    Recommended:

    In a month your Outlook fails:

    • 1-3 times
    • 4-7 times
    • 7+ times

    Not Recommended:

    Your Outlook fails:

    • Almost never
    • Infrequently
    • Frequently
    • Almost always

    Keep surveys short

    Improve responses and maintain stakeholder interest by only including relevant questions that have corresponding actions.

    Recommended: Keep surveys to ten or less prompts.

    Scenario: Survey used to narrow down requirements

    Scenario

    There is a large list of requirements and the business is unsure of which ones to further pursue.

    Survey Approach

    Use closed-ended questions to give degrees of importance and rank requirements.

    Sample questions

    • How often do you need _____ (requirement)?
      • 1-3 times a week; 4-6 times a week; 7+ times a week
    • Given the five listed requirements below, rank each requirement in order of importance, with 1 being the most important and 5 being the least important.
    • On a scale from 1-5, how important is ________ (requirement)?
      • 1 – Not important at all; 2 – Would provide minimal benefit; 3 – Would be nice to have; 4 – Would provide substantial benefit; 5 – Crucial to success

    What to do with your results

    Determine which requirements to further explore

    Avoid simply aggregating average importance and using the highest average as the number-one priority. Group the highest average importance requirements to be further explored with other elicitation techniques.

    Moving ahead

    The group of highly important requirements needs to be further explored during interviews, joint development sessions, and rapid development sessions.

    Scenario: Survey used to discover crucial hidden requirements

    Scenario

    The business wanted a closer look into a specific process to determine if the project could be improved to better address process issues.

    Survey Approach

    Use open-ended questions to allow employees to articulate very specific details of a process.

    Sample questions

    • While doing ________ (process/activity), what part is the most frustrating to accomplish? Why?
    • Is there any part of ________ (process/activity) that you feel does not add value? Why?
    • How would you improve _________ (process/activity)?

    What to do with your results

    Set up prototyping

    Prototype a portion with the new requirement to see if it meets the user’s needs. Joint application development and rapid development sessions pair developers and users together to collaboratively build a solution.

    Next steps

    • Use interviews to begin solution mapping. Speak to SMEs and the users that the requirement would affect. Understand how to properly incorporate the discovered requirement(s) into the solution.
    • Create user stories. User stories allow developers to step into the shoes of the users. Document the user’s requirement desires and their reason for wanting it. Give those user stories to the developers.

    Explore mediums for survey delivery

    Online

    Free online surveys offer quick survey templates but may lack customization. Paid options include customizable features. Studies show that most participants find web-based surveys more appealing, as web surveys tend to have a higher rate of completion.

    Potential Services (Not a comprehensive list)

    SurveyMonkey – free and paid options

    Good Forms – free options

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (free survey options)

    Paper

    Paper surveys offer complete customizability. However, paper surveys take longer to distribute and record, and are also more expensive to administer.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost

    Internally-developed

    Internally-developed surveys can be distributed via the intranet or email. Internal surveys offer the most customization. Cost is the creator’s time, but cost can be saved on distribution versus paper and paid online surveys.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (if created quickly)

    Understand different elicitation techniques – Focus Groups

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Focus Group Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented, and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of groupthink in these meetings (i.e. the tendency to converge on a single POV). Medium Medium
    Workshop Workshops are larger sessions (typically ten people or more) that are led by a facilitator, and are dependent on targeted exercises. Workshops may be occasionally decomposed into smaller group sessions. Workshops are highly versatile: they can be used for initial brainstorming, requirement prioritization, constraint identification, and business process mapping. Typically, the facilitator will use exercises or activities (such as whiteboarding, sticky note prioritization, role-playing, etc.) to get participants to share and evaluate sets of requirements. The main downside to workshops is a high time commitment from both stakeholders and the BA. Medium High

    Info-Tech Insight

    Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.

    Conduct focus groups and workshops

    There are two specific types of group interviews that can be utilized to elicit requirements: focus groups and workshops. Understand each type’s strengths and weaknesses to determine which is better to use in certain situations.

    Focus Groups Workshops
    Description
    • Small groups are encouraged to speak openly about topics with guidance from a facilitator.
    • Larger groups are led by a facilitator to complete target exercises that promote hands-on learning.
    Strengths
    • Highly effective for initial requirements brainstorming.
    • Insights can be explored in depth.
    • Any part of the requirements gathering process can be done in a workshop.
    • Use of activities can increase the learning beyond simple discussions.
    Weaknesses
    • Loudest voice in the room can induce groupthink.
    • Discussion can easily veer off topic.
    • Extremely difficult to bring together such a large group for extended periods of time.
    Facilitation Guidance
    • Make sure the group is structured in a cross-functional manner to ensure multiple viewpoints are represented.
    • If the group is too large, break the members into smaller groups. Try putting together members who would not usually interact.

    Solution mapping and joint review sessions should be used for high-touch, high-rigor BPM-centric projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Solution Mapping Session A one-on-one session to outline business processes. BPM methods are used to write possible target states for the solution on a whiteboard and to engineer requirements based on steps in the model. Solution mapping should be done with technically savvy stakeholders with a firm understanding of BPM methodologies and nomenclature. Generally, this type of elicitation method should be done with stakeholders who participated in tier one elicitation techniques who can assist with reverse-engineering business models into requirement lists. Medium Medium
    Joint Requirements Review Session This elicitation method is sometimes used as a last step prior to moving to formal requirements analysis. During the review session, the rough list of requirements is vetted and confirmed with stakeholders. A one-on-one (or small group) requirements review session gives your BAs the opportunity to ensure that what was recorded/transcribed during previous one-on-ones (or group elicitation sessions) is materially accurate and representative of the intent of the stakeholder. This elicitation step allows you to do a preliminary clean up of the requirements list before entering the formal analysis phase. Low Low

    Info-Tech Insight

    Solution mapping and joint requirements review sessions are more advanced elicitation techniques that should be employed after preliminary techniques have been utilized. They should be reserved for technically sophisticated, high-value stakeholders.

    Interactive whiteboarding and joint development sessions should be leveraged for high-rigor BPM-based projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Interactive White- boarding A group session where either a) requirements are converted to BPM diagrams and process flows, or b) these flows are reverse engineered to distil requirement sets. While the focus of workshops and focus groups is more on direct requirements elicitation, interactive whiteboarding sessions are used to assist with creating initial solution maps (or reverse engineering proposed solutions into requirements). By bringing stakeholders into the process, the BA benefits from a greater depth of experience and access to SMEs. Medium Medium
    Joint Application Development (JAD) JAD sessions pair end-user teams together with developers (and BA facilitators) to collect requirements and begin mapping and developing prototypes directly on the spot. JAD sessions fit well with organizations that use Agile processes. They are particularly useful when the overall project scope is ambiguous; they can be used for project scoping, requirements definition, and initial prototyping. JAD techniques are heavily dependent on having SMEs in the room – they should preference knowledge power users over the “rank and file.” High High

    Info-Tech Insight

    Interactive whiteboarding should be heavily BPM-centric, creating models that link requirements to specific workflow activities. Joint development sessions are time-consuming but create greater cohesion and understanding between BAs, developers, and SMEs.

    Rapid application development sessions add some Agile aspects to requirements elicitation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rapid Application Development A form of prototyping, RAD sessions are akin to joint development sessions but with greater emphasis on back-and-forth mock-ups of the proposed solution. RAD sessions are highly iterative – requirements are gathered in sessions, developers create prototypes offline, and the results are validated by stakeholders in the next meeting. This approach should only be employed in highly Agile-centric environments. High High

    For more information specific to using the Agile development methodology, refer to the project blueprint Implement Agile Practices That Work.

    The role of the BA differs with an Agile approach to requirements gathering. A traditional BA is a subset of the Agile BA, who typically serves as product owner. Agile BAs have elevated responsibilities that include bridging communication between stakeholders and developers, prioritizing and detailing the requirements, and testing solutions.

    Overview of JAD and RDS techniques (Part 1)

    Use the following slides to gain a thorough understanding of both JAD and rapid development sessions (RDS) to decide which fits your project best.

    Joint Application Development Rapid Development Sessions
    Description JAD pairs end users and developers with a facilitator to collect requirements and begin solution mapping to create an initial prototype. RDS is an advanced approach to JAD. After an initial meeting, prototypes are developed and validated by stakeholders. Improvements are suggested by stakeholders and another prototype is created. This process is iterated until a complete solution is created.
    Who is involved? End users, SMEs, developers, and a facilitator (you).
    Who should use this technique? JAD is best employed in an Agile organization. Agile organizations can take advantage of the high amount of collaboration involved. RDS requires a more Agile organization that can effectively and efficiently handle impromptu meetings to improve iterations.
    Time/effort versus value JAD is a time/effort-intensive activity, requiring different parties at the same time. However, the value is well worth it. JAD provides clarity for the project’s scope, justifies the requirements gathered, and could result in an initial prototype. RDS is even more time/effort intensive than JAD. While it is more resource intensive, the reward is a more quickly developed full solution that is more customized with fewer bugs.

    Overview of JAD and RDS techniques (Part 2)

    Joint Application Development

    Timeline

    Projects that use JAD should not expect dramatically quicker solution development. JAD is a thorough look at the elicitation process to make sure that the right requirements are found for the final solution’s needs. If done well, JAD eliminates rework.

    Engagement

    Employees vary in their project engagement. Certain employees leverage JAD because they care about the solution. Others are asked for their expertise (SMEs) or because they perform the process often and understand it well.

    Implications

    JAD’s thorough process guarantees that requirements gathering is done well.

    • All requirements map back to the scope.
    • SMEs are consulted throughout the duration of the process.
    • Prototyping is only done after final solution mapping is complete.

    Rapid Development Sessions

    Timeline

    Projects that use RDS can either expect quicker or slower requirements gathering depending on the quality of iteration. If each iteration solves a requirement issue, then one can expect that the solution will be developed fairly rapidly. If the iterations fail to meet requirements the process will be quite lengthy.

    Engagement

    Employees doing RDS are typically very engaged in the project and play a large role in helping to create the solution.

    Implications

    RDS success is tied to the organization’s ability to collaborate. Strong collaboration will lead to:

    • Fewer bugs as they are eliminated in each iteration.
    • A solution that is highly customized to meet the user’s needs.

    Poor collaboration will lead to RDS losing its full value.

    When is it best to use JAD?

    JAD is best employed in an Agile organization for application development and selection. This technique best serves relatively complicated, large-scale projects that require rapid or sequential iterations on a prototype or solution as a part of requirements gathering elicitation. JAD effectuates each step in the elicitation process well, from initial elicitation to narrowing down requirements.

    When tackling a project type you’ve never attempted

    Most requirement gathering professionals will use their experience with project type standards to establish key requirements. Avoid only relying on standards when tackling a new project type. Apply JAD’s structured approach to a new project type to be thorough during the elicitation phase.

    In tandem with other elicitation techniques

    While JAD is an overarching requirements elicitation technique, it should not be the only one used. Combine the strengths of other elicitation techniques for the best results.

    When is it best to use RDS?

    RDS is best utilized when one, but preferably both, of the below criteria is met.

    When the scope of the project is small to medium sized

    RDS’ strengths lie in being able to tailor-make certain aspects of the solution. If the solution is too large, tailor-made sections are impossible as multiple user groups have different needs or there is insufficient resources. When a project is small to medium sized, developers can take the time to custom make sections for a specific user group.

    When most development resources are readily available

    RDS requires developers spending a large amount of time with users, leaving less time for development. Having developers at the ready to take on users’ improvement maintains the effectiveness of RDS. If the same developer who speaks to users develops the entire iteration, the process would be slowed down dramatically, losing effectiveness.

    Techniques to compliment JAD/RDS

    1. Unstructured conversations

    JAD relies on unstructured conversations to clarify scope, gain insights, and discuss prototyping. However, a structure must exist to guarantee that all topics are discussed and meetings are not wasted.

    2. Solution mapping and interactive white-boarding

    JAD often involves visually illustrating how high-level concepts connect as well as prototypes. Use solution mapping and interactive whiteboarding to help users and participants better understand the solution.

    3. Focus groups

    Having a group development session provides all the benefits of focus groups while reducing time spent in the typically time-intensive JAD process.

    Plan how you will execute JAD

    Before the meeting

    1. Prepare for the meeting

    Email all parties a meeting overview of topics that will be discussed.

    During the meeting

    2. Discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if it is already well defined).
    • Leverage solution mapping and other visual aids to appeal to all users.
    • Confirm with SMEs that requirements will meet the users’ needs.
    • Discuss initial prototyping.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and set of agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meetings to continue prototyping.

    JAD provides a detail-oriented view into the elicitation process. As a facilitator, take detailed notes to maximize the outputs of JAD.

    Plan how you will execute RDS

    Before the meeting

    1. Prepare for the meeting

    • Email all parties a meeting overview.
    • Ask employees and developers to bring their vision of the solution, regardless of its level of detail.

    During the meeting

    2. Hold the discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if already well defined).
    • Have both parties explain their visions for the solution.
    • Talk about initial prototype and current iteration.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meeting to continue prototyping.

    RDS is best done in quick succession. Keep in constant contact with both employees and developers to maintain positive momentum from a successful iteration improvement.

    Develop a tailored facilitation guide for JAD and RDS

    JAD/RDS are both collaborative activities, and as with all group activities, issues are bound to arise. Be proactive and resolve issues using the following guidelines.

    Scenario Technique
    Employee and developer visions for the solution don’t match up Focus on what both solutions have in common first to dissolve any tension. Next, understand the reason why both parties have differences. Was it a difference in assumptions? Difference in what is a requirement? Once the answer has been determined, work on bridging the gaps. If there is no resolution, appoint a credible authority (or yourself) to become the final decision maker.
    Employee has difficulty understanding the technical aspect of the developer’s solution Translate the developer’s technical terms into a language that the employee understands. Encourage the employee to ask questions to further their understanding.
    Employee was told that their requirement or proposed solution is not feasible Have a high-level member of the development team explain how the requirement/solution is not feasible. If it’s possible, tell the employee that the requirement can be done in a future release and keep them updated.

    Harvest documentation from past projects to uncover reusable requirements

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Legacy System Manuals The process of reviewing documentation and manuals associated with legacy systems to identify constraints and exact requirements for reuse. Reviewing legacy systems and accompanying documentation is an excellent way to gain a preliminary understanding of the requirements for the upcoming application. Be careful not to overly rely on requirements from legacy systems; if legacy systems have a feature set up one way, this does not mean it should be set up the same way on the upcoming application. If an upcoming application must interact with other systems, it is ideal to understand the integration points early. None High
    Historical Projects The process of reviewing documentation from historical projects to extract reusable requirements. Previous project documentation can be a great source of information and historical lessons learned. Unfortunately, historical projects may not be well documented. Historical mining can save a great deal of time; however, the fact that it was done historically does not mean that it was done properly. None High

    Info-Tech Insight

    Document mining is a laborious process, and as the term “mining” suggests the yield will vary. Regardless of the outcome, document mining must be performed and should be viewed as an investment in the requirements gathering process.

    Extract internal and external constraints from business rules, policies, and glossaries

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rules The process of extracting business logic from pre-existing business rules (e.g. explicit or implied workflows). Stakeholders may not be fully aware of all of the business rules or the underlying rationale for the rules. Unfortunately, business rule documents can be lengthy and the number of rules relevant to the project will vary. None High
    Glossary The process of extracting terminology and definitions from glossaries. Terminology and definitions do not directly lead to the generation of requirements. However, reviewing glossaries will allow BAs to better understand domain SMEs and interpret their requirements. None High
    Policy The process of extracting business logic from business policy documents (e.g. security policy and acceptable use). Stakeholders may not be fully aware of the different policies or the underlying rationale for why they were created. Going directly to the source is an excellent way to identify constraints and requirements. Unfortunately, policies can be lengthy and the number of items relevant to the project will vary. None High

    Info-Tech Insight

    Document mining should be the first type of elicitation activity that is conducted because it allows the BA to become familiar with organizational terminology and processes. As a result, the stakeholder facing elicitation sessions will be more productive.

    Review the different types of formal documentation (Part 1)

    1. Glossary

    Extract terminology and definitions from glossaries. A glossary is an excellent source to understand the terminology that SMEs will use.

    2. Policy

    Pull business logic from policy documents (e.g. security policy and acceptable use). Policies generally have mandatory requirements for projects, such as standard compliance requirements.

    3. Rules

    Review and reuse business logic that comes from pre-existing rules (e.g. explicit or implied workflows). Like policies, rules often have mandatory requirements or at least will require significant change for something to no longer be a requirement.

    Review the different types of formal documentation (Part 2)

    4. Legacy System

    Review documents and manuals of legacy systems, and identify reusable constraints and requirements. Benefits include:

    • Gain a preliminary understanding of general organizational requirements.
    • Ease of solution integration with the legacy system if needed.

    Remember to not use all of the basic requirements of a legacy system. Always strive to find a better, more productive solution.

    5. Historical Projects

    Review documents from historical projects to extract reusable requirements. Lessons learned from the company’s previous projects are more applicable than case studies. While historical projects can be of great use, consider that previous projects may not be well documented.

    Drive business alignment as an output from documentation review

    Project managers frequently state that aligning projects to the business goals is a key objective of effective project management; however, it is rarely carried out throughout the project itself. This gap is often due to a lack of understanding around how to create true alignment between individual projects and the business needs.

    Use company-released statements and reports

    Extract business wants and needs from official statements and reports (e.g. press releases, yearly reports). Statements and reports outline where the organization wants to go which helps to unearth relevant project requirements.

    Ask yourself, does the project align to the business?

    Documented requirements should always align with the scope of the project and the business objectives. Refer back frequently to your set of gathered requirements to check if they are properly aligned and ensure the project is not veering away from the original scope and business objectives.

    Don’t just read for the sake of reading

    The largest problem with documentation review is that requirements gathering professionals do it for the sake of saying they did it. As a result, projects often go off course due to not aligning to business objectives following the review sessions.

    • When reading a document, take notes to avoid projects going over time and budget and business dissatisfaction. Document your notes and schedule time to review the set of complete notes with your team following the individual documentation review.

    Select elicitation techniques that match the elicitation scenario

    There is a time and place for each technique. Don’t become too reliant on the same ones. Diversify your approach based on the elicitation goal.

    A chart showing Elicitation Scenarios and Techniques, with each marked for their efficacy.

    This table shows the relative strengths and weaknesses of each elicitation technique compared against the five basic elicitation scenarios.

    A typical project will encounter most of the elicitation scenarios. Therefore, it is important to utilize a healthy mix of techniques to optimize effectiveness.

    Very Strong = Very Effective

    Strong = Effective

    Medium = Somewhat Effective

    Weak = Minimally Effective

    Very Weak = Not Effective

    Record the approved elicitation techniques that your BAs should use

    2.1.2 – 30 minutes

    Input
    • Approved elicitation techniques
    Output
    • Execution procedure
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs

    Record the approved elicitation methods and best practices for each technique in the SOP.

    Identify which techniques should be utilized with the different stakeholder classes.

    Segment the different techniques based by project complexity level.

    Use the following chart to record the approved techniques.

    Stakeholder L1 Projects L2 Projects L3 Projects L4 Projects
    Senior Management Structured Interviews
    Project Sponsor Unstructured Interviews
    SME (Business) Focus Groups Unstructured Interviews
    Functional Manager Focus Groups Structured Interviews
    End Users Surveys; Focus Groups; Follow-Up Interviews; Observational Techniques

    Document the output from this exercise in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Confirm initial elicitation notes with stakeholders

    Open lines of communication with stakeholders and keep them involved in the requirements gathering process; confirm the initial elicitation before proceeding.

    Confirming the notes from the elicitation session with stakeholders will result in three benefits:

    1. Simple miscommunications can compound and result in costly rework if they aren’t caught early. Providing stakeholders with a copy of notes from the elicitation session will eliminate issues before they manifest themselves in the project.
    2. Stakeholders often require an absorption period after elicitation sessions to reflect on the meeting. Following up with stakeholders gives them an opportunity to clarify, enhance, or change their responses.
    3. Stakeholders will become disinterested in the project (and potentially the finished application) if their involvement in the project ends after elicitation. Confirming the notes from elicitation keeps them involved in the process and transitions stakeholders into the analysis phase.

    This is the Confirm stage of the Confirm, Verify, Approve process.

    “Are these notes accurate and complete?”

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Understand the different elicitation techniques

    An analyst will walk you through the different elicitation techniques including observations, document reviews, surveys, focus groups, and interviews, and highlight the level of effort required for each.

    2.1.2 Select and record the approved elicitation techniques

    An analyst will facilitate the discussion to determine which techniques should be utilized with the different stakeholder classes.

    Step 2.2: Structure Elicitation Output

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build use-case models.
    • Practice using elicitation techniques with business stakeholders to build use-case models.
    • Practice leveraging user stories to convey requirements.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Understand the value of use-case models for requirements gathering.
    • Practice different techniques for building use-case models with stakeholders.

    Record and capture requirements in solution-oriented formats

    Unstructured notes for each requirement are difficult to manage and create ambiguity. Using solution-oriented formats during elicitation sessions ensures that the content can be digested by IT and business users.

    This table shows common solution-oriented formats for recording requirements. Determine which formats the development team and BAs are comfortable using and create a list of acceptable formats to use in projects.

    Format Description Examples
    Behavior Diagrams These diagrams describe what must happen in the system. Business Process Models, Swim Lane Diagram, Use Case Diagram
    Interaction Diagrams These diagrams describe the flow and control of data within a system. Sequence Diagrams, Entity Diagrams
    Stories These text-based representations take the perspective of a user and describe the activities and benefits of a process. Scenarios, User Stories

    Info-Tech Insight

    Business process modeling is an excellent way to visually represent intricate processes for both IT and business users. For complex projects with high business significance, business process modeling is the best way to capture requirements and create transformational gains.

    Use cases give projects direction and guidance from the business perspective

    Use Case Creation Process

    Define Use Cases for Each Stakeholder

    • Each stakeholder may have different uses for the same solution. Identify all possible use cases attributed to the stakeholders.
    • All use cases are possible test case scenarios.

    Define Applications for Each Use Case

    • Applications are the engines behind the use cases. Defining the applications to satisfy use cases will pinpoint the areas where development or procurement is necessary.

    Consider the following guidelines:

    1. Don’t involve systems in the use cases. Use cases just identify the key end-user interaction points that the proposed solution is supposed to cover.
    2. Some use cases are dependent on other use cases or multiple stakeholders may be involved in a single use case. Depending on the availability of these use cases, they can either be all identified up front (Waterfall) or created at various iterations (Agile).
    3. Consider the enterprise architecture perspective. Existing enterprise architecture designs can provide a foundation of current requirement mappings and system structure. Reuse these resources to reduce efforts.
    4. Avoid developing use cases in isolation. Reusability is key in reducing designing efforts. By involving multiple departments, requirement clashes can be avoided and the likelihood of reusability increases.

    Develop practical use cases to help drive the development effort in the right direction

    Evaluating the practicality and likelihood of use cases is just as important as developing them.

    Use cases can conflict with each other. In certain situations, specific requirements of these use cases may clash with one another even though they are functionally sound. Evaluate use-case requirements and determine how they satisfy the overall business need.

    Use cases are not necessarily isolated; they can be nested. Certain functionalities are dependent on the results of another action, often in a hierarchical fashion. By mapping out the expected workflows, BAs can determine the most appropriate way to implement.

    Use cases can be functionally implemented in many ways. There could be multiple ways to accomplish the same use case. Each of these needs to be documented so that functional testing and user documentation can be based on them.

    Nested Use Case Examples:

    Log Into Account ← Depends on (Nested) Ordering Products Online
    Enter username and password Complete order form
    Verify user is a real person Process order
    Send user forgotten password message Check user’s account
    Send order confirmation to user

    Build a use-case model

    2.2.1 – 45 minutes

    Input
    • Sub processes
    Output
    • Use case model
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    Demonstrate how to use elicitation techniques to build use cases for the project.
    1. Identify a sub-process to build the use-case model. Begin the exercise by giving a brief description of the purpose of the meeting.
    2. For each stakeholder, draw a stick figure on the board. Pose the question “If you need to do X, what is your first step?” Go through the process until the end goal and draw each step. Ensure that you capture triggers, causes, decision points, outcomes, tools, and interactions.
    3. Starting at the beginning of the diagram, go through each step again and check with stakeholders if the step can be broken down into more granular steps.
    4. Ask the stakeholder if there are any alternative flows that people use, or any exceptions to process steps. If there are, map these out on the board.
    5. Go back through each step and ask the stakeholder where the current process is causing them grief, and where modification should be made.
    6. Record this information in the Business Requirements Document Template.

    Build a use-case model

    2.2.1

    Example: Generate Letters

    Inspector: Log into system → Search for case → Identify recipient → Determine letter type → Print letter

    Admin: Receive letter from inspector → Package and mail letter

    Citizen: Receive letter from inspector

    Understand user stories and profiles

    What are they?

    User stories describe what requirement a user wants in the solution and why they want it. The end goal of a user story is to create a simple description of a requirement for developers.

    When to use them

    User stories should always be used in requirements gathering. User stories should be collected throughout the elicitation process. Try to recapture user stories as new project information is released to capture any changes in end-customer needs.

    What’s the benefit?

    User stories help capture target users, customers, and stakeholders. They also create a “face” for individual user requirements by providing user context. This detail enables IT leaders to associate goals and end objectives with each persona.

    Takeaway

    To better understand the characteristics driving user requirements, begin to map objectives to separate user personas that represent each of the project stakeholders.

    Are user stories worth the time and effort?

    Absolutely.

    A user’s wants and needs serve as a constant reminder to developers. Developers can use this information to focus on how a solution needs to accomplish a goal instead of only focusing on what goals need to be completed.

    Create customized user stories to guide or structure your elicitation output

    Instructions

    1. During surveys, interviews, and development sessions, ask participants the following questions:
      • What do you want from the solution?
      • Why do you want that?
    2. Separate the answer into an “I want to” and “So that” format.
      • For users who give multiple “I want to” and “So that” statements, separate them into their respective pairs.
    3. Place each story on a small card that can easily be given to developers.
    As a I want to So that Size Priority
    Developer Learn network and system constraints The churn between Operations and I will be reduced. 1 point Low

    Team member

    Increase the number of demonstrations I can achieve greater alignment with business stakeholders. 3 points High
    Product owner Implement a user story prioritization technique I can delegate stories in my product backlog to multiple Agile teams. 3 points Medium

    How to make an effective and compelling user story

    Keep your user stories short and impactful to ensure that they retain their impact.

    Follow a simple formula:

    As a [stakeholder title], I want to [one requirement] so that [reason for wanting that requirement].

    Use this template for all user stories. Other formats will undermine the point of a user story. Multiple requirements from a single user must be made into multiple stories and given to the appropriate developer. User stories should fit onto a sticky note or small card.

    Example

    As an: I want to: So that:
    Administrator Integrate with Excel File transfer won’t possibly lose information
    X Administrator Integrate with Excel and Word File transfer won’t possibly lose information

    While the difference between the two may be small, it would still undermine the effectiveness of a user story. Different developers may work on the integration of Excel or Word and may not receive this user story.

    Assign user stories a size and priority level

    Designate a size to user stories

    Size is an estimate of how many resources must be dedicated to accomplish the want. Assign a size to each user story to help determine resource allocation.

    Assign business priority to user stories

    Based on how important the requirement is to project success, assign each user story a rating of high, medium, or low. The priority given will dictate which requirements are completed first.

    Example:

    Scope: Design software to simplify financial reporting

    User Story Estimated Size Priority
    As an administrator, I want to integrate with Excel so that file transfer won’t possibly lose information. Low High
    As an administrator, I want to simplify graph construction so that I can more easily display information for stakeholders. High Medium

    Combine both size and priority to decide resource allocation. Low-size, high-priority tasks should always be done first.

    Group similar user stories together to create greater impact

    Group user stories that have the same requirement

    When collecting user stories, many will be centered around the same requirement. Group similar user stories together to show the need for that requirement’s inclusion in the solution.

    Even if it isn’t a must-have requirement, if the number of similar user stories is high enough, it would become the most important should-have requirement.

    Group together user stories such as these:
    As an I want So that
    Administrator To be able to create bar graphs Information can be more easily illustrated
    Accountant To be able to make pie charts Budget information can be visually represented

    Both user stories are about creating charts and would be developed similarly.

    Leave these user stories separate
    As an I want So that
    Administrator The program to auto-save Information won’t be lost during power outages
    Accountant To be able to save to SharePoint My colleagues can easily view and edit my work

    While both stories are about saving documents, the development of each feature is vastly different.

    Create customized user profiles

    User profiles are a way of grouping users based on a significant shared details (e.g. in the finance department, website user).

    Go beyond the user profile

    When creating the profile, consider more than the group’s name. Ask yourself the following questions:

    • What level of knowledge and expertise does this user profile have with this type of software?
    • How much will this user profile interact with the solution?
    • What degree of dependency will this user profile have on the solution?

    For example, if a user profile has low expertise but interacts and depends heavily on the program, a more thorough tutorial of the FAQ section is needed.

    Profiles put developers in user’s shoes

    Grouping users together helps developers put a face to the name. Developers can then more easily empathize with users and develop an end solution that is directly catered to their needs.

    Leverage group activities to break down user-story sizing techniques

    Work in groups to run through the following story-sizing activities.

    Planning Poker: This approach uses the Delphi method where members estimate the size of each user story by revealing numbered cards. These estimates are then discussed and agreed upon as a group.

    • Planning poker generates discussion about variances in estimates but dominant personalities may lead to biased results or groupthink.

    Team Sort: This approach can assist in expediting estimation when you are handling numerous user stories.

    • Bucket your user stories into sizes (e.g. extra-small, small, medium, large, and extra-large) based on an acceptable benchmark that may change from project to project.
    • Collaborate as a team to conclude the final size.
    • Next, translate these sizes into points.

    The graphic shows the two activities described, Planning Poker and Team Sort. In the Planning Poker image, 3 sets of cards are shown, with the numbers 13, 5, and 1 on the top of each set. At the bottom of the image are 7 cards, labelled with: 1, 2, 3, 5, 8, 13, 21. In the Team Sort section, there is an arrow pointing in both directions, representing a spectrum from XS to XL. Each size is assigned a point value: XS is 1; S is 3; M is 5; L is 10; and XL is 20. Cards with User Story # written on them are arranged along the spectrum.

    Create a product backlog to communicate business needs to development teams

    Use the product backlog to capture expected work and create a roadmap for the project by showing what requirements need to be delivered.

    How is the product owner involved?

    • The product owner is responsible for keeping in close contact with the end customer and making the appropriate changes to the product backlog as new ideas, insights, and impediments arise.
    • The product owner should have good communication with the team to make accurate changes to the product backlog depending on technical difficulties and needs for clarification.

    How do I create a product backlog?

    • Write requirements in user stories. Use the format: “As a (user role), I want (function) so that (benefit).” Identify end users and understand their needs.
    • Assign each requirement a priority. Decide which requirements are the most important to deliver. Ask yourself, “Which user story will create the most value?”

    What are the approaches to generate my backlog?

    • Team Brainstorming – The product owner, team, and scrum master work together to write and prioritize user stories in a single or a series of meetings.
    • Business Case – The product owner translates business cases into user stories as per the definition of “development ready.”

    Epics and Themes

    As you begin to take on larger projects, it may be advantageous to organize and group your user stories to simplify your release plan:

    • Epics are collections of similar user stories and are used to describe significant and large development initiatives.
    • Themes are collections of similar epics and are normally used to define high-level business objectives.

    To avoid confusion, the pilot product backlog will be solely composed of user stories.

    Example:

    Theme: Increase user exposure to corporate services through mobile devices
    Epic: Access corporate services through a mobile application Epic: Access corporate services through mobile website
    User Story: As a user, I want to find the closest office so that I can minimize travel time As a user, I want to find the closest office so that I can minimize travel time User Story: As a user, I want to submit a complaint so that I can improve company processes

    Simulate product backlog creation

    Overview

    Leverage Info-Tech’s Scrum Documentation Template, using the Backlog and Planning tab, to help walk you through this activity.

    Instructions

    1. Have your product owner describe the business objectives of the pilot project.
    2. Write the key business requirements as user stories.
    3. Based on your business value drivers, identify the business value of your user stories (high, medium, low).
    4. Have your team review the user stories and question the story’s value, priority, goal, and meaning.
    5. Break down the user stories if the feature or business goal is unclear or too large.
    6. Document the perceived business value of each user story, as well as the priority, goal, and meaning.

    Examples:

    As a citizen, I want to know about road construction so that I can save time when driving. Business Value: High

    As a customer, I want to find the nearest government office so that I can register for benefits. Business Value: Medium

    As a voter, I want to know what each candidate believes in so that I can make an informed decision. Business Value: High

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2.1 Build use-case models

    An analyst will assist in demonstrating how to use elicitation techniques to build use-case models. The analyst will walk you through the table testing to visually map out and design process flows for each use case.

    Phase 3: Analyze and Validate Requirements

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Analyze and Validate Requirements

    Proposed Time to Completion: 1 week
    Step 3.1: Create Analysis Framework

    Start with an analyst kick off call:

    • Create policies for requirements categorization and prioritization.

    Then complete these activities…

    • Create functional requirements categories.
    • Consolidate similar requirements and eliminate redundancies.
    • Prioritize requirements.

    With these tools & templates:

    • Requirements Gathering Documentation Tool
    Step 3.2: Validate Business Requirements

    Review findings with analyst:

    • Establish best practices for validating the BRD with project stakeholders.

    Then complete these activities…

    • Right-size the BRD.
    • Present the BRD to business stakeholders.
    • Translate business requirements into technical requirements.
    • Identify testing opportunities.

    With these tools & templates:

    • Business Requirements Document Template
    • Requirements Gathering Testing Checklist

    Phase 3 Results & Insights:

    • Standardized frameworks for analysis and validation of business requirements

    Step 3.1: Create Analysis Framework

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Categorize requirements.
    • Eliminate redundant requirements.
    This step involves the following participants:
    • BAs
    Outcomes of this step
    • Prioritized requirements list.

    Analyze requirements to de-duplicate them, consolidate them – and most importantly – prioritize them!

    he image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Analyze in the center of the image, with three bullet points beneath it that read: Organize; Prioritize; Verify

    The analysis phase is where requirements are compiled, categorized, and prioritized to make managing large volumes easier. Many organizations prematurely celebrate being finished the elicitation phase and do not perform adequate diligence in this phase; however, the analysis phase is crucial for a smooth transition into validation and application development or procurement.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Eliciting requirements is an important step in the process, but turning endless pages of notes into something meaningful to all stakeholders is the major challenge.

    Begin the analysis phase by categorizing requirements to make locating, reconciling, and managing them much easier. There are often complex relationships and dependencies among requirements that do not get noted or emphasized to the development team and as a result get overlooked.

    Typically, requirements are classified as functional and non-functional at the high level. Functional requirements specify WHAT the system or component needs to do and non-functional requirements explain HOW the system must behave.

    Examples

    Functional Requirement: The application must produce a sales report at the end of the month.

    Non-Functional Requirement: The report must be available within one minute after midnight (EST) of the last day of the month. The report will be available for five years after the report is produced. All numbers in the report will be displayed to two decimal places.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Further sub-categorization of requirements is necessary to realize the full benefit of categorization. Proficient BAs will even work backwards from the categories to drive the elicitation sessions. The categories used will depend on the type of project, but for categorizing non-functional requirements, the Volere Requirements Resources has created an exhaustive list of sub-categories.

    Requirements Category Elements

    Example

    Look & Feel Appearance, Style

    User Experience

    Usability & Humanity Ease of Use, Personalization, Internationalization, Learning, Understandability, Accessibility Language Support
    Performance Speed, Latency, Safety, Precision, Reliability, Availability, Robustness, Capacity, Scalability, Longevity Bandwidth
    Operational & Environmental Expected Physical Environment, Interfacing With Adjacent Systems, Productization, Release Heating and Cooling
    Maintainability & Support Maintenance, Supportability, Adaptability Warranty SLAs

    Security

    Access, Integrity, Privacy, Audit, Immunity Intrusion Prevention
    Cultural & Political Global Differentiation Different Statutory Holidays
    Legal Compliance, Standards Hosting Regulations

    What constitutes good requirements

    Complete – Expressed a whole idea or statement.

    Correct – Technically and legally possible.

    Clear – Unambiguous and not confusing.

    Verifiable – It can be determined that the system meets the requirement.

    Necessary – Should support one of the project goals.

    Feasible – Can be accomplished within cost and schedule.

    Prioritized – Tracked according to business need levels.

    Consistent – Not in conflict with other requirements.

    Traceable – Uniquely identified and tracked.

    Modular – Can be changed without excessive impact.

    Design-independent – Does not pose specific solutions on design.

    Create functional requirement categories

    3.1.1 – 1 hour

    Input
    • Activity 2.2.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    Practice the techniques for categorizing requirements.
    1. Divide the list of requirements that were elicited for the identified sub-process in exercise 2.2.1 among smaller groups.
    2. Have groups write the requirements on red, yellow, or green sticky notes, depending on the stakeholder’s level of influence.
    3. Along the top of the whiteboard, write the eight requirements categories, and have each group place the sticky notes under the category where they believe they should fit.
    4. Once each group has posted the requirements, review the board and discuss any requirements that should be placed in another category.

    Document any changes to the requirements categories in section 5.1 of the Requirements Gathering SOP and BA Playbook.

    Create functional requirement categories

    The image depicts a whiteboard with different colored post-it notes grouped into the following categories: Look & Feel; Usability & Humanity; Legal; Maintainability & Support; Operational & Environmental; Security; Cultural & Political; and Performance.

    Consolidate similar requirements and eliminate redundancies

    Clean up requirements and make everyone’s life simpler!

    After elicitation, it is very common for an organization to end up with redundant, complementary, and conflicting requirements. Consolidation will make managing a large volume of requirements much easier.

    Redundant Requirements Owner Priority
    1. The application shall feed employee information into the payroll system. Payroll High
    2. The application shall feed employee information into the payroll system. HR Low
    Result The application shall feed employee information into the payroll system. Payroll & HR High
    Complementary Requirements Owner Priority
    1. The application shall export reports in XLS and PDF format. Marketing High
    2. The application shall export reports in CSV and PDF format. Finance High
    Result The application shall export reports in XLS, CSV, and PDF format. Marketing & Finance High

    Info-Tech Insight

    When collapsing redundant or complementary requirements, it is imperative that the ownership and priority metadata be preserved for future reference. Avoid consolidating complementary requirements with drastically different priority levels.

    Identify and eliminate conflict between requirements

    Conflicting requirements are unavoidable; identify and resolve them as early as possible to minimize rework and grief.

    Conflicting requirements occur when stakeholders have requirements that either partially or fully contradict one another, and as a result, it is not possible or practical to implement all of the requirements.

    Steps to Resolving Conflict:

    1. Notify the relevant stakeholders of the conflict and search for a basic solution or compromise.
    2. If the stakeholders remain in a deadlock, appoint a final decision maker.
    3. Schedule a meeting to resolve the conflict with the relevant stakeholders and the decision maker. If multiple conflicts exist between the same stakeholder groups, try to resolve as many as possible at once to save time and encourage reciprocation.
    4. Give all parties the opportunity to voice their rationale and objectively rate the priority of the requirement. Attempt to reach an agreement, consensus, or compromise.
    5. If the parties remain in a deadlock, encourage the final decision maker to weigh in. Their decision should be based on which party has the greater need for the requirement, the difficulty to implement the requirement, and which requirement better aligns with the project goals.

    Info-Tech Insight

    Resolve conflicts whenever possible during the elicitation phase by using cross-functional workshops to facilitate discussions that address and settle conflicts in the room.

    Consolidate similar requirements and eliminate redundancies

    3.1.2 – 30 minutes

    Input
    • Activity 3.1.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Review the outputs from the last exercise and ensure that the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    1. Looking at each category in turn, review the sticky notes and group similar, complementary, and conflicting notes together. Put a red dot on any conflicting requirements to be used in a later exercise.
    2. Have the group start by eliminating the redundant requirements.
    3. Have the group look at the complementary requirements, and consolidate each into a single requirement. Discard originals.
    4. Record this information in the Requirements Gathering Documentation Tool.

    Prioritize requirements to assist with solution modeling

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted towards the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization

    The image shows the MoSCoW Model of Prioritization, which is shaped like a pyramid. The sections, from top to bottom (becoming incrementally larger) are: Must Have; Should Have; Could Have; and Won't Have. There is additional text next to each category, as follows: Must have - Requirements must be implemented for the solution to be considered successful.; Should have: Requirements are high priority that should be included in the solution if possible.; Could Have: Requirements are desirable but not necessary and could be included if resources are available.; Won't Have: Requirements won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994 (Source: ProductPlan).

    Base your prioritization on the right set of criteria

    Effective Prioritization Criteria

    Criteria

    Description

    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy Compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business Value Significance Give a higher priority to high-value requirements.
    Business Risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of Success Especially in proof-of-concept projects, it is recommended that requirements have good odds.
    Implementation Complexity Give a higher priority to low implementation difficulty requirements.
    Alignment With Strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    Info-Tech Insight

    It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.

    Use the Requirements Gathering Documentation Tool to steer your requirements gathering approach during a project

    3.1 Requirements Gathering Documentation Tool

    Use the Requirements Gathering Documentation Tool to identify and track stakeholder involvement, elicitation techniques, and scheduling, as well as to track categorization and prioritization of requirements.

    • Use the Identify Stakeholders tab to:
      • Identify the stakeholder's name and role.
      • Identify their influence and involvement.
      • Identify the elicitation techniques that you will be using.
      • Identify who will be conducting the elicitation sessions.
      • Identify if requirements were validated post elicitation session.
      • Identify when the elicitation will take place.
    • Use the Categorize & Prioritize tab to:
      • Identify the stakeholder.
      • Identify the core function.
      • Identify the business requirement.
      • Describe the requirement.
      • Identify the categorization of the requirement.
      • Identify the level of priority of the requirement.

    Prioritize requirements

    3.1.3 – 30 minutes

    Input
    • Requirements list
    • Prioritization criteria
    Output
    • Prioritized requirements
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    • Business stakeholders

    Using the output from the MoSCoW model, prioritize the requirements according to those you must have, should have, could have, and won’t have.

    1. As a group, review each requirement and decide if the requirement is:
      1. Must have
      2. Should have
      3. Could have
      4. Won’t have
    2. Beginning with the must-have requirements, determine if each has any dependencies. Ensure that each of the dependencies are moved to the must-have category. Group and circle the dependent requirements.
    3. Continue the same exercise with the should-have and could-have options.
    4. Record the results in the Requirements Gathering Documentation Tool.

    Step 1 – Prioritize requirements

    3.1.3

    The image shows a whiteboard, with four categories listed at the top: Must Have; Should Have; Could Have; Won't Have. There are yellow post-it notes under each category.

    Step 2-3 – Prioritize requirements

    This image is the same as the previous image, but with the additions of two dotted line squares under the Must Have category, with arrows pointing to them from post-its in the Should have category.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    3.1.1 Create functional requirements categories

    An analyst will facilitate the discussion to brainstorm and determine criteria for requirements categories.

    3.1.2 Consolidate similar requirements and eliminate redundancies

    An analyst will facilitate a session to review the requirements categories to ensure the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    3.1.3 Prioritize requirements

    An analyst will facilitate the discussion on how to prioritize requirements according to the MoSCoW prioritization framework. The analyst will also walk you through the exercise of determining dependencies for each requirement.

    Step 3.2: Validate Business Requirements

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build the BRD.
    • Translate functional requirements to technical requirements.
    • Identify testing opportunities.

    This step involves the following participants:

    • BAs

    Outcomes of this step

    • Finalized BRD.

    Validate requirements to ensure that they meet stakeholder needs – getting sign-off is essential

    The image is the Requirements Gathering Framework shown previously. In this instance, all aspects of the graphic are greyed out with the exception of the Validate arrow, right of center. Below the arrow are three bullet points: Translate; Allocate; Approve.

    The validation phase involves translating the requirements, modeling the solutions, allocating features across the phased deployment plan, preparing the requirements package, and getting requirement sign-off. This is the last step in the Info-Tech Requirements Gathering Framework.

    Prepare a user-friendly requirements package

    Before going for final sign-off, ensure that you have pulled together all of the relevant documentation.

    The requirements package is a compilation of all of the business analysis and requirements gathering that occurred. The document will be distributed among major stakeholders for review and sign-off.

    Some may argue that the biggest challenge in the validation phase is getting the stakeholders to sign off on the requirements package; however, the real challenge is getting them to actually read it. Often, stakeholders sign the requirements document without fully understanding the scope of the application, details of deployment, and how it affects them.

    Remember, this document is not for the BAs; it’s for the stakeholders. Make the package with the stakeholders in mind. Create multiple versions of the requirements package where the length and level of technical details is tailored to the audience. Consider creating a supplementary PowerPoint version of the requirements package to present to senior management.

    Contents of Requirements Package:

    • Project Charter (if available)
    • Overarching Project Goals
    • Categorized Business Requirements
    • Selected Solution Proposal
    • Rationale for Solution Selection
    • Phased Roll-Out Plan
    • Proposed Schedule/Timeline
    • Signatures Page

    "Sit down with your stakeholders, read them the document line by line, and have them paraphrase it back to you so you’re on the same page." – Anonymous City Manager of IT Project Planning Info-Tech Interview

    Capture requirements in a dedicated BRD

    The BRD captures the original business objectives and high-level business requirements for the system/process. The system requirements document (SRD) captures the more detailed functional and technical requirements.

    The graphic is grouped into two sections, indicated by brackets on the right side, the top section labelled BRD and the lower section labelled as SRD. In the BRD section, a box reads Needs Identified in the Business Case. An arrow points from the bottom of the box down to another box labelled Use Cases. In the SRD section, there are three arrows pointing from the Use Cases box to three boxes in a row. They are labelled Functionality; Usability; and Constraints. Each of these boxes has a plus sign between it and the next in the line. At the bottom of the SRD section is a box with text that reads: Quality of Service Reliability, Supportability, and Performance

    Use Info-Tech’s Business Requirements Document Template to specify the business needs and expectations

    3.2 Business Requirements Document Template

    The Business Requirements Document Template can be used to record the functional, quality, and usability requirements into formats that are easily consumable for future analysis, architectural and design activities, and most importantly in a format that is understandable by all business partners.

    The BRD is designed to take the reader from a high-level understanding of the business processes down to the detailed automation requirements. It should capture the following:

    • Project summary and background
    • Operating model
    • Business process model
    • Use cases
    • Requirements elicitation techniques
    • Prioritized requirements
    • Assumptions and constraints

    Rightsize the BRD

    3.2.1 – 30 minutes

    Input
    • Project levels
    • BRD categories
    Output
    • BRD
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Business stakeholders

    Build the required documentation for requirements gathering.

    1. On the board, write out the components of the BRD. As a group, review the headings and decide if all sections are needed for level 1 & 2 and level 3 & 4 projects. Your level 3-4 project business cases will have the most detailed business cases; consider your level 1-2 projects, and remove any categories you don’t believe are necessary for the project level.
    2. Now that you have a right-sized template, break the team into two groups and have each group complete one section of the template for your selected project.
      1. Project overview
      2. Implementation considerations
    3. Once complete, have each group present its section, and allow the group to make additions and modifications to each section.

    Document the output from this exercise in section 6 of the Requirements Gathering SOP and BA Playbook.

    Present the BRD to business stakeholders

    3.2.2 – 1 hour

    Input
    • Activity 3.2.1
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Practice presenting the requirements document to business stakeholders.

    1. Hold a meeting with a group of selected stakeholders, and have a representative present each section of the BRD for your project.
    2. Instruct participants that they should spend the majority of their time on the requirements section, in particular the operating model and the requirements prioritization.
    3. At the end of the meeting, have the business stakeholders validate the requirements, and approve moving forward with the project or indicate where further requirements gathering must take place.

    Example:

    Typical Requirements Gathering Validation Meeting Agenda
    Project overview 5 minutes
    Project operating model 10 minutes
    Prioritized requirements list 5 minutes
    Business process model 30 minutes
    Implementation considerations 5 minutes

    Translate business requirements into technical requirements

    3.2.3 – 30 minutes

    Input
    • Business requirements
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    • Developers

    Practice translating business requirements into system requirements.

    1. Bring in representatives from the development team, and have a representative walk them through the business process model.
    2. Present a detailed account of each business requirement, and work with the IT team to build out the system requirements for each.
    3. Document the system requirements in the Requirements Gathering Documentation Tool.

    For requirements traceability, ensure you’re linking your requirements management back to your test strategy

    After a solution has been fully deployed, it’s critical to create a strong link between your software testing strategy and the requirements that were collected. User acceptance testing (UAT) is a good approach for requirement verification.

    • Many organizations fail to create an explicit connection between their requirements gathering and software testing strategies. Don’t follow their example!
    • When conducting UAT, structure exercises in the context of the requirements; run through the signed-off list and ask users whether or not the deployed functionality was in line with the expectations outlined in the finalized requirements documentation.
    • If not – determine whether it was a miscommunication on the requirements management side or a failure of the developers (or procurement team) to meet the agreed-upon requirements.

    Download the Requirements Gathering Testing Checklist template.

    Identify the testing opportunities

    3.2.4 – 30 minutes

    Input
    • List of requirements
    Output
    • Requirements testing process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Identify how to test the effectiveness of different requirements.

    1. Ask the group to review the list of requirements and identify:
      1. Which kinds of requirements enable constructive testing efforts?
      2. Which kinds of requirements enable destructive testing efforts?
      3. Which kinds of requirements support end-user acceptance testing?
      4. What do these validation-enabling objectives mean in terms of requirement specificity?
    2. For each, identify who will do the testing and at what stage.

    Verify that the requirements still meet the stakeholders’ needs

    Keep the stakeholders involved in the process in between elicitation and sign-off to ensure that nothing gets lost in transition.

    After an organization’s requirements have been aggregated, categorized, and consolidated, the business requirements package will begin to take shape. However, there is still a great deal of work to complete. Prior to proceeding with the process, requirements should be verified by domain SMEs to ensure that the analyzed requirements continue to meet their needs. This step is often overlooked because it is laborious and can create additional work; however, the workload associated with verification is much less than the eventual rework stemming from poor requirements.

    All errors in the requirements gathering process eventually surface; it is only a matter of time. Control when these errors appear and minimize costs by soliciting feedback from stakeholders early and often.

    This is the Verify stage of the Confirm, Verify, Approve process.

    “Do these requirements still meet your needs?”

    Put it all together: obtain final requirements sign-off

    Use the sign-off process as one last opportunity to manage expectations, obtain commitment from the stakeholders, and minimize change requests.

    Development or procurement of the application cannot begin until the requirements package has been approved by all of the key stakeholders. This will be the third time that the stakeholders are asked to review the requirements; however, this will be the first time that the stakeholders are asked to sign off on them.

    It is important that the stakeholders understand the significance of their signatures. This is their last opportunity to see exactly what the solution will look like and to make change requests. Ensure that the stakeholders also recognize which requirements were omitted from the solution that may affect them.

    The sign-off process needs to mean something to the stakeholders. Once a signature is given, that stakeholder must be accountable for it and should not be able to make change requests. Note that there are some requests from senior stakeholders that can’t be refused; use discretion when declining requests.

    This is the Approve stage of the Confirm, Verify, Approve process.

    "Once requirements are signed off, stay firm on them!" – Anonymous Hospital Business Systems Analyst Info-Tech Interview

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.1; 3.2.2 Rightsize the BRD and present it to business stakeholders

    An analyst will facilitate the discussion to gather the required documentation for building the BRD. The analyst will also assist with practicing the presenting of each section of the document to business stakeholders.

    3.2.3; 3.2.4 Translate business requirements into technical requirements and identify testing opportunities

    An analyst will facilitate the session to practice translating business requirements into testing requirements and assist in determining how to test the effectiveness of different requirements.

    Phase 4: Create a Requirements Governance Action Plan

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create a Requirements Governance Action Plan

    Proposed Time to Completion: 3 weeks

    Step 4.1: Create Control Processes for Requirements Changes

    Start with an analyst kick off call:

    • Discuss how to handle changes to requirements and establish a formal change control process.

    Then complete these activities…

    • Develop a change control process.
    • Build the guidelines for escalating changes.
    • Confirm your requirements gathering process.
    • Define RACI for the requirements gathering process.

    With these tools & templates:

    • Requirements Traceability Matrix
    Step 4.2: Build Requirements Governance and Communication Plan

    Review findings with analyst:

    • Review options for ongoing governance of the requirements gathering process.

    Then complete these activities…

    • Define the requirements gathering steering committee purpose.
    • Define the RACI for the RGSC.
    • Define procedures, cadence, and agenda for the RGSC.
    • Identify and analyze stakeholders.
    • Create a communications management plan.
    • Build the requirements gathering process implementation timeline.

    With these tools & templates:

    Requirements Gathering Communication Tracking Template

    Phase 4 Results & Insights:
    • Formalized change control and governance processes for requirements.

    Step 4.1: Create Control Processes for Requirements Changes

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Develop change control process.
    • Develop change escalation process.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Requirements gathering process validation.
    • RACI completed.

    Manage, communicate, and test requirements

    The image is the Requirement Gathering Framework graphic from previous sections. In this instance, all parts of the image are greyed out, with the exception of the arrows labelled Communicate and Manage, located at the bottom of the image.

    Although the manage, communicate, and test requirements section chronologically falls as the last section of this blueprint, that does not imply that this section is to be performed only at the end. These tasks are meant to be completed iteratively throughout the project to support the core requirements gathering tasks.

    Prevent requirements scope creep

    Once the stakeholders sign off on the requirements document, any changes need to be tracked and managed. To do that, you need a change control process.

    Thoroughly validating requirements should reduce the amount of change requests you receive. However, eliminating all changes is unavoidable.

    The BAs, sponsor, and stakeholders should have agreed upon a clearly defined scope for the project during the planning phase, but there will almost always be requests for change as the project progresses. Even a high number of small changes can negatively impact the project schedule and budget.

    To avoid scope creep, route all changes, including small ones, through a formal change control process that will be adapted depending on the level of project and impact of the change.

    Linking change requests to requirements is essential to understanding relevance and potential impact

    1. Receive project change request.
    2. Refer to requirements document to identify requirements associated with the change.
      • Matching requirement is found: The change is relevant to the project.
      • Multiple requirements are associated with the proposed change: The change has wider implications for the project and will require closer analysis.
      • The request involves a change or new business requirements: Even if the change is within scope, time, and budget, return to the stakeholder who submitted the request to identify the potentially new requirements that relate to this change. If the sponsor agrees to the new requirements, you may be able to approve the change.
    3. Findings influence decision to escalate/approve/reject change request.

    Develop a change control process

    4.1.1 – 45 minutes

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers
    1. Ask the team to consider their current change control process. It might be helpful to discuss a project that is currently underway, or already completed, to provide context. Draw the process on the whiteboard through discussion with the team.
    2. If necessary, provide some cues. Below are some change control process activities:
      • Submit project change request form.
      • PM assesses change.
      • Project sponsor assesses change.
      • Bring request to project steering committee to assess change.
      • Approve/reject change.
    3. Ask participants to brainstorm a potential separate process for dealing with small changes. Add a new branch for minor changes, which will allow you to make decisions on when to bundle the changes versus implementing directly.

    Document any changes from this exercise in section 7.1 of the Requirements Gathering SOP and BA Playbook.

    Example change control process

    The image is an example of a change control process, depicted via a flowchart.

    Build guidelines for escalating changes

    4.1.2 – 1 hour

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Determine how changes will be escalated for level 1/2/3/4 projects.

    1. Write down the escalation options for level 3 & 4 projects on the whiteboard:
      • Final decision rests with project manager.
      • Escalate to sponsor.
      • Escalate to project steering committee.
      • Escalate to change control board.
    2. Brainstorm categories for assessing the impact of a change and begin creating a chart on the whiteboard by listing these categories in the far left column. Across the top, list the escalation options for level 3 & 4 projects.
    3. Ask the team to agree on escalation conditions for each escalation option. For example, for the final decision to rest with the project manager one condition might be:
      • Change is within original project scope.
    4. Review the output from exercise 4.1.1 and tailor the process model to meet level 3 & 4 escalation models.
    5. Repeat steps 1-4 for level 1 & 2 projects.

    Document any changes from this exercise in section 7.2 of the Requirements Gathering SOP and BA Playbook.

    Example: Change control process – Level 3 & 4

    Impact Category Final Decision Rests With Project Manager If: Escalate to Steering Committee If: Escalate to Change Control Board If: Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget.
    • Change will require additional funds exceeding any contingency reserves.
    • Change will require the release of contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule.
    • Change will require the final project close date to be delayed.
    • Change will require a delay in key milestone dates.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Example: Change control process – Level 1 & 2

    Impact CategoryFinal Decision Rests With Project Manager If:Escalate to Steering Committee If:Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget, even if this means releasing contingency funds.
    • Change will require additional funds exceeding any contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule, even if this means moving milestone dates.
    • Change will require the final project close date to be delayed.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Leverage Info-Tech’s Requirements Traceability Matrix to help create end-to-end traceability of your requirements

    4.1 Requirements Traceability Matrix

    Even if you’re not using a dedicated requirements management suite, you still need a way to trace requirements from inception to closure.
    • Ensuring traceability of requirements is key. If you don’t have a dedicated suite, Info-Tech’s Requirements Traceability Matrix can be used as a form of documentation.
    • The traceability matrix covers:
      • Association ID
      • Technical Assumptions and Needs
      • Functional Requirement
      • Status
      • Architectural Documentation
      • Software Modules
      • Test Case Number

    Info-Tech Deliverable
    Take advantage of Info-Tech’s Requirements Traceability Matrix to track requirements from inception through to testing.

    You can’t fully validate what you don’t test; link your requirements management back to your test strategy

    Create a repository to store requirements for reuse on future projects.

    • Reuse previously documented requirements on future projects to save the organization time, money, and grief. Well-documented requirements discovered early can even be reused in the same project.
    • If every module of the application must be able to save or print, then the requirement only needs to be written once. The key is to be able to identify and isolate requirements with a high likelihood of reuse. Typically, requirements pertaining to regulatory and business rule compliance are prime candidates for reuse.
    • Build and share a repository to store historical requirement documentation. The repository must be intuitive and easy to navigate, or users will not take advantage of it. Plan the information hierarchy in advance. Requirements management software suites have the ability to create a repository and easily migrate requirements over from past projects.
    • Assign one person to manage the repository to create consistency and accountability. This person will maintain the master requirements document and ensure the changes that take place during development are reflected in the requirements.

    Confirm your requirements gathering process

    4.1.3 – 45 minutes

    Input
    • Activity 1.2.4
    Output
    • Requirements gathering process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Review the requirements gathering process and control levels for project levels 1/2/3/4 and add as much detail as possible to each process.

    1. Draw out the requirements gathering process for a level 4 project as created in exercise 1.2.4 on a whiteboard.
    2. Review each process step as a group, and break down each step so that it is at its most granular. Be sure to include each decision point, key documentation, and approvals.
    3. Once complete, review the process for level 3, 2 & 1. Reduce steps as necessary. Note: there may not be a lot of differentiation between your project level 4 & 3 or level 2 & 1 processes. You should see differentiation in your process between 2 and 3.

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: Confirm your requirements gathering process

    The image is an example of a requirements gathering process, representing in the format of a flowchart.

    Define RACI for the requirements gathering process

    4.1.4 – 45 minutes

    Input
    • List of stakeholders
    Output
    • RACI matrix
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Understand who is responsible, accountable, consulted, and informed for key elements of the requirements gathering process for project levels 1/2/3/4.

    1. As a group, identify the key stakeholders for requirements gathering and place those names along the top of the board.
    2. On the left side of the board, list the process steps and control points for a level 4 project.
    3. For each process step, identify who is responsible, accountable, informed, and consulted.
    4. Repeat this process for project levels 3, 2 & 1.

    Example: RACI for requirements gathering

    Project Requestor Project Sponsor Customers Suppliers Subject Matter Experts Vendors Executives Project Management IT Management Developer/ Business Analyst Network Services Support
    Intake Form A C C I R
    High-Level Business Case R A C C C C I I C
    Project Classification I I C I R A R
    Project Approval R R I I I I I I A I I
    Project Charter R C R R C R I A I R C C
    Develop BRD R I R C C C R A C C
    Sign-Off on BRD/ Project Charter R A R R R R
    Develop System Requirements C C C R I C A R R
    Sign-Off on SRD R R R I A R R
    Testing/Validation A I R C R C R I R R
    Change Requests R R C C A I R C
    Sign-Off on Change Request R A R R R R
    Final Acceptance R A R I I I I R R R I I

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.1.1; 4.1.2 Develop a change control process and guidelines for escalating changes

    An analyst will facilitate the discussion on how to improve upon your organization’s change control processes and how changes will be escalated to ensure effective tracking and management of changes.

    4.1.3 Confirm your requirements gathering process

    With the group, an analyst will review the requirements gathering process and control levels for the different project levels.

    4.1.4 Define the RACI for the requirements gathering process

    An analyst will facilitate a whiteboard exercise to understand who is responsible, accountable, informed, and consulted for key elements of the requirements gathering process.

    Step 4.2: Build Requirements Governance and Communication Plan

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Developing a requirements gathering steering committee.
    • Identifying and analyzing stakeholders for requirements governance.
    • Creating a communication management plan.

    This step involves the following participants:

    • Business stakeholders
    • BAs

    Outcomes of this step

    • Requirements governance framework.
    • Communication management plan.

    Establish proper governance for requirements gathering that effectively creates and communicates guiding principles

    If appropriate governance oversight doesn’t exist to create and enforce operating procedures, analysts and developers will run amok with their own processes.

    • One of the best ways to properly govern your requirements gathering process is to establish a working committee within the framework of your existing IT steering committee. This working group should be given the responsibility of policy formulation and oversight for requirements gathering operating procedures. The governance group should be comprised of both business and IT sponsors (e.g. a director, BA, and “voice of the business” line manager).
    • The governance team will not actually be executing the requirements gathering process, but it will be deciding upon which policies to adopt for elicitation, analysis, and validation. The team will also be responsible for ensuring – either directly or indirectly through designated managers – that BAs or other requirements gathering processionals are following the approved steps.

    Requirements Governance Responsibilities

    1. Provide oversight and review of SOPs pertaining to requirements elicitation, analysis, and validation.

    2. Establish corporate policies with respect to requirements gathering SOP training and education of analysts.

    3. Prioritize efforts for requirements optimization.

    4. Determine and track metrics that will be used to gauge the success (or failure) of requirements optimization efforts and make process and policy changes as needed.

    Right-size your governance structure to your organization’s complexity and breadth of capabilities

    Not all organizations will be best served by a formal steering committee for requirements gathering. Assess the complexity of your projects and the number of requirements gathering practitioners to match the right governance structure.

    Level 1: Working Committee
    • A working committee is convened temporarily as required to do periodic reviews of the requirements process (often annually, or when issues are surfaced by practitioners). This governance mechanism works best in small organizations with an ad hoc culture, low complexity projects, and a small number of practitioners.
    Level 2: IT Steering Committee Sub-Group
    • For organizations that already have a formal IT steering committee, a sub-group dedicated to managing the requirements gathering process is desirable to a full committee if most projects are complexity level 1 or 2, and/or there are fewer than ten requirements gathering practitioners.
    Level 3: Requirements Gathering Steering Committee
    • If your requirements gathering process has more than ten practitioners and routinely deals with high-complexity projects (like ERP or CRM), a standing formal committee responsible for oversight of SOPs will provide stronger governance than the first two options.
    Level 4: Requirements Gathering Center of Excellence
    • For large organizations with multiple business units, matrix organizations for BAs, and a very large number of requirements gathering practitioners, a formal center of excellence can provide both governance as well as onboarding and training for requirements gathering.

    Identify and analyze stakeholders

    4.2.1A – 1 hour

    Input
    • Number of practitioners, project complexity levels
    Output
    • Governance structure selection
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Use a power map to determine which governance model best fits your organization.

    The image is a square, split into four equal sections, labelled as follows from top left: Requirements Steering Committee; Requirements Center of Excellence; IT Steering Committee Sub-Group; Working Committee. The left and bottom edges of the square are labelled as follows: on the left, with an arrow pointing upwards, Project Complexity; on the bottom, with arrow pointing right, # of Requirements Practitioners.

    Define your requirements gathering governance structure(s) and purpose

    4.2.1B – 30 minutes

    Input
    • Requirements gathering elicitation, analysis, and validation policies
    Output
    • Governance mandate
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    This exercise will help to define the purpose statement for the applicable requirements gathering governance team.

    1. As a group, brainstorm key words that describe the unique role the governance team will play. Consider value, decisions, and authority.
    2. Using the themes, come up with a set of statements that describe the overall purpose statement.
    3. Document the outcome for the final deliverable.

    Example:

    The requirements gathering governance team oversees the procedures that are employed by BAs and other requirements gathering practitioners for [insert company name]. Members of the team are appointed by [insert role] and are accountable to [typically the chair of the committee].

    Day-to-day operations of the requirements gathering team are expected to be at the practitioner (i.e. BA) level. The team is not responsible for conducting elicitation on its own, although members of the team may be involved from a project perspective.

    Document the output from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    A benefits provider established a steering committee to provide consistency and standardization in requirements gathering

    CASE STUDY

    Industry Not-for-Profit

    Source Info-Tech Workshop

    Challenge

    This organization is a not-for-profit benefits provider that offers dental coverage to more than 1.5 million people across three states.

    With a wide ranging application portfolio that includes in-house, custom developed applications as well as commercial off-the-shelf solutions, the company had no consistent method of gathering requirements.

    Solution

    The organization contracted Info-Tech to help build an SOP to put in place a rigorous and efficient methodology for requirements elicitation, analysis, and validation.

    One of the key realizations in the workshop was the need for governance and oversight over the requirements gathering process. As a result, the organization developed a Requirements Management Steering Committee to provide strategic oversight and governance over requirements gathering processes.

    Results

    The Requirements Management Steering Committee introduced accountability and oversight into the procedures that are employed by BAs. The Committee’s mandate included:

    • Provide oversight and review SOPs pertaining to requirements elicitation, analysis, and validation.
    • Establish corporate policies with respect to training and education of analysts on requirements gathering SOPs.
    • Prioritize efforts for requirements optimization.
    • Determine metrics that can be used to gauge the success of requirements optimization efforts.

    Authority matrix – RACI

    There needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the requirements gathering governance team.

    • An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities.
    • Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity.
    • In this model, accountable means end-to-end accountability for the process. Accountability should remain with the same person for all activities of a process.

    RResponsible

    The one responsible for getting the job done.

    A – Accountable

    Only one person can be accountable for each task.

    C – Consulted

    Involvement through input of knowledge and information.

    I – Informed

    Receiving information about process execution and quality.

    Define the RACI for effective requirements gathering governance

    4.2.2 – 30 minutes

    Input
    • Members’ list
    Output
    • Governance RACI
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Governance team members

    Build the participation list and authority matrix for the requirements gathering governance team.

    1. Have each participant individually consider the responsibilities of the governance team, and write five participant roles they believe should be members of the governance team.
    2. Have each participant place the roles on the whiteboard, group participants, and agree to five participants who should be members.
    3. On the whiteboard, write the responsibilities of the governance team in a column on the left, and place the sticky notes of the participant roles along the top of the board.
    4. Under the appropriate column for each activity, identify who is the “accountable,” “responsible,” “consulted,” and “informed” role for each activity.
    5. Agree to a governance chair.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Example: Steps 2-5: Build the governance RACI

    The image shows an example governance RACI, with the top of the chart labelled with Committee Participants, and the left hand column labelled Committee Responsibilities. Some of the boxes have been filled in.

    Define your requirements gathering governance team procedures, cadence, and agenda

    4.2.3 – 30 minutes

    Input
    • Governance responsibilities
    Output
    • Governance procedures and agenda
    Materials
    • Whiteboard
    • Markers
    Participants
    • Steering committee members

    Define your governance team procedures, cadence, and agenda.

    1. Review the format of a typical agenda as well as the list of responsibilities for the governance team.
    2. Consider how you will address each of these responsibilities in the meeting, who needs to present, and how long each presentation should be.
    3. Add up the times to define the meeting duration.
    4. Consider how often you need to meet to discuss the information: monthly, quarterly, or annually? Are there different actions that need to be taken at different points in the year?
    5. As a group, decide how the governance team will approve changes and document any voting standards that should be included in the charter. Will a vote be taken during or prior to the meeting? Who will have the authority to break a tie?
    6. As a group, decide how the committee will review information and documentation. Will members commit to reviewing associated documents before the meeting? Can associated documentation be stored in a knowledge repository and/or be distributed to members prior to the meeting? Who will be responsible for this? Can a short meeting/conference call be held with relevant reviewers to discuss documentation before the official committee meeting?

    Review the format of a typical agenda

    4.2.3 – 30 minutes

    Meeting call to order [Committee Chair] [Time]
    Roll call [Committee Chair] [Time]
    Review of SOPs
    A. Requirements gathering dashboard review [Presenters, department] [Time]
    B. Review targets [Presenters, department] [Time]
    C. Policy Review [Presenters, department] [Time]

    Define the governance procedures and cadence

    4.2.3 – 30 minutes

    • The governance team or committee will be chaired by [insert role].
    • The team shall meet on a [insert time frame (e.g. monthly, semi-annual, annual)] basis. These meetings will be scheduled by the team or committee chair or designated proxy.
    • Approval for all SOP changes will be reached through a [insert vote consensus criteria (majority, uncontested, etc.)] vote of the governance team. The vote will be administered by the governance chair. Each member of the committee shall be entitled to one vote, excepting [insert exceptions].
    • The governance team has the authority to reject any requirements gathering proposal which it deems not to have made a sufficient case or which does not significantly contribute to the strategic objectives of [insert company name].
    • [Name of individual] will record and distribute the meeting minutes and documentation of business to be discussed in the meeting.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Changing the requirements gathering process can be disruptive – be successful by gaining business support

    A successful communication plan involves making the initiative visible and creating staff awareness around it. Educate the organization on how the requirements gathering process will differ.

    People can be adverse to change and may be unreceptive to being told they must “comply” to new policies and procedures. Demonstrate the value in requirements gathering and show how it will assist people in their day-to-day activities.

    By demonstrating how an improved requirements gathering process will impact staff directly, you create a deeper level of understanding across lines-of-business, and ultimately a higher level of acceptance for new processes, rules, and guidelines.

    A proactive communication plan will:
    • Assist in overcoming issues with prioritization, alignment resourcing, and staff resistance.
    • Provide a formalized process for implementing new policies, rules, and guidelines.
    • Detail requirements gathering ownership and accountability for the entirety of the process.
    • Encourage acceptance and support of the initiative.

    Identify and analyze stakeholders to communicate the change process

    Who are the requirements gathering stakeholders?

    Stakeholder:

    • A stakeholder is any person, group, or organization who is the end user, owner, sponsor, or consumer of an IT project, change, or application.
    • When assessing an individual or group, ask whether they can impact or be impacted by any decision, change, or activity executed as part of the project. This might include individuals outside of the organization.

    Key Stakeholder:

    • Someone in a management role or someone with decision-making power who will be able to influence requirements and/or be impacted by project outcomes.

    User Group Representatives:

    • For impacted user groups, follow best practice and engage an individual to act as a representative. This individual will become the primary point of contact when making decisions that impact the group.

    Identify the reasons for resistance to change

    Stakeholders may resist change for a variety of reasons, and different strategies are necessary to address each.

    Unwilling – Individuals who are unwilling to change may need additional encouragement. For these individuals, you’ll need to reframe the situation and emphasize how the change will benefit them specifically.

    Unable – All involved requirements gathering will need some form of training on the process, committee roles, and responsibilities. Be sure to have training and support available for employees who need it and communicate this to staff.

    Unaware – Until people understand exactly what is going on, they will not be able to conform to the process. Communicate change regularly at the appropriate detail to encourage stakeholder support.

    Info-Tech Insight

    Resisters who have influence present a high risk to the implementation as they may encourage others to resist as well. Know where and why each stakeholder is likely to resist to mitigate risk. A detailed plan will ensure you have the needed documentation and communications to successfully manage stakeholder resistance.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Input
    • Requirements gathering stakeholders list
    Output
    • Stakeholder power map
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Identify the impact and level of resistance of all stakeholders to come up with the right communication plan.

    1. Through discussion, generate a complete list of stakeholders for requirements gathering and record the names on the whiteboard or flip chart. Group related stakeholders together.
    2. Using the template on the next slide, draw the stakeholder power map.
    3. Evaluate each stakeholder on the list based on:
      1. Influence: To what degree can this stakeholder impact progress?
      2. Involvement: How involved is the stakeholder already?
      3. Support: Label supporters with green sticky notes, resisters with red notes, and the rest with a third color.
    4. Based on the assessment, write the stakeholder’s name on a green, red, or other colored sticky note, and place the sticky note in the appropriate place on the power map.
    5. For each of the stakeholders identified as resisters, determine why you think they would be resistant. Is it because they are unwilling, unable, and/or unknowing?
    6. Document changes to the stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Use a power map to plot key stakeholders according to influence and involvement.

    The image shows a power map, which is a square divided into 4 equally-sized sections, labelled from top left: Focused Engagement; Key Players; Keep Informed; Minimal Engagement. On the left side of the square, there is an arrow pointing upwards labelled Influence; at the bottom of the square, there is an arrow pointing right labelled Involvement. On the right side of the image, there is a legend indicating that a green dot indicates a Supporter; a grey dot indicated Neutral; and a red dot indicates a Resister.

    Example: Identify and analyze stakeholders

    Use a power map to plot key stakeholders according to influence and involvement.

    The image is the same power map image from the previous section, with some additions. A red dot is located at the top left, with a note: High influence with low involvement? You need a strategy to increase engagement. A green dot is located mid-high on the right hand side. Grey dots are located left and right in the bottom of the map. The bottom right grey dot has the note: High involvement with lower influence? Make sure to keep these stakeholders informed at regular intervals and monitor engagement.

    Stakeholder analysis: Reading the power map

    High Risk:

    Stakeholders with high influence who are not as involved in the project or are heavily impacted by the project are less likely to give feedback throughout the project lifecycle and need to be engaged. They are not as involved but have the ability to impact project success, so stay one step ahead.

    Do not limit your engagement to kick-off and close – you need to continue seeking input and support at all stages of the project.

    Mid Risk:

    Key players have high influence, but they are also more involved with the project or impacted by its outcomes and are thus easier to engage.

    Stakeholders who are heavily impacted by project outcomes will be essential to your organizational change management strategy. Do not wait until implementation to engage them in preparing the organization to accept the project – make them change champions.

    Low Risk:

    Stakeholders with low influence who are not impacted by the project do not pose as great of a risk, but you need to keep them consistently informed of the project and involve them at the appropriate control points to collect feedback and approval.

    Inputs to the communications plan

    Stakeholder analysis should drive communications planning.

    Identify Stakeholders
    • Who is impacted by this project?
    • Who can affect project outcomes?
    Assess Stakeholders
    • Influence
    • Involvement
    • Support
    Stakeholder Change Impact Assessment
    • Identify change supporters/resistors and craft change messages to foster acceptance.
    Stakeholder Register
    • Record assessment results and preferred methods of communication.
    The Communications Management Plan:
    • Who will receive information?
    • What information will be distributed?
    • How will information be distributed?
    • What is the frequency of communication?
    • What will the level of detail be?
    • Who is responsible for distributing information?

    Communicate the reason for the change and stay on message throughout the change

    Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.

    The change message should:

    • Explain why the change is needed.
    • Summarize the things that will stay the same.
    • Highlight the things that will be left behind.
    • Emphasize the things that are being changed.
    • Explain how the change will be implemented.
    • Address how the change will affect the various roles in the organization.
    • Discuss staff’s role in making the change successful.

    The five elements of communicating the reason for the change:

    COMMUNICATING THE CHANGE

    What is the change?

    Why are we doing it?

    How are we going to go about it?

    How long will it take us?

    What will the role be for each department and individual?

    Create a communications management plan

    4.2.5 – 45 minutes

    Input
    • Exercise 4.1.1
    Output
    • Communications management plan
    Materials
    • Whiteboard
    • Markers
    Participants
    • RGSC members

    Build the communications management plan around your stakeholders’ needs.

    1. Build a chart on the board using the template on the next slide.
    2. Using the list from exercise 4.1.1, brainstorm a list of communication vehicles that will need to be used as part of the rollout plan (e.g. status updates, training).
    3. Through group discussion, fill in all these columns for at least three communication vehicles:
      • (Target) audience
      • Purpose (description)
      • Frequency (of the communication)
        • The method, frequency, and content of communication vehicles will change depending on the stakeholder involved. This needs to be reflected by your plan. For example, you may have several rows for “Status Report” to cover the different stakeholders who will be receiving it.
      • Owner (of the message)
      • Distribution (method)
      • (Level of) details
        • High/medium/low + headings
    4. Document your stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Communications plan template

    4.2.5 – 45 minutes

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Communications Guidelines
    • Regardless of complexity, it is important not to overwhelm stakeholders with information that is not relevant to them. Sending more detailed information than is necessary might mean that it does not get read.
    • Distributing reports too widely may lead to people assuming that someone else is reading it, causing them to neglect reading it themselves.
    • Only distribute reports to the stakeholders who need the information. Think about what information that stakeholder requires to feel comfortable.

    Example: Identify and analyze stakeholders

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Status Report Sponsor Project progress and deliverable status Weekly Project Manager Email

    Details for

    • Milestones
    • Deliverables
    • Budget
    • Schedule
    • Issues
    Status Report Line of Business VP Project progress Monthly Project Manager Email

    High Level for

    • Major milestone update

    Build your requirements gathering process implementation timeline

    4.2.6 – 45 minutes

    Input
    • Parking lot items
    Output
    • Implementation timeline
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Build a high-level timeline for the implementation.

    1. Collect the action items identified throughout the week in the “parking lot.”
    2. Individually or in groups, brainstorm any additional action items. Consider communication, additional training required, approvals, etc.
      • Write these on sticky notes and add them to the parking lot with the others.
    3. As a group, start organizing these notes into logical groupings.
    4. Assign each of the tasks to a person or group.
    5. Identify any risks or dependencies.
    6. Assign each of the tasks to a timeline.
    7. Following the exercise, the facilitator will convert this into a Gantt chart using the roadmap for requirements gathering action plan.

    Step 3: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    The image shows a board with 5 categories: Documentation, Approval, Communication, Process, and Training. There are groups of post-it notes under each category title.

    Steps 4-6: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    This image shows a chart with Action Items to be listed in the left-most column, Person or Group Responsible in the next column, Risks/Dependencies in the next columns, and periods of time (i.e. 1-3 months, 2-6 months, etc.) in the following columns. The chart has been partially filled in as an exemplar.

    Recalculate the selected requirements gathering metrics

    Measure and monitor the benefits of requirements gathering optimization.

    • Reassess the list of selected and captured requirements management metrics.
    • Recalculate the metrics and analyze any changes. Don’t expect a substantial result after the first attempt. It will take a while for BAs to adjust to the Info-Tech Requirements Gathering Framework. After the third project, results will begin to materialize.
    • Understand that the project complexity and business significance will also affect how long it takes to see results. The ideal projects to beta the process on would be of low complexity and high business significance.
    • Realize that poor requirements gathering can have negative effects on the morale of BAs, IT, and project managers. Don’t forget to capture the impact of these through surveys.

    Major KPIs typically used for benchmarking include:

    • Number of application bugs/defects (for internally developed applications).
    • Number of support requests or help desk tickets for the application, controlled for user deployment levels.
    • Overall project cycle time.
    • Overall project cost.
    • Requirements gathering as a percentage of project time.

    Revisit the requirements gathering metrics selected in the planning phase and recalculate them after requirements gathering optimization has been attempted.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.2.1; 4.2.2; 4.2.3 – Build a requirements gathering steering committee

    The analyst will facilitate the discussion to define the purpose statement of the steering committee, build the participation list and authority matrix for its members, and define the procedures and agenda.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.2.4 Identify and analyze stakeholders

    An analyst will facilitate the discussion on how to identify the impact and level of resistance of all stakeholders to come up with the communication plan.

    4.2.5 Create a communications management plan

    An analyst will assist the team in building the communications management plan based on the stakeholders’ needs that were outlined in the stakeholder analysis exercise.

    4.2.6 Build a requirements gathering implementation timeline

    An analyst will facilitate a session to brainstorm and document any action items and build a high-level timeline for implementation.

    Insight breakdown

    Requirements gathering SOPs should be prescriptive based on project complexity.

    • Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques such as user stories.

    Requirements gathering management tools can be pricy, but they can also be beneficial.

    • Requirements gathering management tools are a great way to have full control over recording, analyzing, and categorizing requirements over complex projects.

    BAs can make or break the execution of the requirements gathering process.

    • A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Summary of accomplishment

    Knowledge Gained

    • Best practices for each stage of the requirements gathering framework:
      • Elicitation
      • Analysis
      • Validation
    • A clear understanding of BA competencies and skill sets necessary to successfully execute the requirements gathering process.

    Processes Optimized

    • Stakeholder identification and management.
    • Requirements elicitation, analysis, and validation.
    • Requirements gathering governance.
    • Change control processes for new requirements.
    • Communication processes for requirements gathering.

    Deliverables Completed

    • SOPs for requirements gathering.
    • Project level selection framework.
    • Communications framework for requirements gathering.
    • Requirements documentation standards.

    Organizations and experts who contributed to this research

    Interviews

    • Douglas Van Gelder, IT Manager, Community Development Commission of the County of Los Angeles
    • Michael Lyons, Transit Management Analyst, Metropolitan Transit Authority
    • Ken Piddington, CIO, MRE Consulting
    • Thomas Dong, Enterprise Software Manager, City of Waterloo
    • Chad Evans, Director of IT, Ontario Northland
    • Three anonymous contributors

    Note: This research also incorporates extensive insights and feedback from our advisory service and related research projects.

    Bibliography

    “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint Software Systems, 2012. Web.

    “BPM Definition.” BPMInstitute.org, n.d. Web.

    “Capturing the Value of Project Management.” PMI’s Pulse of the Profession, 2015. Web.

    Eby, Kate. “Demystifying the 5 Phases of Project Management.” Smartsheet, 29 May 2019. Web.

    “Product Management: MoSCoW Prioritization.” ProductPlan, n.d. Web.

    “Projects Delivered on Time & on Budget Result in Larger Market Opportunities.” Jama Software, 2015. Web.

    “SIPOC Table.” iSixSigma, n.d. Web.

    “Survey Principles.” University of Wisconsin-Madison, n.d. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    Implement an IT Employee Development Plan

    • Buy Link or Shortcode: {j2store}592|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • There is a growing gap between the competencies organizations have been focused on developing and what is needed in the future.
    • Employees have been left to drive their own development with little direction or support and without the alignment of development to organizational needs.
    • The pace of change in today’s environment demands new competencies while making others obsolete, and IT is challenged with keeping up with upskilling employees.

    Our Advice

    Critical Insight

    • Organizations position development as employee-owned, yet employees still feel like their needs aren’t being met, and many leave as a result.
    • Development needs to be employee-owned and manager-supported but also organization-informed to ensure that it meets the organization’s needs.
    • Today, operating environments change quickly, and organizations need to develop the competencies employees need both today and in the future.

    Impact and Result

    • Design employee development plans that build the competencies the organization and IT department need both today and in the future.
    • Equip managers and build program support to foster continuous learning and development.
    • Connect the right development opportunity to the right employee through an effective development planning process.

    Implement an IT Employee Development Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement effective development planning, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess employees' development needs

    Assist your employees in setting appropriate development goals.

    • Implement Effective Employee Development Planning – Phase 1: Assess Employees' Development Needs
    • IT Manager Job Aid: Employee Development
    • IT Employee Job Aid: Employee Development
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • IT Competency Library
    • Leadership Competencies Workbook

    2. Select appropriate activities for development

    Review existing and identify new development activities that employees can undertake to achieve their goals.

    • Implement Effective Employee Development Planning – Phase 2: Select Activities for Developing Prioritized Competencies
    • Learning Methods Catalog for IT Employees

    3. Build manager coaching skills

    Establish manager and employee follow-up accountabilities.

    • Implement Effective Employee Development Planning – Phase 3: Build Manager Coaching Skills to Support Employee Development
    • Role Play Coaching Scenarios
    [infographic]

    Do you believe in absolute efficiency?

    Weekend read. Hence I post this a bit later on Friday.
    Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

    Register to read more …

    Gain Real Insights with a Social Analytics Program

    • Buy Link or Shortcode: {j2store}561|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Social media is wildly popular with consumers and as a result, many businesses are starting to develop a presence on social media services like Facebook and Twitter. However, many businesses still struggle with understanding how to leverage consumer insights from these services to drive business decisions. They’re intimidated by the sheer volume of social data, and aren’t sure what to do about it.
    • Companies that do have an analytics program are often operating it on an ad-hoc basis rather than making an effort to integrate social insights with existing sourcing of consumer data. In doing this, they’re failing to make holistic decisions and missing out on valuable consumer and competitive insights.

    Our Advice

    Critical Insight

    • Social analytics are indispensable in gaining real-time insights across marketing, sales, and customer service. SMBs can use social analytics to gain valuable consumer insights at a significantly lower expense than traditional forms of market research.
    • The greatest value from social analytics comes when organizations marry social data sources with other forms of customer information, such as point-of-sale data, customer surveys, focus groups, and psychographic profiles.
    • Social analytics must be integrated with your broader BI program for maximum effect. Consider creating a Customer Insights Center of Excellence (CICOE) to serve as a one-stop shop for both traditional and social customer analytics.
    • IT has an invaluable role to play in helping to govern and manage the analytics program. A best-of-breed Social Media Management Platform is the key enabling technology for conducting analytics, and IT must assist with selection, implementation and operation of this solution.
    • Internal social analytics is an emerging field that allows you to gauge the sentiment of your employees, while turbocharging ideation and feedback processes. Social networking analysis is particularly valuable for internal analysis.

    Impact and Result

    • Understand the value of a social analytics program and the various departmental use cases – how social analytics improves decision making and boosts critical KPIs like revenue attainment and customer satisfaction.
    • Determine the different social metrics (such as sentiment and frequency analysis) your business should be tracking and how to turn metrics into deep consumer insights.
    • Follow a step-by-step guide for successfully executing a social analytics program across your organization.
    • Roll out an internal analytics program to gauge the sentiment of your employees, improve engagement, and understand informal influencer networks.

    Gain Real Insights with a Social Analytics Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine the organization’s use cases

    Decide which functional areas in the organization will benefit the most from using social data, and create use cases accordingly.

    • Storyboard: Gain Real Insights with a Social Analytics Program

    2. Define and interpret metrics

    Identify and evaluate key social analytics metrics and understand the importance of combining multiple metrics to get the most out of the analytics program.

    • Social Analytics Maturity Assessment

    3. Execute the social analytics program

    Leverage a cross-departmental Social Media Steering Committee and evaluate SMMPs and other social analytics tools.

    • Social Analytics Specialist
    • Social Analytics Business Plan

    4. Leverage internal social analytics

    Identify specific uses of internal social analytics: crowd-sourcing ideation, harvesting employee feedback, and rewarding internal brand advocates.

    [infographic]

    Select Software With the Right Satisfaction Drivers in Mind

    • Buy Link or Shortcode: {j2store}606|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Software selection needs to provide satisfaction. Across the board, satisfaction is easy to achieve in the short term, but long-term satisfaction is much harder to attain. It’s not clear what leads to long-term satisfaction, and it’s even more difficult to determine which software continuously delivers on key satisfaction drivers to support the business.

    Our Advice

    Critical Insight

    • Software satisfaction drops over time. After the initial purchase, the novelty factor of new software begins to wane, and only long-term satisfaction drivers sustain satisfaction after five years.
    • Surface-level satisfaction has immediate effects, but it only provides satisfaction in the short term. Deep satisfaction has a lasting impact that can shape organizational satisfaction and productivity in meaningful ways.
    • Empower IT decision makers with knowledge about what drives satisfaction in the top five and bottom five software vendors in spotlighted categories.

    Impact and Result

    • Reorient discussion around how software is implemented around satisfaction rather than what’s in fashion.
    • Identify software satisfaction drivers that provide deep satisfaction to get the most out of software over the long term.
    • Appreciate the best from the rest and learn which software categories and brands buck the trend of declining satisfaction.

    Select Software With the Right Satisfaction Drivers in Mind Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand what drives user satisfaction

    Gain insight on the various factors that influence software satisfaction.

    • Select Software With the Right Satisfaction Drivers in Mind Storyboard

    2. Learn what provides deep satisfaction

    Reduce the size of your RFPs or skip them entirely to limit time spent watching vendor dog and pony shows.

    3. Appreciate what separates the best from the rest

    Narrow the field to four contenders prior to in-depth comparison and engage in accelerated enterprise architecture oversight.

    [infographic]

    Manage an IT Budget

    • Buy Link or Shortcode: {j2store}70|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • IT is viewed as a cost center without a clear understanding of the value it provides.
    • After completing the budget, the CIO is faced with changing expectations, disruptions, new risks, and new threats.
    • IT departments often lack a reliable budget management process to keep itself on track towards its budget goals.
    • Over budgeting risks credibility if projects are not all delivered, while under budgeting risks not being able to execute important projects.

    Our Advice

    Critical Insight

    • Managing your budget is not just about numbers; it’s also about people and processes. Better relationships and a proper process leads to better management of your budget. Understand how your relationships and current processes might be leveraged to manage your budget.
    • No one likes to be over budget, but being under budget isn’t necessarily good either. Coming in under budget may mean that you are not accomplishing the initiatives that you promised you would, reflecting poor job performance.

    Impact and Result

    • Implement a formal budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track towards budget goals.
    • Manage the expectations of business stakeholders by communicating the links between IT spend and business value in a way that is easily understood by the business.
    • Control for under- or overspending by using Info Tech’s budget management tool and tactics.

    Manage an IT Budget Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the increasing expectations for IT departments to better manage their budgets, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document

    Create a streamlined documentation process that also considers the elements of people and technology.

    • Manage an IT Budget – Phase 1: Document
    • Manage Your IT Budget Tool

    2. Track

    Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner.

    • Manage an IT Budget – Phase 2: Track

    3. Control

    Leverage control mechanisms to manage variances in your budget.

    • Manage an IT Budget – Phase 3: Control
    [infographic]

    Workshop: Manage an IT Budget

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Budget

    The Purpose

    The first step of managing your IT budget is to make sure there is a properly documented budget that everyone agrees upon.

    Key Benefits Achieved

    A properly documented budget facilitates management and communication of the budget.

    Activities

    1.1 Review budget for the year.

    1.2 Document each budget in the tool.

    1.3 Review CAPEX vs. OPEX.

    1.4 Customize accounts to match your organization.

    Outputs

    Budget broken out into monthly increments and by each account.

    Budget documented in tool.

    Tool customized to reflect organization's specific accounts and terminology.

    2 Optimize Documentation Process

    The Purpose

    A proper documentation process forms the backbone for effective budget management.

    Key Benefits Achieved

    A streamlined documentation process with accurate inputs that also considers the elements of people and technology.

    Activities

    2.1 Draw out process flow of current documentation.

    2.2 Identify bottlenecks.

    2.3 Discuss and develop roadmap to solving bottlenecks.

    Outputs

    Process flow of current documentation process with identified bottlenecks.

    Plan to mitigate bottlenecks.

    3 Track and Control for Over- and Underspending

    The Purpose

    Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner. Then, leverage control mechanisms to manage variances in your budget.

    Key Benefits Achieved

    Tracking and controlling for variances will help the IT department stay on track towards its budget goals. It will also help with communicating IT’s value to the business.

    Activities

    3.1 Walk through the “Overview Bar.”

    3.2 Document actual expenses incurred in fiscal to date.

    3.3 Review the risk of over- and underspending.

    3.4 Use the reforecast column to control for over- and underspend.

    Outputs

    Assess the “Overview Bar.”

    Document actual expenditures and committed expenses up to the current date.

    Develop a strategy and roadmap for how you will mitigate any current under- or overspends.

    Reforecast expenditures for each account for each month for the remainder of the fiscal year.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    • Buy Link or Shortcode: {j2store}352|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $3,000 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.
    • Different parts of the organization have diverse views on how to govern and fund pieces of work, which leads to confusion when it comes to the role of project management.

    Our Advice

    Critical Insight

    There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.

    Impact and Result

    • Get alignment on the definition of projects and products.
    • Understand the differences between delivering projects and delivering products.
    • Line up your project management activities with the needs of Agile and product-centric projects.
    • Understand how funding can change when moving away from project-centric delivery.

    Define the Role of Project Management in Agile and Product-Centric Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the Role of Project Management in Agile and Product-Centric Delivery – A guide that walks you through how to define the role of project management in product-centric and Agile delivery environments.

    The activities in this research will guide you through clarifying how you want to talk about projects and products, aligning project management and agility, specifying the different activities for project management, and identifying key differences with funding of products instead of projects.

    • Define the Role of Project Management in Agile and Product-Centric Delivery Storyboard
    [infographic]

    Further reading

    Define the Role of Project Management in Agile and Product-Centric Delivery

    Projects and products are not mutually exclusive.

    Table of Contents

    3 Analyst Perspective

    4 Executive Summary

    7 Step 1.1: Clarify How You Want to Talk About Projects and Products

    13 Step 1.2: Align Project Management and Agility

    16 Step 1.3: Specify the Different Activities for Project Management

    20 Step 1.4: Identify Key Differences in Funding of Products Instead of Projects

    25 Where Do I Go Next?

    26 Bibliography

    Analyst Perspective

    Project management still has an important role to play!

    When moving to more product-centric delivery practices, many assume that projects are no longer necessary. That isn’t necessarily the case!

    Product delivery can mean different things to different organizations, and in many cases it can involve the need to maintain both projects and project delivery.

    Projects are a necessary vehicle in many organizations to drive value delivery, and the activities performed by project managers still need to be done by someone. It is the form and who is involved that will change the most.

    Photo of Ari Glaizel, Practice Lead, Applications Delivery and Management, Info-Tech Research Group.

    Ari Glaizel
    Practice Lead, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
    • In response, they are moving to more product-centric delivery practices.
    • Previously, project managers focused on the delivery of objectives through a project, but changes in delivery practices result in de-emphasizing this. What should project managers should be doing?
    Common Obstacles
    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.
    • Different parts of the organization have very specific views on how to govern and fund pieces of work, which leads to confusion about the role of project management.
    Info-Tech’s Approach
    • Get alignment on the definition of projects and products.
    • Understand the differences between delivering projects and products.
    • Line up your project management activities with the needs of Agile and product-centric projects.
    • Understand how funding can change when moving away from project-centric delivery.

    Info-Tech Insight

    There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.

    Your evolution of delivery practice is not a binary switch

    1. PROJECTS WITH WATERFALL The project manager is accountable for delivery of the project, and the project manager owns resources and scope.
    2. PROJECTS WITH AGILE DELIVERY A transitional state where the product owner is accountable for feature delivery and the project manager accountable for the overall project.
    3. PRODUCTS WITH AGILE PROJECT AND OPERATIONAL DELIVERY The product owner is accountable for the delivery of the project and products, and the project manager plays a role of facilitator and enabler.
    4. PRODUCTS WITH AGILE DELIVERY Delivery of products can happen without necessarily having projects. However, projects could be instantiated to cover major initiatives.

    Info-Tech Insight

    • Organizations do not need to go to full product and Agile delivery to improve delivery practices! Every organization needs to make its own determination on how far it needs to go. You can do it in one step or take each step and evaluate how well you are delivering against your goals and objectives.
    • Many organizations will go to Products With Agile Project and Operational Delivery, and some will go to Products With Agile Delivery.

    Activities to undertake as you transition to product-centric delivery

    1. PROJECTS WITH WATERFALL
      • Clarify how you want to talk about projects and products. The center of the conversation will start to change.
    2. PROJECTS WITH AGILE DELIVERY
      • Align project management and agility. They are not mutually exclusive (but not necessarily always aligned).
    3. PRODUCTS WITH AGILE PROJECT AND OPERATIONAL DELIVERY
      • Specify the different activities for project management. As you mature your product practices, project management becomes a facilitator and collaborator.
    4. PRODUCTS WITH AGILE DELIVERY
      • Identify key differences in funding. Delivering products instead of projects requires a change in the focus of your funding.

    Step 1.1

    Clarify How You Want to Talk About Projects and Products

    Activities
    • 1.1.1 Define “product” and “project” in your context
    • 1.1.2 Brainstorm potential changes in the role of projects as you become Agile and product-centric

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • An understanding of how the role can change through the evolution from project to more product-centric practices

    Definition of terms

    Project

    “A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio.” (PMBOK, PMI)
    Stock image of an open head with a city for a brain.

    Product

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.” (Deliver on Your Digital Product Vision, Info-Tech Research Group)

    Info-Tech InsightLet these definitions be a guide, not necessarily to be taken verbatim. You need to define these terms in your context based on your particular needs and objectives. The only caveat is to be consistent with your usage of these terms in your organization.

    1.1.1 Define “product” and “project” in your context

    30-60 minutes

    Output: Your enterprise/organizational definition of products and projects

    Participants: Executives, Product/project managers, Applications teams

    1. Discuss what “product” and “project” mean in your organization.
    2. Create common, enterprise-wide definitions for “product” and “project.”
    3. Screenshot of the previous slide's definitions of 'Project' and 'Product'.

    Agile and product management does not mean projects go away

    Diagram laying out the roadmap for 'Continuous delivery of value'. Beginning with 'Projects With Agile Delivery' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Products With Agile Project and Operational Delivery' and 'Products With Agile Delivery' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

    Projects Within Products

    Regardless of whether you recognize yourself as a “product-based” or “project-based” shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build or implement a version of an application or product.

    You also have parallel services along with your project development that encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Info-Tech Note

    As your product transformation continues, projects can become optional and needed only as part of your organization’s overall delivery processes

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects — Funding –› Fund teams
    Line-of-business sponsor — Prioritization –› Product owner
    Project owner — Accountability –› Product owner
    Makes specific changes to a product —Product management –› Improves product maturity and support of the product
    Assignment of people to work — Work allocation –› Assignment of work to product teams
    Project manager manages — Capacity management –› Team manages

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development and implementation work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    1.1.2 Brainstorm potential changes in the role of projects as you become Agile and product-centric

    5-10 minutes

    Output: Increased appreciation of the relationship between project and product delivery

    Participants: Executives, Product/project managers, Applications teams

    • Discuss as a group:
      • What stands out in the evolution from project to product?
      • What concerns do you have with the change?
      • What will remain the same?
      • Which changes feel the most impactful?
      • Screenshot of the slide's 'Continuous delivery of value' diagram.

    Step 1.2

    Align Project Management and Agility

    Activities
    • 1.2.1 Explore gaps in Agile/product-centric delivery of projects

    This step involves the following participants:

    • Executives
    • Product/Project managers
    • Applications teams

    Outcomes of this step

    • A clearer view of how agility can be introduced into projects.

    Challenges with the project management role in Agile and product-centric organizations

    Many project managers feel left out in the cold. That should not be the case!

    In product-centric, Agile teams, many roles that a project manager previously performed are now taken care of to different degrees by the product owner, delivery team, and process manager.

    The overall change alters the role of project management from one that orchestrates all activities to one that supports, monitors, and escalates.

    Product Owner
    • Defines the “what” and heavily involved in the “when” and the “why”
    • Accountable for delivery of value
    Delivery team members
    • Define the “how”
    • Accountable for building and delivering high-quality deliverables
    • Can include roles like user experience, interaction design, business analysis, architecture
    Process Manager
    • Facilitates the other teams to ensure valuable delivery
    • Can potentially, in a Scrum environment, play the scrum master role, which involves leading scrums, retrospectives, and sprint reviews and working to resolve team issues and impediments
    • Evolves into more of a facilitator and communicator role

    1.2.1 Explore gaps in Agile/ product-centric delivery of projects

    5-10 minutes

    Output: An assessment of what is in the way to effectively deliver on Agile and product-focused projects

    Participants: Executives, Product/project managers, Applications teams

    • Discuss as a group:
      • What project management activities do you see in Agile/product roles?
      • What gaps do you see?
      • How can project management help Agile/product teams be successful?

    Step 1.3

    Specify the Different Activities for Project Management

    Activities
    • 1.3.1 Articulate the changes in a project manager’s role

    This step involves the following participants:

    • Executives
    • Product/Project managers
    • Applications teams

    Outcomes of this step

    • An understanding of the role of project management in an Agile and product context

    Kicking off the project

    Product-centric delivery still requires key activities to successfully deliver value. Where project managers get their information from does change.

    Stock photo of many hands grabbing a 2D rocketship.
    Project Charter

    Project managers should still define a charter and capture the vision and scope. The vision and high-level scope is primarily defined by the product owner.

    Key Stakeholders and Communication

    Clearly defining stakeholders and communication needs is still important. However, they are defined based on significant input and cues by the product owner.

    Standardizing on Tools and Processes

    To ensure consistency across projects, project managers will want to align tools to how the team manages their backlog and workflow. This will smooth communication about status with stakeholders.

    Info-Tech Insight

    1. Product management plays a similar role to the one that was traditionally filled by the project sponsor except for a personal accountability to the product beyond the life of the project.
    2. When fully transitioned to product-centric delivery, these activities could be replaced by a product canvas. See Deliver on Your Digital Product Vision for more information.

    During the project: Three key activities

    The role of project management evolves from a position of ownership to a position of communication, collaboration, and coordination.

    1. Support
      • Communicate Agile/product team needs to leadership
      • Liaise and co-ordinate for non-Agile/product-focused parts of the organization
      • Coach members of the team
    2. Monitoring
      • Regular status updates to PMO still required
      • Metrics aligned with Agile/product practices
      • Leverage similar tooling and approaches to what is done locally on Agile/product teams (if possible)
    3. Escalation
      • Still a key escalation point for roadblocks that go outside the product teams
      • Collaborate closely with Agile/product team leadership and scrum masters (if applicable)
    Cross-section of a head, split into three levels with icons representing the three steps detailed on the left, 'Support', 'Monitoring', and 'Escalation'.

    1.3.1: Articulate the changes in a project manager’s role

    5-10 minutes

    Output: Current understanding of the role of project management in Agile/product delivery

    Participants: Executives, Product/project managers, Applications teams

    Why is this important?

    Project managers still have a role to play in Agile projects and products. Agreeing to what they should be doing is critical to successfully moving to a product-centric approach to delivery.

    • Review how Info-Tech views the role of project management at project initiation and during the project.
    • Review the state of your Agile and product transformation, paying special attention to who performs which roles.
    • Discuss as a group:
      • What are the current activities of project managers in your organization?
      • Based on how you see delivery practices evolving, what do you see as the new role of project managers when it comes to Agile-centric and product-centric delivery.

    Step 1.4

    Identify Key Differences in Funding of Products Instead of Projects

    Activities
    • 1.4.1 Discuss traditional versus product-centric funding methods

    This step involves the following participants:

    • Executives
    • Product owners
    • Product managers
    • Project managers
    • Delivery managers

    Outcomes of this step

    • Identified differences in funding of products instead of projects

    Planning and budgeting for products and families

    Reward for delivering outcomes, not features

    Autonomy

    Icon of a diamond.

    Fund what delivers value

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Flexibility

    Icon of a dollar sign.

    Allocate iteratively

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Arrow cycling right in a clockwise motion.



    Arrow cycling left in a clockwise motion.

    Accountability

    Icon of a target.

    Measure and adjust

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Stock image of two suited hands exchanging coins.

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    (Adapted from Bain & Company)

    Budgeting approaches must evolve as you mature your product operating environment

    TRADITIONAL PROJECTS WITH WATERFALL DELIVERY TRADITIONAL PROJECTS WITH AGILE DELIVERY PRODUCTS WITH AGILE PROJECT DELIVERY PRODUCTS WITH AGILE DELIVERY

    WHEN IS THE BUDGET TRACKED?

    Budget tracked by major phases Budget tracked by sprint and project Budget tracked by sprint and project Budget tracked by sprint and release

    HOW ARE CHANGES HANDLED?

    All change is by exception Scope change is routine; budget change is by exception Scope change is routine; budget change is by exception Budget change is expected on roadmap cadence

    WHEN ARE BENEFITS REALIZED?

    Benefits realization post project completion Benefits realization ongoing throughout the life of the project Benefits realization ongoing throughout the life of the product Benefits realization ongoing throughout life of the product

    WHO DRIVES?

    Project Manager
    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast
    Product Owner
    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast
    Product Manager
    • Product portfolio team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
    Product Manager
    • Product family team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
    ˆ ˆ
    Hybrid Operating Environments

    Info-Tech Insight

    As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability adapt to change and drive the right outcomes!

    1.4.1 Discuss traditional versus product-centric funding methods

    30 minutes

    Output: Understanding of funding principles and challenges

    Participants: Executives, Product owners, Product managers, Project managers, Delivery managers

    1. Discuss how projects are currently funded.
    2. Review how the Agile/product funding models differ from how you currently operate.
    3. What changes do you need to consider to support a product delivery model?
    4. For each change, identify the key stakeholders and list at least one action to take.

    Case Study

    Global Digital Financial Services Company

    This financial services company looked to drive better results by adopting more product-centric practices.

    • Its projects exhibited:
      • High complexity/strong dependencies between components
      • High implementation effort
      • High clarification/reconciliation (more than two departments involved)
      • Multiple methodologies (Agile/Waterfall/Hybrid)
    • The team recognized they could not get rid of projects entirely, but getting to a level where there was a coordinated delivery between projects and products being implemented is important.
    Results
    • Moving several initiatives to more product-centric practices allowed for:
      • Delivery within current assigned capacity
      • Limited need for coordination across departments
      • Lower complexity
      • A unified Agile approach to delivery
    • Through balancing the needs of projects and products, there were three key insights about the project management’s role:
      • The role of project management changes depending on the context of the work. There is no one-size-fits-all definition.
      • Project management played a much bigger role when work spanned multiple products and business units.
      • Project management was used as a key coordinator when delivery became complicated and multilayered.
    Example of a company where practices fall equally into 'Project' and 'Product' categories, with some being shared by both.
    Example of a product-centric company where practices fall mainly into the 'Product category', leaving only one in 'Project'.

    Where Do I Go Next?

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Prepare an Actionable Roadmap for Your PMO

    • Turn planning into action with a realistic PMO timeline.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Tailor IT Project Management Processes to Fit Your Projects

    • Spend less time managing processes and more time delivering results.

    Bibliography

    Cobb, Chuck. “Are there Project Managers in Agile?” High Impact Project Management, n.d. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software, 6 Sept. 2016. Web.

    Cobb, Chuck. “Agile Project Manager Job Description.” High Impact Project Management, n.d. Web.

    “How do you define a product?” Scrum.org, 4 April 2017. Web.

    Johnson, Darren, et al. “How to Plan and Budget for Agile at Scale.” Bain & Company, 8 Oct. 2019. Web.

    “Product Definition.” SlideShare, uploaded by Mark Curphey, 25 Feb. 2007. Web.

    Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.

    Schuurman, Robbin. “Scrum Master vs Project Manager – An Overview of the Differences.” Scrum.org, 11 Feb 2020. Web.

    Schuurman, Robbin. “Product Owner vs Project Manager.” Scrum.org, 12 March 2020. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management.” Academia.edu, 2010. Web.

    “What is a Developer in Scrum?” Scrum.org, n.d. Web.

    “What is a Scrum Master?” Scrum.org, n.d. Web.

    “What is a Product Owner?” Scrum.org, n.d. Web.

    Create a Work-From-Anywhere Strategy

    • Buy Link or Shortcode: {j2store}323|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 33 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    Work-from-anywhere isn’t going anywhere. During the initial rush to remote work, tech debt was highlighted and the business lost faith in IT. IT now needs to:

    • Rebuild trust with the CXO.
    • Identify gaps created from the COVID-19 rush to remote work.
    • Identify how IT can better support remote workers.

    IT went through an initial crunch to enable remote work. It’s time to be proactive and learn from our mistakes.

    Our Advice

    Critical Insight

    • It’s not about embracing the new normal; it’s about resiliency and long-term success. Your strategy needs to not only provide short-term operational value but also make the organization more resilient for the unknown risks of tomorrow.
    • The nature of work has fundamentally changed. IT departments must ensure service continuity, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.
    • Ensure short-term survival. Don’t focus on becoming an innovator until you are no longer stuck in firefighting.
    • Aim for near-term innovation. Once you’re a trusted operator, become a business partner by helping the business better adapt business processes and operations to work-from-anywhere.

    Impact and Result

    Follow these steps to build a work-from-anywhere strategy that resonates with the business:

    • Identify a vision that aligns with business goals.
    • Design the work-from-anywhere value proposition for critical business roles.
    • Benchmark your current maturity.
    • Build a roadmap for bridging the gap.

    Benefit employees’ remote working experience while ensuring that IT heads in a strategic direction.

    Create a Work-From-Anywhere Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a work-from-anywhere strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a target state

    Identify a vision that aligns with business goals, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.

    • Work-From-Anywhere Strategy Template
    • Work-From-Anywhere Value Proposition Template

    2. Analyze current fitness

    Don’t focus on becoming an innovator until you are no longer stuck in firefighting mode.

    3. Build a roadmap for improving enterprise apps

    Use these blueprints to improve your enterprise app capabilities for work-from-anywhere.

    • Microsoft Teams Cookbook – Sections 1-2
    • Rationalize Your Collaboration Tools – Phases 1-3
    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard
    • The Rapid Application Selection Framework Deck

    4. Build a roadmap for improving strategy, people & leadership

    Use these blueprints to improve IT’s strategy, people & leadership capabilities for work-from-anywhere.

    • Define Your Digital Business Strategy – Phases 1-4
    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Sustain Work-From-Home in the New Normal Storyboard
    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Manage Poor Performance While Working From Home Storyboard
    • The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Storyboard

    5. Build a roadmap for improving infrastructure & operations

    Use these blueprints to improve infrastructure & operations capabilities for work-from-anywhere.

    • Stabilize Infrastructure & Operations During Work-From-Anywhere – Phases 1-3
    • Responsibly Resume IT Operations in the Office – Phases 1-5
    • Execute an Emergency Remote Work Plan Storyboard
    • Build a Digital Workspace Strategy – Phases 1-3

    6. Build a roadmap for improving IT security & compliance capabilities

    Use these blueprints to improve IT security & compliance capabilities for work-from-anywhere.

    • Cybersecurity Priorities in Times of Pandemic Storyboard
    • Reinforce End-User Security Awareness During Your COVID-19 Response Storyboard

    Infographic

    Workshop: Create a Work-From-Anywhere Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Target State

    The Purpose

    Define the direction of your work-from-anywhere strategy and roadmap.

    Key Benefits Achieved

    Base your decisions on senior leadership and user needs.

    Activities

    1.1 Identify drivers, benefits, and challenges.

    1.2 Perform a goals cascade to align benefits to business needs.

    1.3 Define a vision and success metrics.

    1.4 Define the value IT brings to work-from-anywhere.

    Outputs

    Desired benefits for work-from-anywhere

    Vision statement

    Mission statement

    Success metrics

    Value propositions for in-scope user groups

    2 Review In-Scope Capabilities

    The Purpose

    Focus on value. Ensure that major applications and IT capabilities will relieve employees’ pains and provide them with gains.

    Key Benefits Achieved

    Learn from past mistakes and successes.

    Increase adoption of resulting initiatives.

    Activities

    2.1 Review work-from-anywhere framework and identify capability gaps.

    2.2 Review diagnostic results to identify satisfaction gaps.

    2.3 Record improvement opportunities for each capability.

    2.4 Identify deliverables and opportunities to provide value for each.

    2.5 Identify constraints faced by each capability.

    Outputs

    SWOT assessment of work-from-anywhere capabilities

    Projects and initiatives to improve capabilities

    Deliverables and opportunities to provide value for each capability

    Constraints with each capability

    3 Build the Roadmap

    The Purpose

    Build a short-term plan that allows you to iterate on your existing strengths and provide early value to your users.

    Key Benefits Achieved

    Provide early value to address operational pain points.

    Build a plan to provide near-term innovation and business value.

    Activities

    3.1 Organize initiatives into phases.

    3.2 Identify tasks for short-term initiatives.

    3.3 Estimate effort with Scrum Poker.

    3.4 Build a timeline and tie phases to desired business benefits.

    Outputs

    Prioritized list of initiatives and phases

    Profiles for short-term initiatives

    IT Management and Policies

    • Buy Link or Shortcode: {j2store}23|cart{/j2store}
    • Related Products: {j2store}23|crosssells{/j2store}
    • InfoTech Academy Title: IT management and policies videos
    • InfoTech Academy Excerpt: More videos are available once you join. Contact us for more information.
    • Teaser Video: Visit Website
    • Teaser Video Title: Policies Academy Overview
    • member rating overall impact: 9.5/10
    • member rating average dollars saved: $23101
    • member rating average days saved: 11
    • Parent Category Name: Strategy and Governance
    • InfotechAcademy-Executivebrief: Visit Website
    • Parent Category Link: /strategy-and-governance
    Create policies that matter most to your organization.

    Management, policy, policies

    The MVP Major Incident Manager

    The time has come to hire a new major incident manager. How do you go about that? How do you choose the right candidate? Major incident managers must have several typically conflicting traits, so how do you pick the right person? Let's dive into that.

    Register to read more …

    Passwordless Authentication

    • Buy Link or Shortcode: {j2store}466|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing
    • Parent Category Link: /end-user-computing
    • Stakeholders believe that passwords are still good enough.
    • You don’t know how the vendor products match to the capabilities you need to offer.
    • What do you need to test when you prototype these new technologies?
    • What associated processes/IT domains will be impacted or need to be considered?

    Our Advice

    Critical Insight

    Passwordless is the right direction even if it’s not your final destination.

    Impact and Result

    • Be able to handle objections from those who believe passwords are still “fine.”
    • Prioritize the capabilities you need to offer the enterprise, and match them to products/features you can buy from vendors.
    • Integrate passwordless initiatives with other key functions (cloud, IDaM, app rationalization, etc.).

    Passwordless Authentication Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Passwordless Authentication – Know when you’ve been beaten!

    Back in 2004 we were promised "the end of passwords" – why, then, are we still struggling with them today?

    • Passwordless Authentication Storyboard
    [infographic]

    Further reading

    Passwordless Authentication

    Know when you've been beaten!

    Executive Summary

    Your Challenge

    • The IT world is an increasingly dangerous place.
    • Every year literally billions of credentials are compromised and exposed on the internet.
    • The average employee has between 27 and 191 passwords to manage.
    • The line between business persona and personal persona has been blurred into irrelevancy.
    • You need a method of authenticating users that is up to these challenges

    Common Obstacles

    • Legacy systems aside (wouldn't that be nice) this still won't be easy.
    • Social inertia – passwords worked before, so surely, they can still work today! Besides, users don't want to change.
    • Analysis paralysis – I don't want to get this wrong! How do I choose something that is going to be at the core of my infrastructure for the next 10 years?
    • Identity management – how can you fix authentication when people have multiple usernames?

    Info-Tech's Approach

    • Inaction is not an option.
    • Most commercial, off-the-shelf apps are moving to a SaaS model, so start your efforts with them.
    • Your existing vendors already have technologies you are underusing or ignoring – stop that!
    • Your users want this change – they just might not know it yet…
    • Much like zero trust network access, the journey is more important than the destination. Incremental steps on the path toward passwordless authentication will still yield significant benefits.

    Info-Tech Insight

    Users have been burdened with unrealistic expectations when it comes to their part in maintaining enterprise security. Given the massive rise in the threat landscape, it is time for Infrastructure to adopt a user-experience-based approach if we want to move the needle on improving security posture.

    Password Security Fallacy

    "If you buy the premise…you buy the bit."
    Johnny Carson

    We've had plenty of time to see this coming.

    Why haven't we done something?

    • Passwords are a 1970s construct.
    • End-users are complexity averse.
    • Credentials are leaked all the time.
    • New technologies will defeat even the most complex passwords.

    Build the case, both to business stakeholders and end users, that "password" is not a synonym for "security."

    Be ready for some objection handling!

    This is an image of Bill Gates and Gavin Jancke at the 2004 RSA Conference in San Francisco, CA

    Image courtesy of Microsoft

    RSA Conference, 2004
    San Francisco, CA

    "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
    Bill Gates

    What about "strong" passwords?

    There has been a password arms race going on since 1988

    A massive worm attack against ARPANET prompted the initial research into password strength

    Password strength can be expressed as a function of randomness or entropy. The greater the entropy the harder for an attacker to guess the password.

    This is an image of Table 1 from Google Cloud Solutions Architects.  it shows the number of bits of entropy for a number of Charsets.

    Table: Modern password security for users
    Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects

    From this research, increasing password complexity (length, special characters, etc.) became the "best practice" to secure critical systems.

    How many passwords??

    XKCD Comic #936 (published in 2011)

    This is an image of XKCD Comic # 936.

    Image courtesy of Randall Munroe XKCD Comics (CC BY-NC 2.5)

    It turns out that humans however are really bad at remembering complex passwords.

    An Intel study (2016) suggested that the average enterprise employee needed to remember 27 passwords. A more recent study from LastPass puts that number closer to 191.

    PEBKAC
    Problem Exists Between Keyboard and Chair

    Increasing entropy is the wrong way to fight this battle – which is good because we'd lose anyway.

    Over the course of a single year, researchers at the University of California, Berkeley identified and tracked nearly 2 billion compromised credentials.

    3.8 million were obtained via social engineering, another 788K from keyloggers. That's approx. 250,000 clear text credentials harvested every week!

    The entirety of the password ecosystem has significant vulnerabilities in multiple areas:

    • Unencrypted server- and client-side storage
    • Sharing
    • Reuse
    • Phishing
    • Keylogging
    • Question-based resets

    Even the 36M encrypted credentials compromised every week are just going to be stored and cracked later.

    Source: Google, University of California, Berkeley, International Computer Science Institute

     data-verified=22B hash/s">

    Image courtesy of NVIDIA, NVIDIA Grace

    • Current GPUs (2021) have 200+ times more cracking power than CPU systems.

    <8h 2040-bit RSA Key

    Image: IBM Quantum System One (CES 2020) by IBM Research is licensed under CC BY-ND 2.0

    • Quantum computing can smash current encryption methods.
    • Google engineers have demonstrated techniques that reduce the number of qubits required from 1B to a mere 20 million

    Enabling Technologies

    "Give me a place to stand, and a lever long enough, and I will move the world."
    Archimedes

    Technology gives us (too many) options

    The time to prototype is NOW!

    Chances are you are already paying for one or more of these technologies from a current vendor:

    • SSO, password managers
    • Conditional access
    • Multifactor
    • Hardware tokens
    • Biometrics
    • PINs

    Address all three factors of authentication

    • Something the user knows
    • Something the user has
    • Something the user is

    Global Market of $12.8B
    ~16.7% CAGR
    Source: Report Linker, 2022.

    Focus your prototype efforts in four key testing areas

    • Deployment
    • User adoption/training
    • Architecture (points of failure)
    • Disaster recovery

    Three factors for positive identification

    Passwordless technologies focus on alternate authentication factors to supplement or replace shared secrets.

    Knows: A secret shared between the user and the system; Has: A token possessed by the user and identifiable as unique by the system; Is: A distinctive and repeatable attribute of the user sampled by the system

    Something you know

    Shared secrets have well-known significant modern-day problems, but only when used in isolation. For end users, consider time-limited single use options, password managers, rate-limited login attempts, and reset rather than retrieval requests. On the system side, never forget strong cryptographic hashing along with a side of salt and pepper when storing passwords.

    Something you have

    A token (now known as a cryptographic identification device) such as a pass card, fob, smartphone, or USB key that is expected to be physically under the control of the user and is uniquely identifiable by the system. Easily decoupled in the event the token is lost, but potentially expensive and time-consuming to reprovision.

    Something you are or do

    Commonly referred to as biometrics, there are two primary classes. The first is measurable physical characteristics of the user such as a fingerprint, facial image, or retinal scan. The second class is a series of behavioral traits such as expected location, time of day, or device. These traits can be linked together in a conditional access policy.

    Unlike other authentication factors, biometrics DO NOT provide for exact matches and instead rely on a confidence interval. A balance must be struck against the user experience of false negatives and the security risk of a false positive.

    Prototype testing criteria

    Deployment

    Does the solution support the full variety of end-user devices you have in use?

    Can the solution be configured with your existing single sign-on or central identity broker?

    User Experience

    Users already want a better experience than passwords.

    What new behavior are you expecting (compelling) from the user?

    How often and under what conditions will that behavior occur?

    Architecture

    Where are the points of failure in the solution?

    Consider technical elements like session thresholds for reauthorization, but also elements like automation and self-service.

    Disaster Recovery

    Understand the exact responsibilities Infra&Ops have in the event of a system or user failure.

    As many solutions are based in the public cloud, manage stakeholder expectations accordingly.

    Next Steps

    "Move the goalposts…and declare victory."
    Informal Fallacy (yet very effective…)

    It is more a direction than a destination…

    Get the easy wins in the bank and then lay the groundwork for the long campaign ahead.

    You're not going to get to a passwordless world overnight. You might not even get there for many years. But an agile approach to the journey ensures you will realize value every step of the way:

    • Start in the cloud:
    • Choose a single sign-on platform such as Azure Active Directory, Okta, Auth0, AWS IAM, TruSONA, HYPR, or others. Document Your Cloud Strategy.
    • Integrate the SaaS applications from your portfolio with your chosen platform.
    • Establish visibility and rationalize identity management:
      • Accounts with elevated privileges present the most risk – evaluate your authentication factors for these accounts first.
      • There is elegance (and deployment success) in Simplifying Identity & Access Management.
    • Pay your tech debt:

    Fast IDentity Online (2) is now part of the web's DNA and is critical for digital transformation

    • IoT
    • Anywhere remote work
    • Government identity services
    • Digital wallets

    Bibliography

    "Backup Vs. Archiving: Know the Difference." Open-E. Accessed 05 Mar 2022.Web.
    G, Denis. "How to Build Retention Policy." MSP360, Jan 3, 2020. Accessed 10 Mar 2022.
    Ipsen, Adam. "Archive Vs. Backup: What's the Difference? A Definition Guide." BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.
    Kang, Soo. "Mitigating the Expense of E-Discovery; Recognizing the Difference Between Back-Ups and Archived Data." Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.
    Mayer, Alex. "The 3-2-1 Backup Rule – An Efficient Data Protection Strategy." Naviko. Accessed 12 Mar 2022.
    Steel, Amber. "LastPass Reveals 8 Truths about Passwords in the New Password Exposé." LastPass Blog, 1 Nov. 2017. Web.
    "The Global Passwordless Authentication Market Size Is Estimated to Be USD 12.79 Billion in 2021 and Is Predicted to Reach USD 53.64 Billion by 2030 With a CAGR of 16.7% From 2022-2030." Report Linker, 9 June 2022. Web.
    "What Is Data-Archiving?" Proofpoint. Accessed 07 Mar 2022.

    Present Security to Executive Stakeholders

    • Buy Link or Shortcode: {j2store}262|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders find it challenging to convey the necessary information to obtain support for security objectives.
    • Changes to the threat landscape and shifts in organizational goals exacerbate the issue, as they impact security leaders' ability to prioritize topics to be communicated.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.

    Our Advice

    Critical Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and ensuring that you have met your goal.

    Impact and Result

    • Developing a thorough understanding of the security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Present Security to Executive Stakeholders Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Present Security to Executive Stakeholders – A step-by-step guide to communicating security effectively to obtain support from decision makers.

    Use this as a guideline to assist you in presenting security to executive stakeholders.

    • Present Security to Executive Stakeholders Storyboard

    2. Security Presentation Templates – A set of security presentation templates to assist you in communicating security to executive stakeholders.

    The security presentation templates are a set of customizable templates for various types of security presentation including:

    • Present Security to Executive Stakeholders Templates

    Infographic

    Further reading

    Present Security to Executive Stakeholders

    Learn how to communicate security effectively to obtain support from decision makers.

    Analyst Perspective

    Build and deliver an effective security communication to your executive stakeholders.

    Ahmad Jowhar

    As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected.

    However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging.

    Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives.

    Ahmad Jowhar
    Research Specialist, Security & Privacy

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Many security leaders struggle to decide what to present and how to present security to executive stakeholders.
    • Constant changes in the security threat landscape impacts a security leader’s ability to prioritize topics to be communicated.
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.
    • Developing a thorough understanding of security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Info-Tech Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Your challenge

    As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.

    • When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
    • This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
    • Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.

    76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.

    62% find it difficult to balance the risk of too much detail and need-to-know information.

    41% find it challenging to communicate effectively with a mixed technical and non-technical audience.

    Source: Deloitte, 2022

    Common obstacles

    There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:

    • Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
    • The issue has been amplified, with security threats constantly increasing across all industries.
    • However, security leaders don’t feel that they are in a position to make themselves heard.
    • The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
    • Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.

    9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.

    77% of organizations have seen an increase in the number of attacks in 2021.

    56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.

    Source: EY, 2021
    The image contains a screenshot of an Info-Tech Thoughtmodel titled: Presenting Security to Executive Stakeholders.

    Info-Tech’s methodology for presenting security to executive stakeholders

    1. Identify communication goals

    2. Collect information to support goals

    3. Develop communication

    4. Deliver communication

    Phase steps

    1. Identify drivers for communicating to executives
    2. Define your goals for communicating to executives
    1. Identify data to collect
    2. Plan how to retrieve data
    1. Plan communication
    2. Build a compelling communication document
    1. Deliver a captivating presentation
    2. Obtain/verify goals

    Phase outcomes

    A defined list of drivers and goals to help you develop your security presentations

    A list of data sources to include in your communication

    A completed communication template

    A solidified understanding of how to effectively communicate security to your stakeholders

    Develop a structured process for communicating security to your stakeholders

    Security presentations are not a one-way street
    The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Identifying your goals is the foundation of an effective presentation
    Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.

    Harness the power of data
    Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.

    Take your audience on a journey
    Developing a storytelling approach will help engage with your audience.

    Win your audience by building a rapport
    Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.

    Tactical insight
    Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.

    Tactical insight
    Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.

    Project deliverables

    This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

    Report on Security Initiatives
    Template showing how to inform executive stakeholders of security initiatives.

    Report on Security Initiatives.

    Security Metrics
    Template showing how to inform executive stakeholders of current security metrics that would help drive future initiatives.

    Security Metrics.

    Security Incident Response & Recovery
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    Security Incident Response & Recovery

    Security Funding Request
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    Security Funding Request

    Key template:

    Security and Risk Update

    Template showing how to inform executive stakeholders of proactive security and risk initiatives.

    Blueprint benefits

    IT/InfoSec benefits

    Business benefits

    • Reduce effort and time spent preparing cybersecurity presentations for executive stakeholders by having templates to use.
    • Enable security leaders to better prepare what to present and how to present it to their executive stakeholders, as well as driving the required outcomes from those presentations.
    • Establish a best practice for communicating security and IT to executive stakeholders.
    • Gain increased awareness of cybersecurity and the impact executive stakeholders can have on improving an organization’s security posture.
    • Understand how security’s alignment with the business will enable the strategic growth of the organization.
    • Gain a better understanding of how security and IT objectives are developed and justified.

    Measure the value of this blueprint

    Phase

    Measured Value (Yearly)

    Phase 1: Identify communication goals

    Cost to define drivers and goals for communicating security to executives:

    16 FTE hours @ $233K* =$1,940

    Phase 2: Collect information to support goals

    Cost to collect and synthesize necessary data to support communication goals:

    16 FTE hours @ $233K = $1,940

    Phase 3: Develop communication

    Cost to develop communication material that will contextualize information being shown:

    16 FTE hours @ $233K = $1,940

    Phase 4: Deliver communication

    Potential Savings:

    Total estimated effort = $5,820

    Our blueprint will help you save $5,820 and over 40 FTE hours

    * The financial figure depicts the annual salary of a CISO in 2022

    Source: Chief Information Security Officer Salary.” Salary.com, 2022

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Phase 1

    Identify communication goals

    Phase 1 Phase 2 Phase 3 Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding the different drivers for communicating security to executive stakeholders
    • Identifying different communication goals

    This phase involves the following participants:

    • Security leader

    1.1. Identify drivers for communicating to executive stakeholders

    As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.

    However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.

    39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.

    Source: EY, 2021.

    Info-Tech Insight

    Not all security presentations are the same. Keep your communication strategy and processes agile.

    Know your drivers for security presentations

    By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.

    • These meetings, which are usually held once per quarter, provide you with less than one hour of presentation time.
    • Hence, it is crucial to know why you need to present security and whether these drivers are similar across the other presentations.

    Understanding drivers will also help you understand how to present security to executive stakeholders.

    • These drivers will shape the structure of your presentation and help determine your approach to communicating your goals.
    • For example, financial-based presentations that are driven by budget requests might create a sense of urgency or assurance about investment in a security initiative.

    Identify your communication drivers, which can stem from various initiatives and programs, including:

    • Results from internal or external audit reports.
    • Upcoming budget meetings.
    • Briefing newly elected executive stakeholders on security.

    When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.

    Examples of drivers for security presentations

    Audit
    Upcoming internal or external audits might require updates on the organization’s compliance

    Organizational restructuring
    Restructuring within an organization could require security updates

    Merger & Acquisition
    An M&A would trigger presentations on organization’s current and future security posture

    Cyber incident
    A cyberattack would require an immediate presentation on its impact and the incident response plan

    Ad hoc
    Provide security information requested by stakeholders

    1.2. Define your goals for communicating to executives

    After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.

    • Communication drivers are mainly triggers for why you want to present security.
    • Communication goals are the potential outcomes you are hoping to obtain from the presentation.
    • Your communication goals would help identify what data and metrics to include in your presentation, the structure of your communication deck, and how you deliver your communication to executive stakeholders.

    Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.

    • As a group, brainstorm the security goals that align with your business goals for the coming year.
      • Aim to have at least two business goals that align with each security goal.
    • Identify what benefits and value the executive stakeholders will gain from the security goal being presented.
      • E.g. Increased security awareness, updates on organization's security posture.
    • Identify what the ask is for this presentation.
      • E.g. Approval for increasing budget to support security initiatives, executive support to implement internal security programs.

    Info-Tech Insight

    There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.

    Examples of security presentation goals

    Educate
    Educate the board on security trends and/or latest risks in the industry

    Update
    Provide updates on security initiatives, relevant security metrics, and compliance posture

    Inform
    Provide an incident response plan due to a security incident or deliver updates on current threats and risks

    Investment
    Request funding for security investments or financial updates on past security initiatives

    Ad hoc
    Provide security information requested by stakeholders

    Phase 2

    Collect information to support goals

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding what types of data to include in your security presentations
    • Defining where and how to retrieve data

    This phase involves the following participants:

    • Security leader
    • Network/security analyst

    2.1 Identify data to collect

    After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.

    • Leveraging data and analytics will assist in providing quantitative-based communication, which will result in a more meaningful and effective presentation.
    • The data presented will showcase the visibility of an organization’s security posture along with potential risks and figures on how to mitigate those risks.
    • Providing analysis of the quantitative data presented will also showcase further insights on the figures, allow the audience to better understand the data, and show its relevance to the communication goals.

    Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:

    • Work with your security team to identify the main type of data applicable to the communication goals.
      • E.g. Financial data would be meaningful to use when communicating a budget presentation.
    • Identify supporting data linked to the main data defined.
      • E.g. If a financial investment is made to implement a security initiative, then metrics on improvements to the security posture will be relevant.
    • Show how both the main and supporting data align with the communication goals.
      • E.g. Improvement in security posture would increase alignment with regulation standards, which would result in additional contracts being awarded and increased revenue.

    Info-Tech Insight

    Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.

    Examples of data to present

    Educate
    Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries

    Update
    Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives

    Inform
    Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact

    Investment
    Capital and operating expenditure for investment; ROI on past and future security initiatives

    Ad hoc
    Number of security initiatives that went over budget; phishing test campaign results

    2.2 Plan how to retrieve the data

    Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.

    • Most of the data leveraged for security presentations are structured data, which are highly organized data that are often stored in a relational and easily searchable database.
      • This includes security log reports or expenditures for ongoing and future security investments.
    • Retrieving the data, however, would require collaboration and cooperation from different team members.
    • You would need to work with the security team and other appropriate stakeholders to identify where the data is stored and who the data owner is.

    Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation

    • This could include using queries to retrieve the relevant information needed (e.g. SQL, Microsoft Excel).
    • Verify the accuracy and relevance of the data with other stakeholders to ensure it is the most appropriate data to be presented to the executive stakeholders.

    Info-Tech Insight

    Using a data-driven approach to help support your objectives is key to engaging with your audience.

    Plan where to retrieve the data

    Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.

    Examples of where to retrieve your data

    Data Source

    Data

    Data Owner

    Communication Goal

    Audit & Compliance Reports

    Percentage of controls completed to be certified with ISO 27001; Number of security threats & risks identified.

    Audit Manager;

    Compliance Manager;

    Security Leader

    Ad hoc, Educate, Inform

    Identity & Access Management (IAM) Applications

    Number of privileged accounts/department; Percentage of user accounts with MFA applied

    Network/Security Analyst

    Ad hoc, Inform, Update

    Security Information & Event Management (SIEM)

    Number of attacks detected and blocked before & after implementing endpoint security; Percentage of firewall rules that triggered a false positive

    Network/Security Analyst

    Ad hoc, Inform, Update

    Vulnerability Management Applications

    Percentage of critical vulnerabilities patched; Number of endpoints encrypted

    Network/Security Analyst

    Ad hoc, Inform, Update

    Financial & Accounting Software

    Capital & operating expenditure for future security investments; Return on investment (ROI) on past and current security investments

    Financial and/or Accounting Manager

    Ad hoc, Educate, Investments

    Phase 3

    Develop communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a communication strategy for presenting security
    • Identifying security templates that are applicable to your presentation

    This phase involves the following participants:

    • Security leader

    3.1 Plan communication: Know who your audience is

    • When preparing your communication, it's important to understand who your target audience is and to conduct background research on them.
    • This will help develop your communication style and ensure your presentation caters to the expected audience in the room.

    Examples of two profiles in a boardroom

    Formal board of directors

    The executive team

    • In the private sector, this will include an appointed board of shareholders and subcommittees external to the organization.
    • In the public sector, this can include councils, commissions, or the executive team itself.
    • In government, this can include mayors, ministers, and governors.
    • The board’s overall responsibility is governance.
    • This audience will include your boss and your peers internal to the organization.
    • This category is primarily involved in the day-to-day operations of the organization and is responsible for carrying out the strategic direction set by the board.
    • The executive team’s overall responsibility is operations.

    3.1.1 Know what your audience cares about

    • Understanding what your executive stakeholders value will equip you with the right information to include in your presentations.
    • Ensure you conduct background research on your audience to assist you in knowing what their potential interests are.
    • Your background research could include:
      • Researching the audience’s professional background through LinkedIn.
      • Reviewing their comments from past executive meetings.
      • Researching current security trends that align with organizational goals.
    • Once the values and risks have been identified, you can document them in notes and share the notes with subject matter experts to verify if these values and risks should be shared in the coming meetings.

    A board’s purpose can include the following:

    • Sustaining and expanding the organization’s purpose and ability to execute in a competitive market.
    • Determining and funding the organization’s future and direction.
    • Protecting and increasing shareholder value.
    • Protecting the company’s exposure to risks.

    Examples of potential values and risks

    • Business impact
    • Financial impact
    • Security and incidents

    Info-Tech Insight
    Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.

    Understand your audience’s concerns

    • Along with knowing what your audience values and cares about, understanding their main concerns will allow you to address those items or align them with your communication.
    • By treating your executive stakeholders as your project sponsors, you would build a level of trust and confidence with your peers as the first step to tackling their concerns.
    • These concerns can be derived from past stakeholder meetings, recent trends in the industry, or strategic business alignments.
    • After capturing their concerns, you’ll be equipped with the necessary understanding on what material to include and prioritize during your presentations.

    Examples of potential concerns for each profile of executive stakeholders

    Formal board of directors

    The executive team

    • Business impact (What is the impact of IT in solving business challenges?)
    • Investments (How will it impact organization’s finances and efficiency?)
    • Cybersecurity and risk (What are the top cybersecurity risks, and how is IT mitigating those risks to the business?)
    • Business alignment (How do IT priorities align to the business strategy and goals?)
    • IT operational efficiency (How is IT set up for success with foundational elements of IT’s operational strategy?)
    • Innovation & transformation priorities (How is IT enabling the organization’s competitive advantage and supporting transformation efforts as a strategic business partner?)

    Build your presentation to tackle their main concerns

    Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.

    Checklist:

    • Research your target audience (their backgrounds, board composition, dynamics, executive team vs. external group).
    • Include value and risk language in your presentation to appeal to your audience.
    • Ensure your content focuses on one or more of the board’s main concerns with security (e.g. business impact, investments, or risk).
    • Include information about what is in it for them and the organization.
    • Research your board’s composition and skillsets to determine their level of technical knowledge and expertise. This helps craft your presentation with the right amount of technology vs. business-facing information.

    Info-Tech Insight
    The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.

    3.1.2 Take your audience through a security journey

    • Once you have defined your intended target and their potential concerns, developing the communication through a storytelling approach will be the next step to help build a compelling presentation.
    • You need to help your executive stakeholders make sense of the information being conveyed and allow them to understand the importance of cybersecurity.
    • Taking your audience through a story will allow them to see the value of the information being presented and better resonate with its message.
    • You can derive insights for your storytelling presentation by doing the following:
      • Provide a business case scenario on the topic you are presenting.
      • Identify and communicate the business problem up front and answer the three questions (why, what, how).
      • Quantify the problems in terms of business impact (money, risk, value).

    Info-Tech Insight
    Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.

    Identify the purpose of your presentation

    You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.

    Examples of communication goals

    To inform or educate

    To reach a decision

    • In this presentation type, it is easy for IT leaders to overwhelm a board with excessive or irrelevant information.
    • Focus your content on the business problem and the solution proposed.
    • Refrain from too much detail about the technology – focus on business impact and risk mitigated. Ask for feedback if applicable.
    • In this presentation type, there is a clear ask and an action required from the board of directors.
    • Be clear about what this decision is. Once again, don’t lead with the technology solution: Start with the business problem you are solving, and only talk about technology as the solution if time permits.
    • Ensure you know who votes and how to garner their support.

    Info-Tech Insight
    Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.

    Gather the right information to include in your boardroom presentation

    Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.

    Typical IT boardroom presentations include:

    • Communicating the value of ongoing business technology initiatives.
    • Requesting funds or approval for a business initiative that IT is spearheading.
    • Security incident response/Risk/DRP.
    • Developing a business program or an investment update for an ongoing program.
    • Business technology strategy highlights and impacts.
    • Digital transformation initiatives (value, ROI, risk).

    Info-Tech Insight
    You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.

    Info-Tech Insight
    Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.

    Structure your presentation to tell a logical story

    To build a strong story for your presentation, ensure you answer these three questions:

    WHY

    Why is this a business issue, or why should the executive stakeholders care?

    WHAT

    What is the impact of solving the problem and driving value for the company?

    HOW

    How will we leverage our resources (technology, finances) to solve the problem?

    Examples:

    Scenario 1: The company has experienced a security incident.

    Intent: To inform/educate the board about the security incident.

    WHY

    The data breach has resulted in a loss of customer confidence, negative brand impact, and a reduction in revenue of 30%.

    WHAT

    Financial, legal, and reputational risks identified, and mitigation strategies implemented. IT is working with the PR team on communications. Incident management playbook executed.

    HOW

    An analysis of vulnerabilities was conducted and steps to address are in effect. Recovery steps are 90% completed. Incident management program reviewed for future incidents.

    Scenario 2: Security is recommending investments based on strategic priorities.

    Intent: To reach a decision with the board – approve investment proposal.

    WHY

    The new security strategy outlines two key initiatives to improve an organization’s security culture and overall risk posture.

    WHAT

    Security proposed an investment to implement a security training & phishing test campaign, which will assist in reducing data breach risks.

    HOW

    Use 5% of security’s budget to implement security training and phishing test campaigns.

    Time plays a key role in delivering an effective presentation

    What you include in your story will often depend on how much time you have available to deliver the message.

    Consider the following:

    • Presenting to executive stakeholders often means you have a short window of time to deliver your message. The average executive stakeholder presentation is 15 minutes, and this could be cut short due to other unexpected factors.
    • If your presentation is too long, you risk overwhelming or losing your audience. You must factor in the time constraints when building your board presentation.
    • Your executive stakeholders have a wealth of experience and knowledge, which means they could jump to conclusions quickly based on their own experiences. Ensure you give them plenty of background information in advance. Provide your presentation material, a brief, or any other supporting documentation before the meeting to show you are well prepared.
    • Be prepared to have deep conversations about the topic, but respect that the executive stakeholders might not be interested in hearing the tactical information. Build an elevator pitch, a one-pager, back-up slides that support your ask and the story, and be prepared to answer questions within your allotted presentation time to dive deeper.

    Navigating through Q&A

    Use the Q&A portion to build credibility with the board.

    • It is always better to say, “I’m not certain about the answer but will follow up,” than to provide false or inaccurate information on the spot.
    • When asked challenging or irrelevant questions, ensure you have an approach to deflect them. Questions can often be out of scope or difficult to answer in a group. Find what works for you to successfully navigate through these questions:
      • “Let’s work with the sub-committee to find you an answer.”
      • “Let’s take that offline to address in more detail.”
      • “I have some follow-up material I can provide you to discuss that further after our meeting.”
    • And ensure you follow up! Make sure to follow through on your promise to provide information or answers after the meeting. This helps build trust and credibility with the board.

    Info-Tech Insight
    The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.

    Storytelling checklist

    Checklist:

    • Tailor your presentation based on how much time you have.
    • Find out ahead of time how much time you have.
    • Identify if your presentation is to inform/educate or reach a decision.
    • Identify and communicate the business problem up front and answer the three questions (why, what, how).
    • Express the problem in terms of business impact (risk, value, money).
    • Prepare and send pre-meeting collateral to the members of the board and executive team.
    • Include no more than 5-6 slides for your presentation.
    • Factor in Q&A time at the end of your presentation window.
    • Articulate what you want them to think and what you want them to take away – put it right up front and remind them at the end.
    • Have an elevator speech handy – one or two sentences and a one-pager version of your story.
    • Consider how you will build your relationship with the members outside the boardroom.

    3.1.3 Build a compelling communication document

    Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.

    A good slide design increases the likelihood that the audience will read the content carefully.

    • Bad slide structure (flow) = Audience loses focus
      • You can have great content on a slide, but if a busy audience gets confused, they’ll just close the file or lose focus. Structure encompasses horizontal and vertical logic.
    • Good visual design = Audience might read more
      • Readers will probably skim the slides first. If the slides look ugly, they will already have a negative impression. If the slides are visually appealing, they will be more inclined to read carefully. They may even use some slides to show others.
    • Good content + Good structure + Visual appeal = Good presentation
      • A presentation is like a house. Good content is the foundation of the house. Good structure keeps the house strong. Visual appeal differentiates houses.

    Slide design best practices

    Leverage these slide design best practices to assist you in developing eye-catching presentations.

    • Easy to read: Assume reader is tight on time. If a slide looks overwhelming, the reader will close the document.
    • Concise and clear: Fewer words = more skim-able.
    • Memorable: Use graphics and visuals or pithy quotes whenever you can do so appropriately.
    • Horizontal logic: Good horizontal logic will have slide titles that cascade into a story with no holes or gaps.
    • Vertical logic: People usually read from left to right, top to bottom, or in a Z pattern. Make sure your slide has an intuitive flow of content.
    • Aesthetics: People like looking at visually appealing slides, but make sure your attempts to create visual appeal do not detract from the content.

    Your presentation must have a logical flow

    Horizontal logic

    Vertical logic

    • Horizontal logic should tell a story.
    • When slide titles are read in a cascading manner, they will tell a logical and smooth story.
    • Title & tagline = thesis (best insight).
    • Vertical logic should be intuitive.
    • Each step must support the title.
    • The content you intend to include within each slide is directly applicable to the slide title.
    • One main point per slide.

    Vertical logic should be intuitive

    The image contains a screenshot example of a bad design layout for a slide. The image contains a screenshot example of a good design layout for a slide.

    The audience is unsure where to look and in what order.

    The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right.

    Horizontal and vertical logic checklists

    Horizontal logic

    Vertical logic

    • List your slide titles in order and read through them.
    • Good horizontal logic should feel like a story. Incomplete horizontal logic will make you pause or frown.
    • After a self-test, get someone else to do the same exercise with you observing them.
    • Note at which points they pause or frown. Discuss how those points can be improved.
    • Now consider each slide title proposed and the content within it.
    • Identify if there is a disconnect in title vs. content.
    • If there is a disconnect, consider changing the title of the slide to appropriately reflect the content within it, or consider changing the content if the slide title is an intended path in the story.

    Make it easy to read

    The image contains a screenshot that demonstrates an uneasy to read slide. The image contains a screenshot that demonstrates an easy to read slide.
    • Unnecessary coloring makes it hard on the eyes
    • Margins for title at top is too small
    • Content is not skim-able (best to break up the slide)

    Increase skim-ability:

    • Emphasize the subheadings
    • Bold important words

    Make it easier on the eyes:

    • Declutter and add sections
    • Have more white space

    Be concise and clear

    1. Write your thoughts down
      • This gets your content documented.
      • Don’t worry about clarity or concision yet.
    2. Edit for clarity
      • Make sure the key message is very clear.
      • Find your thesis statement.
    3. Edit for concision
      • Remove unnecessary words.
      • Use the active voice, not passive voice (see below for examples).

    Passive voice

    Active voice

    “There are three things to look out for” (8 words)

    “Network security was compromised by hackers” (6 words)

    “Look for these three things” (5 words)

    “Hackers compromised network security” (4 words)

    Be memorable

    The image contains a screenshot of an example that demonstrates a bad example of how to be memorable. The image contains a screenshot of an example that demonstrates a good example of how to be memorable.

    Easy to read, but hard to remember the stats.

    The visuals make it easier to see the size of the problem and make it much more memorable.

    Remember to:

    • Have some kind of visual (e.g. graphs, icons, tables).
    • Divide the content into sections.
    • Have a bit of color on the page.

    Aesthetics

    The image contains a screenshot of an example of bad aesthetics. The image contains a screenshot of an example of good aesthetics.

    This draft slide is just content from the outline document on a slide with no design applied yet.

    • Have some kind of visual (e.g. graphs, icons, tables) as long as it’s appropriate.
    • Divide the content into sections.
    • Have a bit of color on the page.
    • Bold or italicize important text.

    Why use visuals?

    How graphics affect us

    Cognitively

    • Engage our imagination
    • Stimulate the brain
    • Heighten creative thinking
    • Enhance or affect emotions

    Emotionally

    • Enhance comprehension
    • Increase recollection
    • Elevate communication
    • Improve retention

    Visual clues

    • Help decode text
    • Attract attention
    • Increase memory

    Persuasion

    • 43% more effective than text alone
    Source: Management Information Systems Research Center

    Presentation format

    Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.

    • Is there a standard presentation template?
    • Is a hard-copy handout required?
    • Is there a deadline for draft submission?
    • Is there a deadline for final submission?
    • Will the presentation be circulated ahead of time?
    • Do you know what technology you will be using?
    • Have you done a dry run in the meeting room?
    • Do you know the meeting organizer?

    Checklist to build compelling visuals in your presentation

    Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

    Checklist:

    • Do the visuals grab the audience’s attention?
    • Will the visuals mislead the audience/confuse them?
    • Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
    • Do the visuals present information simply, cleanly, and accurately?
    • Do the visuals display the information/data in a concentrated way?
    • Do the visuals illustrate messages and themes from the accompanying text?

    3.2 Security communication templates

    Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck.

    These presentation templates highlight different security topics depending on your communication drivers, goals, and available data.

    Info-Tech has created five security templates to assist you in building a compelling presentation.

    These templates provide support for presentations on the following five topics:

    • Security Initiatives
    • Security & Risk Update
    • Security Metrics
    • Security Incident Response & Recovery
    • Security Funding Request

    Each template provides instructions on how to use it and tips on ensuring the right information is being presented.

    All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking.

    The image contains screenshots of the Security Presentation Templates.

    Download the Security Presentation Templates

    Security template example

    It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.

    Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.

    The image contains a screenshot of the Executive Summary slide. The image contains a screenshot of the Security Goals & Objectives slide.

    The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies.

    This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted.

    Security template example (continued)

    The image contains a screenshot example of the Top Threats & Risks. The image contains a screenshot example of the Top Threats & Risks.

    This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks.

    This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks.

    Security template example (continued)

    The image contains a screenshot example of the slide, Risk Analysis. The image contains a screenshot example of the slide, Risk Mitigation Strategies & Roadmap.

    This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders.

    The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project.

    Phase 4

    Deliver communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a strategy to deliver compelling presentations
    • Ensuring you follow best practices for communicating and obtaining your security goals

    This phase involves the following participants:

    • Security leader

    4.1 Deliver a captivating presentation

    You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.

    Follow these tips to assist you in developing an engaging presentation:

    • Start strong: Give your audience confidence that this will be a good investment of their time. Establish a clear direction for what’s going to be covered and what the desired outcome is.
    • Use your time wisely: Odds are, your audience is busy, and they have many other things on their minds. Be prepared to cover your content in the time allotted and leave sufficient time for discussion and questions.
    • Be flexible while presenting: Do not expect that your presentation will follow the path you have laid out. Anticipate jumping around and spending more or less time than you had planned on a given slide.

    Keep your audience engaged with these steps

    • Be ready with supporting data. Don’t make the mistake of not knowing your content intimately. Be prepared to answer questions on any part of it. Senior executives are experts at finding holes in your data.
    • Know your audience. Who are you presenting to? What are their specific expectations? Are there sensitive topics to be avoided? You can’t be too prepared when it comes to understanding your audience.
    • Keep it simple. Don’t assume that your audience wants to learn the details of your content. Most just want to understand the bottom line, the impact on them, and how they can help. More is not always better.
    • Focus on solving issues. Your audience members have many of their own problems and issues to worry about. If you show them how you can help make their lives easier, you’ll win them over.

    Info-Tech Insight
    Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.

    Be honest and straightforward with your communication

    • Be prepared. Being properly prepared means not only that your update will deliver the value that you expect, but also that you will have confidence and the flexibility you require when you’re taken off track.
    • Don’t sugarcoat it. These are smart, driven people that you are presenting to. It is neither beneficial nor wise to try to fool them. Be open and transparent about problems and issues. Ask for help.
    • No surprises. An executive stakeholder presentation is not the time or the place for a surprise. Issues seen as unexpected or contentious should always be dealt with prior to the meeting with those most impacted.

    Hone presentation skills before meeting with the executive stakeholders

    Know your environment

    Be professional but not boring

    Connect with your audience

    • Your organization has standards for how people are expected to dress at work. Make sure that your attire meets this standard – don’t be underdressed.
    • Think about your audience – would they appreciate you starting with a joke, or do they want you to get to the point as quickly as possible?
    • State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.
    • Present with lots of energy, smile, and use hand gestures to support your speech.
    • Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention on you.
    • Never read from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Checklist for presentation logistics

    Optimize the timing of your presentation:

    • Less is more: Long presentations are detrimental to your cause – they lead to your main points being diluted. Keep your presentation short and concise.
    • Keep information relevant: Only present information that is important to your audience. This includes the information that they are expecting to see and information that connects to the business.
    • Expect delays: Your audience will likely have questions. While it is important to answer each question fully, it will take away from the precious time given to you for your presentation. Expect that you will not get through all the information you have to present.

    Script your presentation:

    • Use a script to stay on track: Script your presentation before the meeting. A script will help you present your information in a concise and structured manner.
    • Develop a second script: Create a script that is about half the length of the first script but still contains the most important points. This will help you prepare for any delays that may arise during the presentation.
    • Prepare for questions: Consider questions that may be asked and script clear and concise answers to each.
    • Practice, practice, practice: Practice your presentation until you no longer need the script in front of you.

    Checklist for presentation logistics (continued)

    Other considerations:

    • After the introduction of your presentation, clearly state the objective – don’t keep people guessing and consequently lose focus on your message.
    • After the presentation is over, document important information that came up. Write it down or you may forget it soon after.
    • Rather than create a long presentation deck full of detailed slides that you plan to skip over during the presentation, create a second, compact deck that contains only the slides you plan to present. Send out the longer deck after the presentation.

    Checklist for delivering a captivating presentation

    Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.

    Checklist:

    • Start with a story or something memorable to break the ice.
    • Go in with the end state in mind (focus on the outcome/end goal and work back from there) – What’s your call to action?
    • Content must compliment your end goal, filter out any content that doesn’t compliment the end goal.
    • Be prepared to have less time to speak. Be prepared with shorter versions of your presentation.
    • Include an appendix with supporting data, but don’t be data heavy in your presentation. Integrate the data into a story. The story should be your focus.

    Checklist for delivering a captivating presentation (continued)

    • Be deliberate in what you want to show your audience.
    • Ensure you have clean slides so the audience can focus on what you’re saying.
    • Practice delivering your content multiple times alone and in front of team members or your Info-Tech counselor, who can provide feedback.
    • How will you handle being derailed? Be prepared with a way to get back on track if you are derailed.
    • Ask for feedback.
    • Record yourself presenting.

    4.2 Obtain and verify support on security goals

    Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.

    • This is your opportunity to open the floor for questions and clarify any information that was conveyed to your audience.
    • Leverage your appendix and other supporting documents to justify your goals.
    • Different approaches to obtaining and verifying your goals could include:
      • Acknowledgment from the audience that information communicated aligns with the business’s goals.
      • Approval of funding requests for security initiatives.
      • Written and verbal support for implementation of security initiatives.
      • Identifying next steps for information to communicate at the next executive stakeholder meeting.

    Info-Tech Insight
    Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.

    Checklist for obtaining and verify support on security goals

    Follow this checklist to assist you in obtaining and verifying your communication goals.

    Checklist:

    • Be clear about follow-up and next steps if applicable.
    • Present before you present: Meet with your executive stakeholders before the meeting to review and discuss your presentation and other supporting material and ensure you have executive/CEO buy-in.
    • “Be humble, but don’t crumble” – demonstrate to the executive stakeholders that you are an expert while admitting you don’t know everything. However, don’t be afraid to provide your POV and defend it if need be. Strike the right balance to ensure the board has confidence in you while building a strong relationship.
    • Prioritize a discussion over a formal presentation. Create an environment where they feel like they are part of the solution.

    Summary of Accomplishment

    Problem Solved

    A better understanding of security communication drivers and goals

    • Understanding the difference between communication drivers and goals
    • Identifying your drivers and goals for security presentation

    A developed a plan for how and where to retrieve data for communication

    • Insights on what type of data can be leveraged to support your communication goals
    • Understanding who you can collaborate with and potential data sources to retrieve data from

    A solidified communication plan with security templates to assist in better presenting to your audience

    • A guideline on how to prepare security presentations to executive stakeholders
    • A list of security templates that can be customized and used for various security presentations

    A defined guideline on how to deliver a captivating presentation to achieve your desired objectives

    • Clear message on best practices for delivering security presentations to executive stakeholders
    • Understanding how to verify your communication goals have been obtained

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Build an Information Security Strategy
    This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.

    Build a Security Metrics Program to Drive Maturity
    This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.

    Bibliography

    Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
    Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
    Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
    Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
    Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
    Carnegie Endowment for International Peace. Web.
    “Chief Information Security Officer Salary.” Salary.com, 2022. Web.
    “CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
    “Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
    “Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
    Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
    Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
    “Global Board Risk Survey.” EY. Web.
    “Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
    “How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
    Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
    Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
    McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
    Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
    Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
    Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
    O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.

    Bibliography

    “Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
    Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
    “Reporting Cybersecurity Risk to the Board of Directors.” Web.
    “Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
    Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
    “The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
    “Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
    Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
    Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
    “Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.

    Research Contributors

    • Fred Donatucci, New-Indy Containerboard, VP, Information Technology
    • Christian Rasmussen, St John Ambulance, Chief Information Officer
    • Stephen Rondeau, ZimVie, SVP, Chief Information Officer

    Design a VIP Experience for Your Service Desk

    • Buy Link or Shortcode: {j2store}480|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • VIPs and executives expect to get immediate service for every IT issue, no matter how minor, and the service desk is constantly in reactive mode trying to quickly resolve these issues.
    • VIPs don’t understand or have input into service desk processes, procedures, and SLAs, especially when it comes to prioritization of their issues over other tickets.
    • The C-suite calls the CIO directly with every issue they have, tying them up and forcing them to redirect resources with little notice.
    • VIP tickets sit in the queue too long without a response or resolution, and VIPs are dissatisfied with the service they receive.

    Our Advice

    Critical Insight

    • Service desk and IT leaders are unclear on VIPs' service delivery expectations or the best support model to meet their needs while continuing to meet SLAs for the rest of the organization.
    • Deploying resources to service VIPs ahead of other users or more critical problems can result in inappropriate prioritization of issues and poor service delivery to the rest of the organization.
    • The reality for most organizations is that VIPs need special treatment; but providing VIP service shouldn’t come at the expense of good service delivery for the rest of the organization.

    Impact and Result

    • Stop being reactive to VIP requests and start planning for them so you can formally define the service and set expectations.
    • Talk to all relevant stakeholders to clarify their expectations before choosing a VIP service delivery model. Once you have designed your model, define and document the VIP service processes and procedures and communicate them to your stakeholders so everyone is clear on what is in and out of scope.
    • Once you’ve launched the service, track and report on key service desk metrics associated with VIP requests so you can properly allocate resources, budget accurately, evaluate the effectiveness of the service and demonstrate it to executives.

    Design a VIP Experience for Your Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design a VIP Experience for Your Service Desk Storyboard – A guide to defining your VIP service desk support model

    Follow the seven steps outlined in this blueprint to design a VIP support model that best suits your organization, then communicate and evaluate the service to ensure it delivers results.

    • Design a VIP Experience for Your Service Desk Storyboard

    2. Service Desk VIP Procedures Template – A customizable template to document your service desk procedures for handling VIP tickets.

    This template is designed to assist with documenting your service desk procedures for handling VIP or executive tickets. It can be adapted and customized to reflect your specific support model and procedures.

    • Service Desk VIP Procedures Template

    3. VIP Support Process Workflow Example – A Visio template to document your process for resolving VIP tickets.

    This Visio template provides an example of a VIP support process, with every step involved in resolving or fulfilling VIP service desk tickets. Use this as an example to follow and a template to document your own process.

    • VIP Support Process Workflow Example

    4. VIP Support Service Communication Template – A customizable PowerPoint template to communicate and market the service to VIP users.

    This template can be customized to use as an executive presentation to communicate and market the service to VIP users and ensure everyone is on the same page.

    • VIP Support Service Communication Template
    [infographic]

    Further reading

    Design a VIP Experience for Your Service Desk

    Keep the C-suite satisfied without sacrificing service to the rest of the organization.

    Analyst Perspective

    Stop being reactive to VIP demands and formalize their service offering.

    Natalie Sansone, PHD

    Natalie Sansone, PHD

    Research Director,
    Infrastructure & Operations
    Info-Tech Research Group

    In a perfect world, executives wouldn’t need any special treatment because the service desk could rapidly resolve every ticket, regardless of the submitter, keeping satisfaction levels high across the board.

    But we know that’s not the case for most organizations. Executives and VIPs demand higher levels of service because the reality in most companies is that their time is worth more. And any IT leader who’s had a VIP complain about their service knows that their voice also carries more weight than that of a regular dissatisfied user.

    That said, most service desks feel strapped for resources and don’t know how to improve service for VIPs without sacrificing service to the rest of the organization.

    The key is to stop being reactive to VIP demands and formalize your VIP service procedures so that you can properly set expectations for the service, monitor and measure it, and continually evaluate it to make changes if necessary.

    A VIP offering doesn’t have to mean a white glove concierge service, either – it could simply mean prioritizing VIP tickets differently. How do you decide which level of service to offer? Start by assessing your specific needs based on demand, gather requirements from relevant stakeholders, choose the right approach to fit your business needs and capabilities, clearly define and document all aspects of the service then communicate it so that everyone is on the same page as to what is in and out of scope, and continually monitor and evaluate the service to make changes and improvements as needed.

    Executive Summary

    Your Challenge

    • VIPs and executives expect to get immediate service for every IT issue, no matter how minor, and the service desk is constantly in reactive mode trying to quickly resolve these issues.
    • VIPs don’t understand or have input into service desk processes, procedures, and SLAs, especially when it comes to prioritization of their issues over other tickets.
    • The C-suite calls the CIO directly with every issue they have, tying them up and forcing them to redirect resources with little notice.
    • VIP tickets sit in the queue too long without a response or resolution, and VIPs are dissatisfied with the service they receive.

    Common Obstacles

    • Service desk and IT leaders are unclear on the expectations that VIPs have for service delivery, or they disagree about the best support model to meet their needs while continuing to meet SLAs for the rest of the organization.
    • Service desk teams with limited resources are unsure how best to allocate those resources to handle VIP tickets in a timely manner.
    • There aren’t enough resources available at the service desk to provide the level of service that VIPs expect for their issues.
    • Deploying resources to service VIPs ahead of other users can result in inappropriate prioritization of issues and poor service delivery to the rest of the organization

    Info-Tech's Approach

    • Stop being reactive to VIP requests and start planning for them so you can formally define the service and set expectations.
    • Talk to all relevant stakeholders to clarify their expectations before choosing a VIP service delivery model.
    • Define and document the VIP service processes and procedures, including exactly what is in and out of scope.
    • Track and report on metrics associated with VIP requests so you can properly allocate resources and budget for the service.
    • Continually evaluate the service to expand, reduce, or redefine it, as necessary.

    Info-Tech Insight

    The reality for most organizations is that VIPs need special treatment. But providing VIP service shouldn’t come at the expense of good service delivery for the rest of the organization. To be successful with your approach, formalize the VIP offering to bring consistency and clear expectations for both users and the IT staff delivering the service.

    Do any of these scenarios sound familiar?

    All these familiar scenarios can occur when the service desk treats VIP issues reactively and doesn’t have a defined, documented, and agreed-upon VIP process in place.
    • A VIP calls because their personal printer isn’t working, but you also have a network issue affecting payroll being able to issue paychecks. The VIP wants their issue fixed immediately despite there being a workaround and a higher priority incident needing resources.
    • The COO calls the CIO after hours about issues they’re having with their email. The CIO immediately deploys a field tech back to the office to help the COO. Once the tech arrives, the COO says the issue could have waited until the morning.
    • The company president wants IT to spend a day at their house setting up their new personal laptop to be able to connect into the office before their vacation tomorrow. It would take away one FTE from an already understaffed service desk.
    • The CEO brings their child’s new iPhone in and asks the service desk if they have time to set it up as a favor today. The service desk manager instructs the T2 apps specialist to drop his other tickets to work on this immediately.
    • Two tickets come in at the same time – one is from an SVP who can’t log in to Teams and has an online meeting in half an hour, and the other is for a department of 10 who can’t access the network. The service desk doesn’t know who to help first.

    Different organizations can take very different approaches to VIP requests

    CASE STUDIES

    Providing VIP support helped this company grow

    Allocating a dedicated VIP technician slowed down service delivery for this company

    Situation

    A SaaS company looking to build and scale its services and customers decided to set up a VIP support program, which involved giving their most valuable customers white glove treatment to ensure they had a great experience, became long-term customers, and thus had a positive influence on others to build up the company’s customer base. VIPs were receiving executive-level support with a dedicated person for VIP tickets. The VIPs were happy with the service, but the VIP technician’s regular work was frequently impeded by having to spend most of her time doing white glove activities. The service desk found that in some cases, more critical work was slipping as a result of prioritizing all executive tickets.

    Resolution

    First, they defined who would receive VIP support, then they clearly defined the service, including what VIP support includes, who gets the service, and what their SLAs for service are. They found that the program was an effective way to focus their limited resources on the customers with the highest value potential to increase sales.
    While this model differs from an IT service desk VIP support program, the principles of dedicating resources to provide elevated support to your most important and influential customers for the benefit and growth of the company as a whole remain the same.
    The service desk decided to remove the VIP function. They demonstrated that the cost per contact was too high for dedicated executive support, and reallocating that dedicated technician to the service desk would improve the resolution time of all business incidents and requests. VIPs could still receive prioritized support through the escalation process, but they would contact the regular service desk with their issues. VIPs approved the change, and as a result of removing the dedicated support function, the service desk reduced average incident resolution times by 28% and request fulfillment times by 33%.

    A well-designed and communicated VIP support service can deliver many benefits

    The key to deciding whether a VIP service is right for your organization is to first analyze your needs, match them against your resources, then clearly define and document exactly what is in scope for the service.

    A successfully designed VIP service will lead to:

    • Executives and VIPs can easily contact the service desk and receive exceptional support and customer service from a knowledgeable technician, increasing their trust in the service desk.
    • All service desk tickets are prioritized appropriately and effectively in order to maximize overall ticket resolution and fulfillment times.
    • All users have a clear understanding of how to get in touch with the service desk and expected SLAs for specific ticket types.
    • Critical, business-impacting issues still receive priority service ahead of minor tickets submitted by a VIP.
    • All service desk technicians are clear on processes and procedures for prioritizing and handling VIP tickets.
    • Executives are satisfied with the service they receive and the value that IT provides
    • Reduced VIP downtime, contributing to overall organization productivity and growth.

    A poorly designed or reactive VIP service will lead to:

    • VIPs expect immediate service for non-critical issues, including after-hours.
    • VIPs circumvent the correct process and contact the CIO or service desk manager directly for all their issues.
    • Service desk resources stretched thin, or poor allocation of resources leads to degraded service for the majority of users.
    • More critical business issues are pushed back in order to fix non-critical executive issues.
    • Service desk is not clear how to prioritize tickets and always addresses VIP tickets first regardless of priority.
    • The service desk automatically acts on VIP tickets even when the VIP doesn’t require it or realize they’re getting a different level of service.
    • Non-VIP users are aware of the different service levels and try to request the same priority for their tickets. Support costs are over budget.

    Follow Info-Tech’s approach to design a successful VIP support model

    Follow the seven steps in this blueprint to design a VIP support model that works for your organization:
    1. Understand the support models available, from white glove service to the same service for everyone.
    2. Gather business requirements from all relevant stakeholders.
    3. Based on your business needs, choose the right approach.
    4. Define and document all details of the VIP service offering.
    5. Communicate and market the offering to VIPs so they’re aware of what’s in scope.
    6. Monitor volume and track metrics to evaluate what’s working.
    7. Continually improve or modify the service as needed over time.

    Blueprint deliverables

    The templates listed below are designed to assist you with various stages of this project. This storyboard will direct you when and how to complete them.

    Service Desk VIP Procedures Template

    Use this template to assist with documenting your service desk procedures for handling VIP or executive tickets.

    VIP Support Process Workflow Example

    Use this Visio template to document your process for resolving or fulfilling VIP tickets, from when the ticket is submitted to when it’s closed.

    VIP Support Service Communication Template

    Use this template to customize your executive presentation to communicate and market the service to VIP users.

    Insight Summary

    Key Insight

    The reality for most organizations is that VIPs need special treatment. But providing VIP service shouldn’t be at the expense of good service delivery for the rest of the organization. To be successful with your approach, formalize the VIP offering to bring consistency and clear expectations for both users and the IT staff delivering the service.

    Additional insights:

    Insight 1

    VIP service doesn’t have to mean concierge service. There are different levels and models of VIP support that range in cost and level of service provided. Carefully evaluate your needs and capacity to choose the approach that works best for your organization.

    Insight 2

    This service is for your most valued users, so design it right from the start to ensure their satisfaction. Involve stakeholders from the beginning, incorporate their feedback and requirements, keep them well-informed about the service, and continually collect and act on feedback to deliver the intended value.

    Insight 3

    Intentional, continual monitoring and measurement of the program must be part of your strategy. If your metrics or feedback show that something isn’t working, fix it. If you find that the perceived value isn’t worth the high cost of the program, make changes. Even if everything seems to be working fine, identify ways to improve it or make it more efficient.

    Step 1: Understand the different support models

    Step overview:

    • Understand the support models available, from white glove service to the same service for everyone

    First, define what “VIP support” means in your organization

    VIP support from the service desk usually refers to an elevated level of service (i.e. faster, after-hours, off-site, and/or with more experienced resources) that is provided to those at the executive level of the organization.

    A VIP typically includes executives across the business (e.g. CIO, CEO, CxO, VPs) and sometimes the executive assistants who work directly with them. However, it can also include non-executive-level but critical business roles in some organizations.

    The level of VIP service provided can differ from receiving prioritization in the queue to having a dedicated, full-time technician providing “white glove” service.

    Info-Tech Insight

    You don’t have to use the term “VIP”, as long as you clearly define the terms you are using. Some organizations use the term “VIR” to refer to very important roles rather than people, and some define “critical users” to reflect who should receive prioritized service, for example.

    There are essentially two options for VIP support, but multiple determining factors

    While the details are more specific, your options for VIP support really come down to two: they either receive some kind of enhanced service (either from a dedicated support team or through prioritization from the regular support team) or they don’t. Which option you choose will depend on a wide range of factors, some of which are represented in the diagram below. Factors such as IT budget, size of organization help determine which VIP support model you choose: Enhanced, or the same as everyone else. With enhanced service, you can opt to a dedicated support team or same support team but with prioritized service.

    Option 1: Same service for everyone

    What does it look like?

    VIP tickets are prioritized in the same way as every other ticket – with an assessment by impact and urgency. This allows every ticket to be prioritized appropriately according to how big the impact of the issue is and how quickly it needs to be resolved – regardless of who the submitter is. This means that VIPs with very urgent issues will still receive immediate support, as would a non-VIP user with a critical issue.

    Who is it best suited for?

    • Small organizations and IT teams.
    • Executives don’t want special treatment.
    • Not enough service desk resources or budget to provide prioritized or dedicated VIP service.
    • Service desk is already efficient and meeting SLAs for all requests and incidents.

    Pros

    • Highest level of consistency in service because the same process is followed for all user groups.
    • Ensures that service doesn’t suffer for non-VIP users for teams with a limited number of service desk staff.
    • No additional cost.
    • Potential to argue for more resources if executive service expectations aren’t met.

    Cons

    • Does not work if executives expect or require elevated service regardless of issue type.
    • Potential for increase in management escalations or complaints from dissatisfied executives. Some may end up jumping the queue as a result, which results in unstandardized VIP treatment only for some users.

    Info-Tech Insight

    Don’t design a VIP service solely out of fear that VIPs will be unhappy with the standard level of support the service desk provides. In some cases, it is better to focus your efforts on improving your standard support for everyone rather than only for a small percentage of users, especially if providing that elevated VIP support would further deteriorate service levels for the rest of the organization.

    Option 2: Prioritized service for VIPs

    What does it look like?

    • VIPs still go through the service desk but receive higher priority than non-VIP tickets.
    • Requests from VIP submitters are still evaluated using the standard prioritization matrix but are bumped up in urgency or priority. More critical issues can still take precedence.
    • Existing service desk resources are still used to resolve the request, but requests are just placed closer to the “front of the line.”
    • VIP users are identified in the ticketing system and may have a separate number to call or are routed differently/skip the queue within the ACD/IVR.

    Who is it best suited for?

    • Organizations that want or need to give VIPs expedited or enhanced service, but that don’t have the resources to dedicate to a completely separate VIP service desk team.

    Pros

    • Meets the need of executives for faster service.
    • Balances the need for prioritized service to VIPs while not sacrificing resources to handle most user requests.
    • All tickets still go through a single point of contact to be triaged and monitored by the service desk.
    • Easy to measure and compare performance of VIP service vs. standard service because processes are the same.

    Cons

    • Slight cost associated with implementing changes to phone system if necessary.
    • Makes other users aware that VIPs receive “special treatment” – some may try to jump the queue themselves.
    • May not meet the expectations of some executives who prefer dedicated, face-to-face resources to resolve their issues.

    Info-Tech Insight

    If you’re already informally bumping VIP tickets up the queue, this may be the most appropriate model for you. Bring formalization to your process by clearly defining exactly where VIP tickets fit in your prioritization matrix to ensure they are handled consistently and that VIPs are aware of the process.

    Option 3: Dedicated VIP service

    What does it look like?

    • VIPs contact a dedicated service desk and receive immediate/expedited support, often face to face.
    • Often a separate phone number or point of contact.
    • Similar to concierge service or “white glove” service models.
    • At least one dedicated FTE with good customer service skills and technical knowledge who builds trust with executives.

    Who is it best suited for?

    • Larger enterprises with many VIP users to support, but where VIPs are geographically clustered (as geography sprawls, the cost of the service will spiral).
    • IT organizations with enough resources on the service desk to support a dedicated VIP function.
    • Organizations where executives require immediate, in-person support.

    Pros

    • Most of the time, this model results in the fastest service delivery to executives.
    • Most personal method of delivering support with help often provided in person and from familiar, trusted technicians.
    • Usually leads to the highest level of satisfaction with the service desk from executives.

    Cons

    • Most expensive model; usually requires at least one dedicated, experienced FTE to support and sometimes after-hours support.
    • Essentially two separate service desks; can result in a disconnect between staff.
    • Career path and cross-training opportunities for the dedicated staff may be limited; role can be exhausting.
    • Reporting on the service can be more complicated and tickets are often logged after the fact.
    • If not done well, quality of service can suffer for the rest of the organization.

    Info-Tech Insight

    This type of model is essential in many large enterprises where the success of the company can depend on VIPs having access to dedicated support to minimize downtime as much as possible. However, it also requires the highest level of planning and dedication to get right. Without carefully documented processes and procedures and highly trained staff to support the model, it will fail to deliver the expected benefits.

    Step 2: Capture business needs

    Step overview:

    • Analyze your data and gather requirements to determine whether there is a need for a VIP service.

    Assess current state and metrics

    You can’t define your target state without a clear understanding of your current state. Analyze your ticket data and reports to identify the type and volume of VIP requests the service desk receives and how well you’re able to meet these requests with your current resources and structure.

    Analyze ticket data

    • What volume of tickets are you supporting? How many of those tickets come from VIP users?
    • What is your current resolution time for incidents and requests? How well are you currently meeting SLAs?
    • How quickly are executive/VIP tickets being resolved? How long do they have to wait for a response?
    • How many after-hours requests do you receive?

    Assess resourcing

    • How many users do you support; what percentage of them would be identified as VIP users?
    • How many service desk technicians do you have at each tier?
    • How well are you currently meeting demand? Would you be able to meet demand if you dedicated one or more Tier 2 technicians to VIP support?
    • If you would need to hire additional resources, is there budget to do so?

    Use the data to inform your assessment

    • Do you have a current problem with service delivery to VIPs and/or all users that needs to be addressed by changing the VIP support model?
    • Do you have the demand to support the need for a VIP service?
    • Do you have the resources to support providing VIP service?

    Leverage Info-Tech’s tools to inform your assessment

    Analyze your ticket data and reports to understand how well you’re currently meeting SLAs, your average response and resolution times, and the volume and type of requests you get from VIPs in order to understand the need for changing your current model. If you don’t have the ticket data to inform your assessment, leverage Info-Tech’s Service Desk Ticket Analysis Tool.

    Service Desk Ticket Analysis Tool

    Use this tool to identify trends and patterns in your ticket data. The ticket summary dashboard contains multiple reports analyzing how tickets come in, who requests them, who resolves them, and how long it takes to resolve them.

    If you need help understanding how well your current staff is able to handle your current ticket volume, leverage Info-Tech’s Service Desk Staffing Calculator to analyze demand and ticket volume trends. While not specifically designed to analyze VIP tickets, you could run the assessment separately for VIP volume if you have that data available.

    Service Desk Staffing Calculator

    Use this tool to help you estimate the optimal resource allocation to support your demand over time.

    Engage stakeholders to understand their requirements

    Follow your organization’s requirements gathering process to identify and prioritize stakeholders, conduct stakeholder interviews, and identify, track, and prioritize their requirements and expectations for service delivery.

    Gather requirements from VIP stakeholders

    1. Identify which stakeholders need to be consulted.
    2. Prioritize stakeholders in terms of influence and interest in order to identify who to engage in the requirements gathering process.
    3. Build a plan for gathering the requirements of key stakeholders in terms of VIP service delivery.
    4. Conduct requirements gathering and record the results of each stakeholder interaction.
    5. Analyze and summarize the results to determine the top expectations and requirements for VIP service desk support.

    If your organization does not have a defined requirements gathering process or template, leverage Info-Tech tools and templates:

    The Improve Requirements Gathering blueprint can be adapted from software requirements gathering to service desk.

    The PMO Requirements Gathering Tool can be adapted from interviewing stakeholders on their PMO requirements to service desk requirements.

    Info-Tech Insight

    Don’t guess at what your VIPs need or want – ask them and involve them in the service design. Many IT leaders sacrifice overall service quality to prioritize VIPs, thinking they expect immediate service. However, they later find out that the VIPs just assumed the service they were receiving was the standard service and many of their issues can wait.

    Identify additional challenges and opportunities by collecting perceptions of business users and stakeholders

    Formally measuring perceptions from your end users and key business stakeholders will help to inform your needs and determine how well the service desk is currently meeting demands from both VIP users and the entire user base.

    CIO Business Vision

    Info-Tech's CIO Business Vision program is a low-effort, high-impact program that will give you detailed report cards on the organization’s satisfaction with IT’s core services. Use these insights to understand your key business stakeholders, find out what is important to them, and improve your interactions.

    End User Satisfaction

    Info-Tech’s End User Satisfaction Program helps you measure end-user satisfaction and importance ratings of core IT services, IT communications, and business enablement to help you decide which IT service capabilities need to be addressed to meet the demands of the business.

    Learn more about Info-Tech’s CIO Business Vision or End User Satisfaction Program .

    Step 3: Choose the right approach

    Step overview:

    • Based on your assessment from Step 2, decide on the best way to move forward with your VIP service model.

    Use your assessment results to choose the most appropriate support model

    The table below is a rough guide for how the results of your assessments may line up to the most appropriate model for your organization:

    Example assessment results for: Dedicated service, prioritized service, and same servce based off of the assessment source: Ticket analysis, staffing analysis, or stakeholder.

    Info-Tech Insight

    If you’re in the position of deciding how to improve service to VIPs, it’s unlikely that you will end up choosing the “same service” model. If your data analysis tells you that you are currently meeting every metric target for all users, this may actually indicate that you’re overstaffed at the service desk.

    If you choose a specialized VIP support model, ensure there is a strong, defined need before moving forward

    Do not proceed if:

    • Your decision is purely reactive in response to a perceived need or challenges you’re currently experiencing
    • The demand is coming from a single dissatisfied executive without requirements from other VIPs being collected.
    • Your assessment data does not support the demand for a dedicated VIP function.
    • You don’t have the resources or support required to be successful in the approach.

    Proceed with a VIP model if:

    • You’re prepared to scale and support the model over the long term.
    • Business stakeholders have clearly expressed a need for improved VIP service.
    • Data shows that there is a high volume of urgent requests from VIPs.
    • You have the budget and resources required to support an enhanced VIP service delivery model.

    Step 4: Design the service offering

    Step overview:

    • Define and document all processes, procedures, and responsibilities relevant to the VIP support offering.

    Clearly define the service and eligible users

    Once you’ve decided on the most appropriate model, clearly describe the service and document who is eligible to receive it.

    1. Define exactly what the service is before going into the procedural details. High-level examples to start from are provided below:

    Prioritized Service Model

    When a designated VIP user contacts the service desk with a question, incident, or service request, their ticket will be prioritized over non-VIP tickets following the prioritization matrix. This process has been designed in accordance with business needs and requirements, as defined VIP users have more urgent demands on their time and the impact of downtime is greater as it has the potential to impact the business. However, all tickets, VIP tickets included, must still be prioritized by impact and urgency. Incidents that are more critical will still be resolved before VIP tickets in accordance with the prioritization process.

    Dedicated Service Model

    VIP support is a team of dedicated field technicians available to provide an elevated level of service including deskside support for executives and designated VIP users. VIP users have the ability to contact the VIP support service through a dedicated phone number and will receive expedited ticket handling and resolution by dedicated Tier 2 specialists with experience dealing with executives and their unique needs and requirements. This process has been designed in accordance with business needs and requirements.

    2 Identify VIP-eligible users

    • Define who qualifies as a VIP to receive VIP support or be eligible to contact the dedicated VIP service desk/concierge desk.
    • If other users or EAs can submit tickets on behalf of VIPs, identify those individuals as well.
    • Review the list and cut back if necessary. Less is usually more here, especially when starting out. If everyone is a VIP, then no one is truly a VIP.
    • Identify who maintains ownership over the list of eligible VIP users and how any changes to the list or requests for changes will be handled.
    • Ensure that all VIP-eligible users are clearly identified in the ITSM system.

    Map out the VIP process in a workflow

    Use a visual workflow to document the process for resolving or fulfilling VIP tickets, from when the ticket is submitted to when it gets closed.

    Your workflow should address the following:

    • How should the ticket be prioritized?
    • When are escalations necessary?
    • What happens if a user requests VIP service but is not defined as eligible?
    • Should the user verify that the issue is resolved before the ticket is closed?
    • What automatic notifications or communications need to go out and when?
    • What manual communications or notifications need to be sent out (e.g. when a ticket is escalated or reassigned)?
    VIP Support Process Example.

    Use the VIP Support Process Workflow Example as a template to map out your own process.

    Define and document all VIP processes and procedures

    Clearly describe the service and all related processes and procedures so that both the service delivery team and users are on the same page.

    Define all aspects of the service so that every VIP request will follow the same standardized process and VIPs will have clear expectations for the service they receive. This may include:

    • How VIPs should contact the service desk
    • How VIP tickets will be prioritized
    • SLAs and service expectations for VIP tickets
    • Ticket resolution or fulfillment steps and process
    • Escalation points and contacts
    • After-hours requests process

    If VIP user requests receive enhanced priority, for example, define exactly how those requests should be prioritized using your prioritization matrix. An example is found below and in the Service Desk VIP Procedures Template.

    Prioritization matrix for classification of incidents and requests.

    Use Info-Tech’s Service Desk VIP Procedures Template as a guide

    This template is designed to assist with documenting your service desk procedures for handling VIP or executive tickets. The template is not meant to cover all possible VIP support models but is an example of one support model only. It should be adapted and customized to reflect your specific support model and procedures.

    It includes the following sections:

    1. VIP support description/overview
    2. VIP support entitlement (who is eligible)
    3. Procedures
      • Ticket submission and triage
      • Ticket prioritization
      • SLAs and escalation
      • VIP ticket resolution process
      • After-hours requests
    4. Monitoring and reporting

    Download the Service Desk VIP Procedures Template

    Allocate resources or assign responsibilities specific to VIP support

    Regardless of the support model you choose, you’ll need to be clear on service desk agents’ responsibilities when dealing with VIP users.
    • Clarify the expectations of any service desk agent who will be handling VIP tickets; they should demonstrate excellent customer service skills and expertise, respect for the VIP and the sensitivity of their data, and prompt service.
    • Use a RACI chart to clarify responsibility and accountability for VIP-specific support tasks.
    • If you will be moving to a dedicated VIP support team, clearly define the responsibilities of any new roles or tasks. Sample responsibilities can be found on the right.
    • If you will be changing the role of an existing service desk agent to become focused solely on providing VIP support, clarify how the responsibilities of other service desk agents may change too, if at all.
    • Be clear on expectations of agents for after-hours support, especially if there will be a change to the current service provision.

    Sample responsibilities for a dedicated VIP support technician/specialist may include:

    • Resolve support tickets for all eligible VIP users following established processes and procedures.
    • Provide both onsite and remote support to executives.
    • Quickly and effectively diagnose and resolve technical issues with minimal disruption to the executive team.
    • Establish trust with executives/VIPs by maintaining confidentiality and privacy while providing technical support.
    • Set up, monitor, and support high-priority meetings, conferences, and events.
    • Demonstrate excellent communication and customer service skills when providing support to executives.
    • Coordinate more complex support issues with higher level support staff and track tickets through to resolution when needed.
    • Learn new technology and software ahead of implementation to train and support executive teams for use.
    • Conduct individual or group training as needed to educate on applications or how to best use technology to enhance productivity.
    • Proactively manage, maintain, update, and upgrade end-user devices as needed.

    Configure your ITSM tool to support your processes

    Configure your tool to support your processes, not the other way around.
    • Identify and configure VIP users in the system to ensure that they are easily identifiable in the system (e.g. there may be a symbol beside their name).
    • Configure automations or build ticket templates that would automatically set the urgency or priority of VIP tickets.
    • Configure any business rules or workflows that apply to the VIP support process.
    • Define any automated notifications that need to be sent when a VIP ticket is submitted, assigned, escalated, or resolved (e.g. notify service desk manager or a specific DL).
    • Define metrics and customize dashboards and reports to monitor VIP tickets and measure the success of the VIP service.
    • Configure any SLAs that apply only to VIPs to ensure displayed SLAs are accurate.

    Step 5: Launch the service

    Step overview:

    • Communicate and market the service to all relevant stakeholders so everyone is on the same page as to how it works and what’s in scope.

    Communicate the new or revised service to relevant stakeholders ahead of the launch

    If you did your due diligence, the VIP service launch won’t be a surprise to executives. However, it’s critical to

    continue the engagement and communicate the details of the service well to ensure there are no misperceptions about the

    service when it launches.

    Goals of communicating and marketing the service:

    1. Create awareness and understanding of the purpose of the VIP service and what it means for eligible users.
    2. Solidify commitment and buy-in for the service from all stakeholders.
    3. Ensure that all users know how to access the service and any changes to the way they should interact with the service desk.
    4. Set expectations for new/revised service levels.
    5. Reduce and address any concerns about the change in process.

    Info-Tech Insight

    This step isn’t only for the launch of new services. Even if you’re enhancing or right-sizing an existing VIP service, take the opportunity to market the improvements, remind users of the correct processes, and collect feedback.

    Leverage Info-Tech’s communication template to structure your presentation

    This template can be customized to use as an executive presentation to communicate and market the service to VIP users. It includes:

    • Key takeaways
    • Current-state assessment
    • Requirements gathering and feedback results
    • Objectives for the service
    • Anticipated benefits
    • Service entitlement
    • How the service works
    • Escalations and feedback contacts
    • Timeline of next steps

    Info-Tech Insight

    If you’re launching a dedicated concierge service for VIPs, highlight the exclusivity of the service in your marketing to draw users in. For example, if eligible VIPs get a separate number to call, expedited SLAs, or access to more tenured service desk experts, promote this added value of the service.

    Download the VIP Support Service Communication Template

    Step 6: Monitor and measure

    Step overview:

    • Measure and monitor the success of the program by tracking and reporting on targeted metrics.

    Evaluate and demonstrate the success of the program with key metrics

    Targeted metrics to evaluate the success of the VIP program will be critical to understanding and demonstrating whether the service is delivering the intended value. Track key metrics to:

    • Track if and how well you’re meeting your defined SLAs for VIP support.
    • Measure demand for VIP support (i.e. ticket volume and types of tickets) and evaluate against resource supply to determine whether a staffing adjustment is needed to meet demand.
    • Measure the cost of providing the VIP service in order to report back to executives.
    • Leverage real data to quantitatively demonstrate that you’re providing enhanced service to VIPs if there is an escalation or negative feedback from one individual.
    • Monitor service delivery to non-VIP users to ensure that service to the rest of the organization isn’t impacted by the VIP service
    • Evaluate the types of ticket that are submitted to the VIP service to inform training plans, self-service options, device upgrades, or alternatives to reduce future volume.

    Info-Tech Insight

    If your data definitively shows the VIP offering delivers enhanced service levels, publish these results to business leadership. A successful VIP service is a great accomplishment to market and build credibility for the service desk.

    Tie metrics to critical success factors

    Apart from your regular service desk metrics, identify the top metrics to tie to the key performance indicators of the program’s success factors.

    Sample Critical Success Factors

    • Increased executive satisfaction with the service desk
    • Improved response and resolution times to VIP tickets
    • Demand for the service is matched by supply

    Sample Metrics

    • End-user satisfaction scores on VIP tickets
    • Executive satisfaction with the service desk as measured on a broader annual survey
    • Response and resolution times for VIP tickets
    • Percentage of SLAs met for VIP tickets
    • VIP ticket volume
    • Average speed of answer for VIP calls

    Download Define Service Desk Metrics that Matter and the Service Desk Metrics Workbook for help defining CSFs, KPIs, and key metrics

    Step 7: Continually improve

    Step overview:

    • Continually evaluate the program to identify opportunities for improvement or modifications to the service support model.

    Continually evaluate the service to identify improvements

    Executives are happy, resolution times are on target – now what? Even if everything seems to be working well, never stop monitoring, measuring, and evaluating the service. Not only can metrics change, but there can also always be ways to improve service.

    • Continual improvement should be a mindset – there are always opportunities for improvement, and someone should be responsible for identifying and tracking these opportunities so that they actually get done.
    • Just as you asked for feedback and involvement from VIPs (and their assistants who may submit tickets on their behalf) in designing the service, you should continually collect that feedback and use it to inform improvements to the service.
    • End-user satisfaction surveys, especially broader, more targeted surveys, are also a great source of improvement ideas.
    • Even if end users don’t perceive any need for improvement, IT should still assess how they can make their own processes more efficient or offer alternatives to make delivery easier.

    Download Info-Tech’s Build a Continual Improvement Program blueprint to help you build a process around continual improvement, and use the Continual Improvement Register tool to help you identify and prioritize improvement initiatives.

    Info-Tech Insight

    Don’t limit your continual improvement efforts to the VIP service. Once you’ve successfully elevated the VIP service, look to how you can apply elements of that service to elevate support to the rest of the organization. For example, through providing a roaming service desk, a concierge desk, a Genius-Bar-style walk-in service, etc.

    Expand, reduce, or modify as needed

    Don’t stop with a one-time program evaluation. Continually use your metrics to evaluate whether the service offering needs to change to better suit the needs of your executives and organization. It may be fine as is, or you may find you need to do one of the following:

    Expand

    • If the service offering has been successful and/or your data shows underuse of VIP-dedicated resources, you may be able to expand the offering to identify additional roles as VIP-eligible.
    • Be cautious not to expand the service too widely; not only should it feel exclusive to VIPs, but you need to be able to support it.
    • Also consider whether elements that have been successful in the VIP program (e.g. a concierge desk, after-hours support) should be expanded to be offered to non-VIPs.

    Reduce

    • If VIPs are not using the service as much as anticipated or data shows supply outweighs demand, you may consider scaling back the service to save costs and resources.
    • However, be careful in how you approach this – it shouldn’t negatively impact service to existing users.
    • Rather, evaluate costly services like after-hours support and whether it’s necessary based on demand, adjust SLAs if needed, or reallocate service desk resources or responsibilities. For example, if demand doesn’t justify a dedicated service desk technician, either add non-VIP tasks to their responsibilities or consider moving to a prioritized model.

    Modify

    • The support model doesn’t need to be set in stone. If elements aren’t working, change them! If the entire support model isn’t working, reevaluate if it’s the best model for your organization.
    • Don’t make decisions in a vacuum, though. Just as executives were involved in decision-making at the outset, continually gather their feedback and use it to inform the service design.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Build a Continual Improvement Plan

    This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.

    Deliver a Customer Service Training Program to Your IT Department

    This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery, and increase customer satisfaction.

    Works Cited

    Munger, Nate. “Why You Should Provide VIP Customer Support.” Intercom, 13 Jan. 2016. Accessed Jan. 2023.

    Ogilvie, Ryan. “We Did Away With VIP Support and Got More Efficient.” HDI, 17 Sep. 2020. Accessed Jan. 2023.

    The First 100 Days as CISO

    • Buy Link or Shortcode: {j2store}248|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 50 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Make a good first impression at your new job.
    • Obtain guidance on how you should approach the first 100 days.
    • Assess the current state of the security program and recommend areas of improvement and possible solutions.
    • Develop a high-level security strategy in three months.

    Our Advice

    Critical Insight

    • Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
    • Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
    • Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.

    Impact and Result

    • Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
    • Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
    • Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
    • Deliver an executive presentation that shows key findings obtained from your security evaluation.

    The First 100 Days as CISO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a CISO is a crucial time to be strategic. Review Info-Tech’s methodology and discover our five-step approach to CISO success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Review previous communications to prepare for your first day.

    • CISO Diary
    • Introduction Sheet

    2. Build relationships

    Understand how the business operates and develop meaningful relationships with your sphere of influence.

    3. Inventory components of the business

    Inventory company assets to know what to protect.

    4. Assess security posture

    Evaluate the security posture of the organization by leveraging Info-Tech’s IT Security diagnostic program.

    • Diagnostic Benchmarks: Security Governance & Management Scorecard
    • Diagnostic Benchmarks: Security Business Satisfaction Report

    5. Deliver plan

    Communicate your security vision to business stakeholders.

    • The First 100 Days as CISO Executive Presentation Template
    • The First 100 Days as CISO Executive Presentation Example
    [infographic]

    Get really good at resilience

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    Why be resilient?

    Well, your clients demand it. And it makes business sense; it is much cheaper to retain a client than to acquire new ones. By all means, always expand your client base; just don't make it a zero-sum game by losing clients because you cannot provide decent service. 

    Although the term has existed since the 17th century, it has only received legal attention since 2020. Now, several years later, the EU and the US require companies to prove their resilience.

    To understand what resilience is, please read our article on resilience

    What does it take to become really good at IT resilience?

    IT Resilience is a mindset, a collection of techniques, and people management focused on providing consistent service to clients, all rolled into one discipline. While we discuss IT resilience, it takes more than IT staff or IT processes to become a truly resilient business.

    Here are 10 themes relevant the (IT) resilient organization:

    Transparent culture

    A transparent company culture empowers its people to act confidently, respond swiftly to challenges, and continuously learn and improve. This builds a strong foundation for resilience, enabling the organization to navigate disruption or adversity much more easily.

    At its core, transparency is about open communication, sharing information, and fostering a culture of honesty and trust. These traits directly influence the various aspects of resilience.

    Client service focus

    A client service focus isn't just about customer satisfaction; it's an integral part of a company's resilience strategy. Service stability and continuous value delivery are the elements that retain existing clients and attract new ones through reputation.  System outages, slowdowns, and errors lead to client frustration and erode confidence. In other words, client service focuses on making sure you are available. Once you have that, then you can look at enhancing and expanding services and products. 

    Resilient systems and processes often also include tools and capabilities for proactive communication with clients. This can include automated notifications during system maintenance or updates, providing transparency and minimizing inconvenience. A proactive approach to communication creates a sense of partnership, and it demonstrates that you value your clients' time and business.

    Adaptability

    Adaptable systems and processes give you the flexibility for rapid incident response and easy workarounds, bringing your service back to the level it is supposed to be at.

    In the bigger picture, when you design your systems for flexibility and modification, you can rapidly adjust to new market conditions, evolving customer demands, and technological advancements. This agility allows you to pivot swiftly, seizing opportunities while mitigating risks.

    In the same vein, adaptable processes, fostered by a culture of continuous improvement and open communication, empower teams to innovate and refine workflows in response to challenges. This constant evolution ensures the company remains competitive and aligned with its ever-changing environment.

    Robust change management

    When you establish standardized procedures for planning, testing, and implementing changes, IT change management ensures that every modification, no matter how seemingly small, is carefully considered and assessed for its impact on the broader IT ecosystem. This structured approach significantly reduces the risk of unexpected side effects, unforeseen conflicts, and costly downtime, protecting the company's operations and its reputation.

    It does not have to be a burdensome bureaucratic process. Modern processes and tools take the sting out of these controls. Many actions within change management can be automated without losing oversight by both the IT custodians and the business process owners.

    Redundancy and fault tolerance

    By having duplicates of essential components or systems in place, you ensure that even if one part fails, another is ready to take over. This helps you minimize the impact of unexpected events like hardware issues, software glitches, or other unforeseen problems. This might mean replicating critical policy data across multiple servers or data centers in different locations.

    Fault tolerance is all about your systems and processes being able to keep working even when facing challenges. By designing your software and systems architecture with fault tolerance in mind, you are sure it can gracefully handle errors and failures, preventing those small problems from causing bigger issues, outages, and unhappy clients.

    Security

    Clients entrust you with valuable information. Demonstrating a commitment to data security through resilient systems builds trust and provides reassurance that their data is safeguarded against breaches and unauthorized access.

    Monitoring and alerting

    Trusting that all working is good. making sure is better.  When you observe your systems and receive timely notifications when something seems off, you'll be able to address issues before they snowball into real problems. 

    In any industry, monitoring helps you keep an eye on crucial performance metrics, resource usage, and system health. You'll get insights into how your systems behave, allowing you to identify bottlenecks or potential points of failure before they cause serious problems. And with a well-tuned alerting system, you'll get those critical notifications when something requires immediate attention. This gives you the chance to respond quickly, minimize downtime, and keep things running smoothly for your customers.

    Monitoring is also all about business metrics. Keep your service chains running smoothly and understand the ebb and flow of when clients access your services. Then update and enhance in line with what you see happening. 

    Incident response processes

    Well-thought-out plans and processes are key. Work with your incident managers, developers, suppliers, business staff and product owners and build an embedded method for reacting to incidents. 

    The key is to limit the time of the service interruption. Not everything needs to be handled immediately, so your plan must be clear on how to react to important vs lower-priority incidents. Making the plan and process well-known in the company helps everybody and keeps the calm.

    Embedded business continuity

    Business continuity planning anticipates and prepares for various scenarios, allowing your company to adapt and maintain essential functions even in the face of unexpected disruptions.

    When you proactively address these non-IT aspects of recovery, you build resilience that goes beyond simply restoring technology. It enables you to maintain customer relationships, meet contractual obligations, and safeguard your reputation, even in the face of significant challenges.

    Business continuity is not about prevention; it is about knowing what to do when bad things happen that may threaten your company in a more existential way or when you face issues like a power outage in your building, a pandemic, major road works rendering your business unreachable and such events.

    Effective disaster recovery  

    Disaster recovery is your lifeline when the worst happens. Whether it's a major cyberattack, a natural disaster, or a catastrophic hardware failure, a solid disaster recovery plan ensures your business doesn't sink. It's your strategy to get those critical systems back online and your data restored as quickly as possible.

    Think of it this way: disaster recovery, just like business continuity, isn't about preventing bad things from happening; it's about being prepared to bounce back when they do. It's like having a spare tire in your car - you hope you never need it, but if you get a flat, you're not stranded. With a well-tested disaster recovery plan, you can minimize downtime, reduce data loss, and keep your operations running even in the face of the unexpected. That translates to happier customers, protected revenue, and a reputation for reliability even amidst chaos.

    Conclusion

    Resilience is the result of a well-conducted orchestra. Many disciplines come together to help you service your clients in a consistent way.

    The operational lifeline of your company and the reason it exists in the first place is to provide your clients with what they need, when they need it, and be able to command a good price for it. And that will keep your shareholders happy as well.

    In Case Of Emergency...

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    1. Get people to safety efficiently by following the floor warden's information and get out if needed
      If there are no floor wardens, YOU take the initiative and alert people. Vacate the premises if you suspect danger.
      Err on the side of caution. Nobody ever got fired over keeping people safe.
    2. Get people to safety (yes! double check this)
    3. Check what is happening
    4. Stop the bleeding
    5. Check what you broke while stopping the bleeding
    6. Check if you need to go into DR mode
    7. Go into DR mode if that is the fastest way to restore the service
    8. Only now start to look deeper

    Notice what is missing in this list?

    • WHY did this happen?
    • WHO did what

    During the first reactions to an event, stick to the facts of what is happening and the symptoms. If the symptoms are bad, attend to people first, no matter the financial losses occurring.
    Remember that financial losses are typically insured. Human life is not. Only loss of income and ability to pay is insured! Not the person's life.

    The WHY, HOW, WHO and other root cause questions are asked in the aftermath of the incident and after you have stabilized the situation.
    In ITIL terms, those are Problem Management and Root Cause Analysis stage questions.

     

     

     

    Management, incident, reaction, emergency

    Stabilize Release and Deployment Management

    • Buy Link or Shortcode: {j2store}453|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $38,699 Average $ Saved
    • member rating average days saved: 37 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Lack of control over the release process, poor collaboration between teams, and manual deployments lead to poor quality releases at a cost to the business.

    Our Advice

    Critical Insight

    • Manage risk. Release management should stabilize the IT environment. A poorly designed release can take down the whole business. Rushing releases out the door leads to increased risk for the business.
    • Quality processes are key. Standardized process will enable your release and deployment management teams to have a framework to deploy new releases with minimal chance of costly downtime further down the production chain.
    • Business must own the process. Release managers need oversight of the business to remain good stewards of the release management process.

    Impact and Result

    • Be prepared with a release management policy. With vulnerabilities discovered and published at an alarming pace, organizations have to build a plan to address and fix them quickly. A detailed release and patch policy should map out all the logistics of the deployment in advance, so that when necessary, teams can handle rollouts like a well-oiled machine.
    • Automate your software deployment and patch management strategy. Replace tedious and time-consuming manual processes with the use of automated release and patch management tools. Some organizations have a variety of release tools for various tasks and processes to ensure all or most of the required processes are covered across a diverse development environment.
    • Test deployments and monitor your releases. Larger organizations may have the luxury of a test environment prior to deployment, but that may be cost prohibitive for smaller organizations. If resources are a constraint, roll out the patch gradually and closely monitor performance to be able to quickly revert in the event of an issue.

    Stabilize Release and Deployment Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should control and stabilize your release and deployment management practice while improving the quality of releases and deployments, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Analyze current state

    Begin improving release management by assessing the current state and gaining a solid understanding of how core operational processes are actually functioning within the organization.

    • Stabilize Release and Deployment Management – Phase 1: Analyze Current State
    • Release Management Maturity Assessment
    • Release Management Project Roadmap Tool
    • Release Management Workflow Library (Visio)
    • Release Management Workflow Library (PDF)
    • Release Management Standard Operating Procedure
    • Patch Management Policy
    • Release Management Policy
    • Release Management Deployment Tracker
    • Release Management Build Procedure Template

    2. Plan releases and deployments

    Plan releases to gather all the pieces in one place and define what, why, when, and how a release will happen.

    • Stabilize Release and Deployment Management – Phase 2: Release and Deployment Planning

    3. Build, test, deploy

    Take a holistic and comprehensive approach to effectively designing and building releases. Get everything right the first time.

    • Stabilize Release and Deployment Management – Phase 3: Build, Test, Deploy

    4. Measure, manage, improve

    Determine desired goals for release management to ensure both IT and the business see the benefits of implementation.

    • Stabilize Release and Deployment Management – Phase 4: Measure, Manage, Improve
    [infographic]

    Workshop: Stabilize Release and Deployment Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze Current State

    The Purpose

    Release management improvement begins with assessment of the current state.

    Key Benefits Achieved

    A solid understanding of how core operational processes are actually functioning within the organization.

    Activities

    1.1 Evaluate process maturity.

    1.2 Assess release management challenges.

    1.3 Define roles and responsibilities.

    1.4 Review and rightsize existing policy suite.

    Outputs

    Maturity Assessment

    Release Management Policy

    Release Management Standard Operating Procedure

    Patch Management Policy

    2 Release Management Planning

    The Purpose

    In simple terms, release planning puts all the pertinent pieces in one place.

    Key Benefits Achieved

    It defines the what, why, when, and how a release will happen.

    Activities

    2.1 Design target state release planning process.

    2.2 Define, bundle, and categorize releases.

    2.3 Standardize deployment plans and models.

    Outputs

    Release Planning Workflow

    Categorization and prioritization schemes

    Deployment models aligned to release types

    3 Build, Test, and Deploy

    The Purpose

    Take a holistic and comprehensive approach to effectively designing and building releases.

    Key Benefits Achieved

    Standardize build and test procedures to begin to drive consistency.

    Activities

    3.1 Standardize build procedures for deployments.

    3.2 Standardize test plans aligned to release types.

    Outputs

    Build procedure for hardware and software releases

    Test models aligned to deployment models

    4 Measure, Manage, and Improve

    The Purpose

    Determine and define the desired goals for release management as a whole.

    Key Benefits Achieved

    Agree to key metrics and success criteria to start tracking progress and establish a post-deployment review process to promote continual improvement.

    Activities

    4.1 Determine key metrics to track progress.

    4.2 Establish a post-deployment review process.

    4.3 Understand and define continual improvement drivers.

    Outputs

    List of metrics and goals

    Post-deployment validation checklist

    Project roadmap

    Perform an Agile Skills Assessment

    • Buy Link or Shortcode: {j2store}153|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $32,166 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is trying to address the key delivery challenges you are facing. Early experiments with Agile are starting to bear fruit.
    • As part of maturing your Agile practice, you want to evaluate if you have the right skills and capabilities in place.

    Our Advice

    Critical Insight

    • Focusing on the non-technical skills can yield significant returns for your products, your team, and your organization. These skills are what should be considered as the real Agile skills.

    Impact and Result

    • Define the skills and values that are important to your organization to be successful at being Agile.
    • Put together a standard criterion for measurement of the attainment of given skills.
    • Define the roadmap and communication plan around your agile assessment.

    Perform an Agile Skills Assessment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should perform an agile skills assessment. review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of the Agile skills and values important to you

    Confirm the list of Agile skills that you wish to measure.

    • Perform an Agile Skills Assessment – Phase 1: Take Stock of the Agile Skills and Values Important to You
    • Agile Skills Assessment Tool
    • Agile Skills Assessment Tool Example

    2. Define an assessment method that works for you

    Define what it means to attain specific agile skills through a defined ascension path of proficiency levels, and standardized skill expectations.

    • Perform an Agile Skills Assessment – Phase 2: Define an Assessment Method That Works for You

    3. Plan to assess your team

    Determine the roll-out and communication plan that suits your organization.

    • Perform an Agile Skills Assessment – Phase 3: Plan to Assess Your Team
    • Agile Skills Assessment Communication and Roadmap Plan
    • Agile Skills Assessment Communication and Roadmap Plan Example
    [infographic]

    Workshop: Perform an Agile Skills Assessment

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Agile Skills and Maturity Levels

    The Purpose

    Learn about and define the Agile skills that are important to your organization.

    Define the different levels of attainment when it comes to your Agile skills.

    Define the standards on a per-role basis.

    Key Benefits Achieved

    Get a clear view of the Agile skills important into meet your Agile transformation goals in alignment with organizational objectives.

    Set a clear standard for what it means to meet your organizational standards for Agile skills.

    Activities

    1.1 Review and update the Agile skills relevant to your organization.

    1.2 Define your Agile proficiency levels to evaluate attainment of each skill.

    1.3 Define your Agile team roles.

    1.4 Define common experience levels for your Agile roles.

    1.5 Define the skill expectations for each Agile role.

    Outputs

    A list of Agile skills that are consistent with your Agile transformation

    A list of proficiency levels to be used during your Agile skills assessment

    A confirmed list of roles that you wish to measure on your Agile teams

    A list of experience levels common to Agile team roles (example: Junior, Intermediate, Senior)

    Define the skill expectations for each Agile role

    Develop a Project Portfolio Management Strategy

    • Buy Link or Shortcode: {j2store}331|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $111,064 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • As an IT leader, you oversee a project environment in which the organizational demand for new products, services, and enhancements far outweighs IT’s resource capacity to adequately deliver on everything.
    • As a result, project throughput suffers. IT starts a lot of projects, but has constant difficulties delivering the bulk of them on time, on budget, in scope, and of high quality. What’s more, many of the projects that consume IT’s time are of questionable value to the business.
    • You need a project portfolio management (PPM) strategy to help bring order to IT’s project activity. With the right PPM strategy, you can ensure that you’re driving the throughput of the best projects and maximizing stakeholder satisfaction with IT.

    Our Advice

    Critical Insight

    • IT leaders commonly conflate PPM and project management, falsely believing that they already have a PPM strategy via their project management playbook. While the tactical focus of project management can help ensure that individual projects are effectively planned, executed, and closed, it is no supplement for the insight into “the big picture” that a PPM strategy can provide.
    • Many organizations falter at PPM by mistaking a set of processes for a strategy. While processes are no doubt important, without an end in mind – such as that provided by a deliberate strategy – they inevitably devolve into inertia or confusion.
    • Executive layer buy-in is a critical prerequisite for the success of a PPM strategy. Without it, any efforts to reconcile supply and demand, and improve the strategic value of IT’s project activity, could be quashed by irresponsible, non-compliant stakeholders.

    Impact and Result

    • Manage the portfolio as more than just the sum of its parts. Create a coherent strategy to maximize the sum of values that projects deliver as a whole – as a project portfolio, rather than a collection of individual projects.
    • Get to value early. Info-Tech’s methodology tackles one of PPM’s most pressing challenges upfront by helping you to articulate a strategy and get executive buy-in for it before you define your process goals. When senior management understands why a PPM strategy is necessary and of value to them, the path to implementation is much more stable.
    • Create PPM processes you can sustain. Translate your PPM strategy into specific, tangible near-term and long-term goals, which are realized through a suite of project portfolio management processes tailored to your organization and its culture.

    Develop a Project Portfolio Management Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a project portfolio management strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a Project Portfolio Management Strategy – Executive Brief
    • Develop a Project Portfolio Management Strategy – Phases 1-3

    1. Get executive buy-in for your PPM strategy

    Choose the right PPM strategy for your organization and get executive buy-in before you start to set PPM process goals.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy
    • PPM High-Level Supply-Demand Calculator
    • PPM Strategic Plan Template
    • PPM Strategy-Process Goals Translation Matrix Template

    2. Align PPM processes to your strategic goals

    Use the advice and tools in this phase to align the PPM processes that make up the infrastructure around projects with your new PPM strategy.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals
    • PPM Strategy Development Tool

    3. Complete your PPM strategic plan

    Refine your PPM strategic plan with inputs from the previous phases by adding a cost-benefit analysis and PPM tool recommendation.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan
    • Project Portfolio Analyst / PMO Analyst
    [infographic]

    Workshop: Develop a Project Portfolio Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Get Executive Buy-In for Your PPM Strategy

    The Purpose

    Choose the right PPM strategy for your organization and ensure executive buy-in.

    Set process goals to address PPM strategic expectations and steer the PPM strategic plan.

    Key Benefits Achieved

    A right-sized PPM strategy complete with executive buy-in for it.

    A prioritized list of PPM process goals.

    Activities

    1.1 Assess leadership mandate.

    1.2 Determine potential resource capacity.

    1.3 Create a project inventory.

    1.4 Prepare to communicate your PPM strategy to key stakeholders.

    1.5 Translate each strategic goal into process goals.

    1.6 Set metrics and preliminary targets for PPM process goals.

    Outputs

    Choice of PPM strategy and the leadership mandate

    Analysis of current project capacity

    Analysis of current project demand

    PPM Strategic Plan – Executive Brief

    PPM strategy-aligned process goals

    Metrics and long-term targets for PPM process goals

    2 Align PPM Processes to Your Strategic Goals

    The Purpose

    Examine your current-state PPM processes and create a high-level description of the target-state process for each of the five PPM processes within Info-Tech’s PPM framework.

    Build a sound business case for implementing the new PPM strategy by documenting roles and responsibilities for key PPM activities as well as the time costs associated with them.

    Key Benefits Achieved

    Near-term and long-term goals as well as an organizationally specific wireframe for your PPM processes.

    Time cost assumptions for your proposed processes to ensure sustainability.

    Activities

    2.1 Develop and refine the project intake, prioritization, and approval process.

    2.2 Develop and refine the resource management process.

    2.3 Develop and refine the portfolio reporting process.

    2.4 Develop and refine the project closure process

    2.5 Develop and refine the benefits realization process.

    Outputs

    Process capability level

    Current-state PPM process description

    Retrospective examination of the current-state PPM process

    Action items to achieve the target states

    Time cost of the process at current and target states

    3 Complete Your PPM Strategic Plan

    The Purpose

    Perform a PPM tool analysis in order to determine the right tool to support your processes.

    Estimate the total cost-in-use of managing the project portfolio, as well as the estimated benefits of an optimized PPM strategy.

    Key Benefits Achieved

    A right-sized tool selection to help support your PPM strategy.

    A PPM strategy cost-benefit analysis.

    Activities

    3.1 Right-size the PPM tools for your processes.

    3.2 Conduct a cost-benefit analysis of implementing the new PPM strategy.

    3.3 Define roles and responsibilities for the new processes.

    3.4 Refine and consolidate the near-term action items into a cohesive plan.

    Outputs

    Recommendation for a PPM tool

    Cost-benefit analysis

    Roles and responsibilities matrix for each PPM process

    An implementation timeline for your PPM strategy

    Further reading

    Develop a Project Portfolio Management Strategy

    Drive IT project throughput by throttling resource capacity.

    Analyst Perspective

    “Tactics without strategy is the noise before defeat.” – Sun Tzŭ

    "Organizations typically come to project portfolio management (PPM) with at least one of two misconceptions: (1) that PPM is synonymous with project management and (2) that a collection of PPM processes constitutes a PPM strategy.

    Both foundations are faulty: project management and PPM are separate disciplines with distinct goals and processes, and a set of processes do not comprise a strategy – they should flow from a strategy, not precede one. When built upon these foundations, the benefits of PPM go unrealized, as the means (i.e. project and portfolio processes) commonly eclipse the ends of a PPM strategy – e.g. a portfolio better aligned with business goals, improved project throughput, increased stakeholder satisfaction, and so on.

    Start with the end in mind: articulate a PPM strategy that is truly project portfolio in nature, i.e. focused on the whole portfolio and not just the individual parts. Then, let your PPM strategy guide your process goals and help to drive successful outcomes, project after project." (Barry Cousins, Senior Director of Research, PMO Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs who want to maximize IT’s fulfillment of both business strategic goals and operational needs.
    • CIOs who want to better manage the business and project sponsors’ expectations and satisfaction.
    • CIOs, PMO directors, and portfolio managers who want a strategy to set the best projects for the highest chance of success.

    This Research Will Help You:

    • Get C-level buy-in on a strategy for managing the project portfolio and clarify their expectations on how it should be managed.
    • Draft strategy-aligned, high-level project portfolio management process description.
    • Put together a strategic plan for improving PPM processes to reclaim wasted project capacity and increase business satisfaction of IT.

    This Research Will Also Assist:

    • Steering committee and C-suite management who want to maximize IT’s value to business.
    • Project sponsors who seek clarity and fairness on pushing their projects through a myriad of priorities and objectives.
    • CIOs, PMO directors, and portfolio managers who want to enable data-driven decisions from the portfolio owners.

    This Research Will Help Them:

    • Optimize IT’s added value to the business through project delivery.
    • Provide clarity on how IT’s project portfolio should be managed and the expectations for its management.
    • Improve project portfolio visibility by making trustworthy project portfolio data available, with which to steer the portfolio.

    Executive Summary

    Situation

    • As CIO, there are too many projects and not enough resource capacity to deliver projects on time, on budget, and in scope with high quality.
    • Prioritizing projects against one another is difficult in the face of conflicting priorities and agenda; therefore, projects with dubious value/benefits consume resource capacity.

    Complication

    • Not all IT projects carry a direct value to business; IT is accountable for keeping the lights on and it consumes a significant amount of resources.
    • Business and project sponsors approve projects without considering the scarcity of resource capacity and are frustrated when the projects fail to deliver or linger in the backlog.

    Resolution

    • Create a coherent strategy to maximize the total value that projects deliver as a whole portfolio, rather than a collection of individual projects.
    • Ensure that the steering committee or senior executive layer buys into the strategy by helping them understand why the said strategy is necessary, and more importantly, why the strategy is valuable to them.
    • Translate the strategic expectations to specific, tangible goals, which are realized through a suite of project portfolio management processes tailored to your organization and its culture.
    • Putting into place people, processes, and tools that are sustainable and manageable, plus a communication strategy to maintain the stakeholder buy-in.

    Info-Tech Insight

    1. Time is money; therefore, the portfolio manager is an accountant of time. It is the portfolio manager’s responsibility to provide the project portfolio owners with reliable data and close the loop on portfolio decisions.
    2. Business satisfaction is driven by delivering projects that align to and maximize business value. Use Info-Tech’s method for developing a PPM strategy and synchronize its definition of “best projects” with yours.

    Projects that deliver on strategic goals of the business is the #1 driver of business satisfaction for IT

    Info-Tech’s CIO Business Vision Survey (N=21,367) has identified a direct correlation between IT project success and overall business satisfaction with IT.

    Comparative rankings of IT services in two columns 'Reported Importance' and 'Actual Importance' with arrows showing where each service moved to in the 'Actual Importance' ranking. The highlighted move is 'Projects' from number 10 in 'Reported' to number 1 in 'Actual'. 'Reported' rankings from 1 to 12 are 'Network Infrastructure', 'Service Desk', 'Business Applications', 'Data Quality', Devices', 'Analytical Capability', 'Client-Facing Technology', 'Work Orders', 'Innovation Leadership', 'Projects', 'IT Policies', and 'Requirements Gathering'. 'Actual' rankings from 1 to 12 are 'Projects', 'Work Orders', 'Innovation Leadership', 'Business Applications', 'Requirements Gathering', 'Service Desk', 'Client-Facing Technology', 'Network Infrastructure', 'Analytical Capability', 'Data Quality', 'IT Policies', and 'Devices'.

    Reported Importance: Initially, when CIOs were asked to rank the importance of IT services, respondents ranked “projects” low on the list – 10 out of a possible 12.

    Actual Importance: Despite this low “reported importance,” of those organizations that were “satisfied” to “fully satisfied” with IT, the service that had the strongest correlation to high business satisfaction was “projects,” i.e. IT’s ability to help plan, support, and execute projects and initiatives that help the business achieve its strategic goals.

    On average, executives perceive IT as being poorly aligned with business strategy

    Info-Tech’s CIO Business Vision Survey data highlights the importance of IT projects in supporting the business achieve its strategic goals. However, Info-Tech’s CEO-CIO Alignment Survey (N=124) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals:

    • 43% of CEOs believe that business goals are going unsupported by IT.
    • 60% of CEOs believe that improvement is required around IT’s understanding of business goals.
    • 80% of CIOs/CEOs are misaligned on the target role for IT.
    • 30% of business stakeholders* are supporters of their IT departments.
    • (Source: Info-Tech CIO/CEO Alignment Diagnostics, * N=32,536)

    Efforts to deliver on projects are largely hampered by causes of project failure outside a project manager’s control

    The most recent data from the Project Management Institute (PMI) shows that more projects are meeting their original goals and business intent and less projects are being deemed failures. However, at the same time, more projects are experiencing scope creep. Scope creeps result in schedule and cost overrun, which result in dissatisfied project sponsors, stakeholders, and project workers.

    Graph of data from Project Management Institute comparing projects from 2015 to 2017 that 'Met original goals/business intent', 'Experienced scope creep', and were 'Deemed failures'. Projects from the first two categories went up in 2017, while projects that were deemed failures went down.

    Meanwhile, the primary causes of project failures remain largely unchanged. Interestingly, most of these primary causes can be traced to sources outside of a project manager’s control, either entirely or in part. As a result, project management tactics and processes are limited in adequately addressing them.

    Relative rank

    Primary cause of project failure

    2015

    2016

    2017

    Trend

    Change in organization's priorities 1st 1st 1st Stable
    Inaccurate requirements gathering 2nd 3rd 2nd Stable
    Change in project objectives 3rd 2nd 3rd Stable
    Inadequate vision/goal for project 6th 5th 4th Rising
    Inadequate/poor communication 5th 7th 5th Stable
    Poor change management 11th 9th 6th Rising
    (Source: Project Management Institute, Pulse of the Profession, 2015-2017)

    Project portfolio management (PPM) can improve business alignment of projects and reduce chance of project failure

    PPM is about “doing the right things.”

    The PMI describes PPM as:

    Interrelated organizational processes by which an organization evaluates, selects, prioritizes, and allocates its limited internal resources to best accomplish organizational strategies consistent with its vision, mission, and values. (PMI, Standard for Portfolio Management, 3rd ed.)

    Selecting and prioritizing projects with the strongest alignment to business strategy goals and ensuring that resources are properly allocated to deliver them, enable IT to:

    1. Improve business satisfaction and their perception of IT’s alignment with the business.
    2. Better engage the business and the project customers.
    3. Minimize the risk of project failure due to changing organizational/ project vision, goals, and objectives.

    "In today’s competitive business environment, a portfolio management process improves the linkage between corporate strategy and the selection of the ‘right’ projects for investment. It also provides focus, helping to ensure the most efficient and effective use of available resources." (Lou Pack, PMP, Senior VP, ICF International (PMI, 2015))

    PPM is a common area of shortcomings for IT, with much room for improvement

    Info-Tech’s IT Management & Governance Survey (N=879) shows that PPM tends to be regarded as neither an effective nor an important process amongst IT organizations.

    Two deviation from median charts highlighting Portfolio Management's ranking compared to other IT processes in 'Effectiveness scores' and 'Importance scores'. PPM ranks 37th out of 45 in Effectiveness and 33rd out of 45 in Importance.

    55% ... of IT organizations believe that their PPM processes are neither effective nor important.

    21% ... of IT organizations reported having no one responsible or accountable for PPM.

    62% ... of projects in organizations effective in PPM met/exceeded the expected ROI (PMI, 2015).

    In addition to PPM’s benefits, improving PPM processes presents an opportunity for getting ahead of the curve in the industry.

    Info-Tech’s methodology for developing a PPM strategy delivers extraordinary value, fast

    Our methodology is designed to tackle your hardest challenge first to deliver the highest-value part of the deliverable. For developing a PPM strategy, the biggest challenge is to get the buy-in of the executive layer.

    "Without senior management participation, PPM doesn’t work, and the organization is likely to end up with, or return to, a squeaky-wheel-gets-the-grease mindset for all those involved." (Mark Price Perry, Business Driven Project Portfolio Management)

    In the first step of the blueprint, you will be guided through the following steps:

    1. Choose the right PPM strategy: driven by the executives, supported by management.
    2. Objectively assess your current project portfolio with minimal effort to build a case for the PPM strategy.
    3. Engage the executive layer to get the critical prerequisite of a PPM strategy: their buy-in.

    A PPM strategic plan is the end deliverable of this blueprint. In the first step, download the pre-filled template with content that represents the most common case. Then, throughout the blueprint, customize with your data.

    Use this blueprint to develop, or refine, a PPM strategy that works for your organization

    Get buy-in for PPM strategy from decision makers.

    Buy-in from the owners of project portfolio (Steering Committee, C-suite management, etc.) is a critical prerequisite for any PPM strategy. This blueprint will give you the tools and templates to help you make your case and win the buy-in of portfolio owners.

    Connect strategic expectations to PPM process goals.

    This blueprint offers a methodology to translate the broad aim of PPM to practical, tactical goals of the five core PPM processes, as well as how to measure the results. Our methodology is supported with industry-leading frameworks, best practices, and our insider research.

    Develop your PPM processes.

    This blueprint takes you through a series of steps to translate the process goals into a high-level process description, as well as a business case and a roadmap for implementing the new PPM processes.

    Refine your PPM processes.

    Our methodology is also equally as applicable for making your existing PPM processes better, and help you draft a roadmap for improvement with well-defined goals, roles, and responsibilities.

    Info-Tech’s PPM model consists of five core processes

    There are five core processes in Info-Tech’s thought model for PPM.

    Info-Tech's Process Model detailing the steps and their importance in project portfolio management. Step 3: 'Status and Progress Reporting' sits above the others as a process of importance throughout the model. In the 'Intake' phase of the model are Step 1: 'Intake, Approval, and Prioritization' and Step 2: 'Resource Management'. In the 'Execution' phase is 'Project Management', the main highlighted section, and a part of Step 3, the overarching 'Status and Progress Reporting'. In the 'Closure' phase of the model are Step 4: 'Project Closure' and Step 5: 'Benefits Tracking'.

    These processes create an infrastructure around projects, which aims to enable:

    1. Initiation of the “best” projects with the right resources and project information.
    2. Timely and trustworthy reporting to facilitate the flow of information for better decision making.
    3. Proper closure of projects, releasing resources, and managing benefits realization.

    PPM has many moving pieces. To ensure that all of these processes work in harmony, you need a PPM strategy.

    De-couple project management from PPM to break down complexity and create flexibility

    Tailor project management (PM) processes to fit your projects.

    Info-Tech’s PPM thought model enables you to manage your project portfolio independent of your PM methodology or capability. Projects interact with PPM via:

    • A project charter that authorizes the use of resources and defines project benefits.
    • Status reports that feed up-to-date, trustworthy data to your project portfolio.
    • Acceptance of deliverables that enable proper project closure and benefits reporting.

    Info-Tech’s PPM strategy is applicable whether you use Agile, waterfall, or anything in between for PM.

    The process model from the previous page but with project management processes overlaid. The 'Intake' phase is covered by 'Project Charter'. The 'Execution' phase, or 'Project Management' is covered by 'Status report'. The 'Closure' phase is covered by 'Deliverable Acceptance'.

    Learn about project management approach for small projects in Info-Tech’s Tailor PM Processes to Fit Your Projects blueprint.

    Sample of the Info-Tech blueprint 'Tailor PM Processes to Fit Your Projects'.

    Info-Tech’s approach to PPM is informed by industry best practices and rooted in practical insider research

    Info-Tech uses PMI and ISACA frameworks for areas of this research.

    Logo for 'Project Management Institute (PMI)'.' Logo for 'COBIT 5 an ISACA Framework'.
    PMI’s Standard for Portfolio Management, 3rd ed. is the leading industry framework, proving project portfolio management best practices and process guidelines. COBIT 5 is the leading framework for the governance and management of enterprise IT.

    In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Logo for 'Info-Tech Research Group'.

    33,000+ Our peer network of over 33,000 happy clients proves the effectiveness of our research.

    1000+ Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.

    Re-position IT as the “facilitator of business projects” for PPM success

    CASE STUDY

    Industry: Construction
    Source: Info-Tech Client

    Chaos in the project portfolio

    At first, there were no less than 14 teams of developers, each with their own methodologies and processes. Changes to projects were not managed. Only 35% of the projects were completed on time.

    Business drives, IT facilitates

    Anyone had the right to ask for something; however, converting ideas to a formal project demand required senior leadership within a business division getting on board with the idea.

    The CIO and senior leadership decided that projects, previously assigned to IT, were to be owned and driven by the business, as the projects are undertaken to serve its needs and rarely IT’s own. The rest of the organization understood that the business, not IT, was accountable for prioritizing project work: IT was re-positioned as a facilitator of business projects. While it was a long process, the result speaks for itself: 75% of projects were now being completed on time.

    Balancing the target mix of the project portfolio

    What about maintaining and feeding the IT infrastructure? The CIO reserved 40% of IT project capacity for “keeping the lights on,” and 20% for reactive, unplanned activities, with an aim to lower this percentage. With the rest of the time, IT facilitated business projects

    Three key drivers of project priority

    1. Does the project meet the overall company goals and objectives?
      “If they don't, we must ask why we are bothering with it.”
    2. Does the project address a regulatory or compliance need?
      “Half of our business is heavily regulated. We must focus on it.”
    3. Are there significant savings to be had?
      “Not soft; hard savings. Can we demonstrate that, after implementing this, can we see good hard results? And, can we measure it?”

    "Projects are dumped on IT, and the business abdicates responsibility. Flip that over, and say ‘that's your project’ and ‘how can we help you?’"

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Develop a PPM strategy – project overview

    1. Get executive buy-in for your PPM strategy

    2. Align PPM processes to your strategic goals

    3. Complete your PPM strategic plan

    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Choose the right PPM strategy for your organization

    1.2 Translate PPM strategy expectations to specific process goals

    2.1 Develop and refine project intake, prioritization, and resource management processes

    2.2 Develop and refine portfolio reporting, project closure, and benefits realization processes

    3.1 Select a right-sized PPM solution for supporting your new processes

    3.2 Finalize customizing your PPM Strategic Plan Template

    Guided Implementations

    • Scoping call: discuss current state of PPM and review strategy options.
    • How to wireframe realistic process goals, rooted in your PPM strategic expectations, that will be sustained by the organization.
    • Examine your current-state PPM process and create a high-level description of the target-state process for each of the five PPM processes (1-2 calls per each process).
    • Assess your PPM tool requirements to help support your processes.
    • Determine the costs and potential benefits of your PPM practice.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Set strategic expectations and realistic goals for the PPM strategy
    Module 2:
    Develop and refine strategy-aligned PPM processes
    Module 3:
    Compose your PPM strategic plan
    Phase 1 Outcome:
    • Analysis of the current state of PPM
    • Strategy-aligned goals and metrics for PPM processes
    Phase 2 Outcome:
    • PPM capability levels
    • High-level descriptions of near- and long-term target state
    Phase 3 Outcome:
    • PPM tool recommendations
    • Cost-benefit analysis
    • Customized PPM strategic plan

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Get leadership buy-in for PPM strategy Set PPM process goals and metrics with strategic expectations Develop and Refine PPM processes Develop and Refine PPM processes Complete the PPM strategic plan

    Activities

    • 1.1 Assess leadership mandate.
    • 1.2 Determine potential resource capacity.
    • 1.3 Create a project inventory.
    • 1.4 Communicate your PPM strategy to key stakeholders.
    • 2.1 Translate each strategic goal into process goals.
    • 2.2 Set metrics and preliminary targets for PPM process goals.
    • 3.1 Develop and refine the project intake, prioritization, and approval process.
    • 3.2 Develop and refine the resource management process.
    • 4.1 Develop and refine the portfolio reporting process.
    • 4.2 Develop and refine the project closure process.
    • 4.3 Develop and refine the benefits realization process.
    • 5.1 Right-size the PPM tools for your processes.
    • 5.2 Conduct a cost-benefit analysis of implementing the new PPM strategy.
    • 5.3 Define roles and responsibilities for the new processes.

    Deliverables

    1. Choice of PPM strategy and the leadership mandate
    2. Analysis of current project capacity
    3. Analysis of current project demand
    4. PPM Strategic Plan – Executive Brief
    1. PPM strategy-aligned process goals
    2. Metrics and long-term targets for PPM process goals
      For each of the five PPM processes:
    1. Process capability level
    2. Current-state PPM process description
    3. Retrospective examination of the current-state PPM process
    4. Action items to achieve the target states
    5. Time cost of the process at current and target states
    1. Recommendation for a PPM tool
    2. Cost-benefit analysis
    3. Roles and responsibilities matrix for each PPM process

    Develop a Project Portfolio Management Strategy

    PHASE 1

    Get Executive Buy-In for Your PPM Strategy

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Get executive buy-in for your PPM strategy

    Proposed Time to Completion: 2 weeks
    Step 1.1: Choose the right PPM strategy Step 1.2: Translate strategic expectations to process goals
    Start with an analyst kick-off call:
    • Scoping call to discuss the current state of PPM and review strategy options.
    Work with an analyst to:
    • Discuss how to wireframe realistic process goals, rooted in your PPM strategic expectations, that will be sustained by the organization.
    Then complete these activities…
    • Execute a leadership mandate survey.
    • Perform a high-level supply/demand analysis.
    • Prepare an executive presentation to get strategy buy-in.
    Then complete these activities…
    • Develop realistic process goals based in your PPM strategic expectations.
    • Set metrics and preliminary targets for your high-priority PPM process goals.
    With these tools & templates:
    • PPM High-Level Supply/Demand Calculator
    • PPM Strategic Plan Template
    With these tools & templates:
    • PPM Strategy-Process Translation Matrix

    Phase 1 Results & Insights

    • Executive layer buy-in is a critical prerequisite for the success of a top-down PPM strategy. Ensure your executives are onboard before proceeding to implement your PPM strategy.

    Prepare to get to value early with step 1.1 of this blueprint

    The first step of this blueprint will help you define your PPM strategy and get executive buy-in for it using section one of Info-Tech’s PPM Strategic Plan Template.

    Where traditional models of consulting can take considerable amounts of time before delivering value to clients, Info-Tech’s methodology for developing a PPM strategy gets you to value fast.

    In the first step of this blueprint, you will define your PPM strategy and prepare an executive presentation to get buy-in for the strategy. The presentation can be prepared in just a few hours.

    • The activities in step 1.1 of this blueprint will help you customize the slides in section 1 of Info-Tech’s PPM Strategic Plan Template.
    • Section one of the Template will then serve as your presentation document.

    Once you have received buy-in for your PPM strategy, the remainder of this blueprint will help you customize section 2 of the Template.

    • Section 2 of the Template will communicate:
      • Your processes and process goals.
      • Your near-term and long-term action items for implementing the strategy.
      • Your PPM tool requirements.
      • The costs and benefits of your PPM strategy.

    Download Info-Tech’s PPM Strategic Plan Template.

    Sample of Info-Tech's 'PPM Strategic Plan Template.'

    Step 1.1: Choose the right PPM strategy for your organization

    PHASE 1

    PHASE 2

    PHASE 3

    1.1 1.2 2.1 2.2 3.1 3.2
    Choose the right PPM strategy Translate strategy into process goals Define intake & resource mgmt. processes Define reporting, closure, & benefits mgmt. processes Select a right-sized PPM solution Finalize your PPM strategic plan

    This step will walk you through the following activities:

    • Perform a leadership mandate survey.
    • Choose your PPM strategy.
    • Calculate your resource capacity for projects.
    • Determine overall organizational demand for projects.
    • Prepare an executive presentation of the PPM strategy.

    This step involves the following participants:

    • CIO
    • PMO Director/Portfolio Manager
    • Project Managers
    • IT Managers

    Outcomes of this step

    • A PPM strategy
    • A resource supply/project demand analysis
    • An executive brief presentation
    • Executive buy-in for the PPM strategy

    “Too many projects, not enough resources” is the reality of most IT environments

    In today’s organizations, the desires of business units for new products and enhancements, and the appetites of senior leadership to approve more and more projects for those products and services, far outstrips IT’s ability to realistically deliver on everything.

    The vast majority of IT departments lack the resourcing to meet project demand – especially given the fact that day-to-day operational demands frequently trump project work.

    As a result, project throughput suffers – and with it, IT's reputation within the organization.

    A visualization of 'Project Demand' versus 'Resource supply' utilizing courtroom scales with numerous project titles weighing down the 'Project Demand' side and silhouettes of three little people raised aloft on the 'Resource supply' side.

    In these environments, a PPM strategy is required.

    A PPM strategy should enable executive decision makers to make sense of the excess of demand and give IT the ability to prioritize those projects that are of the most strategic value to the business.

    With the right PPM strategy, IT can improve project outcomes across its portfolio and drive business value – all while improving the workloads of IT project staff.

    Info-Tech has two PPM strategy options that you can start to deploy today

    This step will help you choose the most suitable option, depending on your project pain points and current level of executive engagement in actively steering the portfolio.

    Option A:
    Top-Down, Executive Driven Strategy

    Option B:
    Bottom-Up, Project Manager Driven Strategy

    Goals of this approach:
    • This approach is intended to assist decision makers in their job: choosing the right projects, committing to timelines for those projects, and monitoring/directing their progress.
    Goals of this approach:
    • This approach is primarily intended to ensure that projects are well managed in a standardized manner in order to provide project managers with clear direction.
    Who this approach is for:
    • IT departments looking to improve alignment of project demand and resource capacity.
    • IT departments wanting to prioritize strategically valuable work.
    • IT departments with sufficient executive backing and engagement with the portfolio.
    Who this approach is for:
    • IT departments that would not the get support for a top-down approach due to a disengaged executive layer.
    • IT departments that already have a top-down PPM strategy and feel they are sufficiently resourced to confront project demand.

    Each of these strategy options is driven by a set of specific strategic expectations to help communicate your PPM goals. See the following slides for an articulation of each strategy option.

    A top-down, executive driven strategy is the optimal route, putting leadership in a position to best conduct the portfolio

    Option A: Top-Down, Executive Driven Strategy

    Strategic Expectations:

    • Project Throughput: Maximize throughput of the best projects.
    • Portfolio Visibility: Ensure visibility of current and pending projects.
    • Portfolio Responsiveness: Make the portfolio responsive to executive steering when new projects and changing priorities need rapid action.
    • Resource Utilization: Minimize resource waste and optimize the alignment of skills to assignments.
    • Benefits Realization: Clarify accountability for post-project benefits attainment for each project, and facilitate the process of tracking/reporting those benefits.

    Info-Tech Insight

    Serve the executive with insight before you impede the projects with governance. This strategy option is where Info-Tech sees the most PPM success. A strategy focused at improving decision making at the executive layer will both improve project outcomes and help alleviate project workloads.

    A bottom-up strategy can help project managers and teams succeed where insight into the big picture is lacking

    Option B: Bottom-Up, Project Manager Driven Strategy

    Strategic Expectations:

    • Project Management Governance: All projects consuming IT resources will be continually validated in terms of best-practice process compliance.
    • Project Risk Management: Identify risks and related mitigation approaches for all high-risk areas.
    • Stakeholder Management: Ensure that project stakeholders are identified and involved.
    • Project Manager Resourcing: Provide project managers as needed.
    • Project-Level Visibility: Provide access to the details of project management processes (planning and progress) as needed.

    Info-Tech Insight

    Right-size governance to maximize success. Project management and governance success don’t necessarily equal project success. Project management processes should be a means to an end (i.e. successful project outcomes), and not an end in themselves. Ensure the ends justify the means.

    Most recurring project challenges require a top-down portfolio management approach

    While project management is a key ingredient to project success, tying to solve endemic project problems with project management alone won’t improve results over the long term.

    Why Top-Down is a better starting point than Bottom-Up.

    The most common IT project problems – schedule and budget overruns, scope creep, and poor quality – can ultimately, in the vast majority of cases, be traced back to bad decisions made at the portfolio level:

    • The wrong projects get greenlighted.
    • Shifting leadership priorities and operational demands make project plans and estimated delivery dates obsolete from the start.
    • Too many projects get approved when there are not enough resources to effectively work on them all.

    No amount of project management rigor can help alleviate these common root causes of project failure.

    With a top-down PPM strategy, however, you can make sure that leadership is informed and engaged in making the right project decisions and that project managers and teams are situated for success.

    "There is nothing so useless as doing efficiently that which should not be done at all." (Peter Drucker (quoted in Lessing))

    Info-Tech Insight

    Get Strategic About Project Success.

    The difference between project management and project portfolio management comes down to doing things right vs. doing the right things. Both are important, no doubt; but doing the wrong things well doesn’t provide much value to the business in the long run.

    Get insight into the big picture with a top-down strategy before imposing more administrative overhead on project managers and leads.

    Perform a leadership mandate assessment to gauge executive needs and expectations

    Associated Activity icon 1.1.1 – 15 to 30 minutes (prep time) 10 to 20 minutes (execution time)

    INPUT: Leadership expectations for portfolio and project management.

    OUTPUT: Leadership mandate bar chart

    Materials: Tab 6 of Info-Tech’s PPM High-Level Supply-Demand Calculator

    Participants: Portfolio manager (or equivalent), PPM strategy sponsor(s), CIO and other members of senior management

    Before choosing your strategy option, survey the organization’s leadership to assess what they’re expecting from the PPM strategy.

    Use the “Leadership Mandate Survey” (located on tab 6 of Info-Tech’s PPM High-Level Supply-Demand Calculator) to assess the degree to which your leadership expects the PPM strategy to provide outcomes across the following capabilities: portfolio reporting, project governance, and project management.

    • Deploy the 12-question survey via individual one-on-one meetings or group working sessions with your boss (the PPM strategy sponsor) as well as with the CIO and other senior managers from within IT and the business.
      • If you cannot connect with the executive layer for this survey, do your best to estimate their responses to complete the survey.
    • The survey should help distinguish if executives are looking for portfolio management or project management. It should be one input that informs your choice of strategy option A or B.
      • If leadership is looking primarily for project management, you should proceed to Info-Tech’s Tailor Project Management Processes that Fit Your Projects blueprint.

    Refer to the next slide for assistance analyzing the outputs in tab 6 and using them to inform your choice of strategy.

    How to make use of the results of the leadership survey

    Two possible result scenarios of the leadership survey. There are two bar graphs titled 'Leadership Mandate', each with an explanation of the scenario they belong to. In Scenario 1, the 'Leadership Mandate' graph has a descending trend with 'Portfolio Reporting' at the highest level, 'Project Governance' in the middle, and 'Project Management' at the lowest level. 'A result like this, with a higher portfolio reporting score, shows a higher need for a top-down approach and demonstrates well-balanced expectations for a PPM strategy from the leadership. There is greater emphasis put on the portfolio than there is project governance or project management.' In Scenario 2, the 'Leadership Mandate' graph has an ascending trend with 'Portfolio Reporting' at the lowest level, 'Project Governance' in the middle, and 'Project Management' at the highest level. 'If your graph looks like this, your executive leadership has placed greater importance on project governance and management. Completing a top-down PPM strategy may not meet their expectations at this time. In this situation, a bottom-up approach may be more applicable.'

    Customize Info-Tech’s PPM Strategic Plan Template. Insert screenshots of the survey and the bar graph from tab 6 of the PPM High-Level Supply-Demand Calculator onto slides 7 and 8, “PPM Strategy Leadership Mandate,” of the PPM Strategic Plan Template.

    Proceed with the right PPM strategy for your organization

    Based upon the results of the “Leadership Mandate Survey,” and your assessment of each strategy option as described in the previous slides, choose the strategy option that is right for your IT department/PMO at this time.

    "Without a strategic methodology, project portfolio planning is frustrating and has little chance of achieving exceptional business success." (G Wahl (quoted in Merkhofer))

    Option A:

    Those proceeding with Option A should continue with remainder of this blueprint. Update your strategy statement on slide 3 of your PPM Strategic Plan Template to reflect your choice

    Option B:

    Those proceeding with Option B should exit this blueprint and refer to Info-Tech’s Tailor Project Management Processes to Fit Your Projects blueprint to help define a project management standard operating procedure.

    Customize Info-Tech’s PPM Strategic Plan Template. If you’re proceeding with Option A, update slide 4, “Project Portfolio Management Strategy,” of your PPM Strategic Plan Template to reflect your choice of PPM strategy. If you’re proceeding with Option B, you may want to include your strategy statement in your Project Management SOP Template.

    The success of your top-down strategy will hinge on the quality of your capacity awareness and resource utilization

    A PPM strategy should facilitate alignment between project demand with resource supply. Use Info-Tech’s PPM High-Level Supply/Demand Calculator as a step towards this alignment.

    Info-Tech’s research shows that the ability to provide a centralized view of IT’s capacity for projects is one of the top PPM capabilities that contributes to overall project success.

    Accurate and reliable forecasts into IT’s capacity, coupled with an engaged executive layer making project approval and prioritization decisions based upon that capacity data, is the hallmark of an effective top-down PPM strategy.

    • Use Info-Tech’s PPM High-Level Supply/Demand Calculator to help improve visibility (and with it, organizational understanding) into project demand and IT resource supply.
    • The Calculator will help you determine IT’s actual capacity for projects and analyze organizational demand by taking an inventory of active and backlog projects.

    Download Info-Tech’s PPM High-Level Supply/Demand Calculator.

    Sample of Into-Tech's PPM High-Level Supply/Demand Calculator.

    Info-Tech Insight

    Where does the time go? The portfolio manager (or equivalent) should function as the accounting department for time, showing what’s available in IT’s human resources budget for projects and providing ongoing visibility into how that budget of time is being spent.

    Establish the total resource capacity of your portfolio

    Associated Activity icon 1.1.2 – 30 to 60 minutes

    INPUT: Staff resource types, Average work week, Estimated allocations

    OUTPUT: Breakdown of annual portfolio HR spend, Capacity pie chart

    Materials: PPM High-Level Supply/Demand Calculator, tab 3

    Participants: Portfolio manager (or equivalent), Resource and/or project managers

    Use tab 3 of the calculator to determine your actual HR portfolio budget for projects, relative to the organization’s non-project demands.

    • Tab 3 analyzes your resource supply asks you to consider how your staff spend their time weekly across four categories: out of office time, administrative time (e.g. meetings, training, checking email), keep-the-lights-on time (i.e. support and maintenance), and project time.
    • The screenshot below walks you through columns B to E of tab 3, which help calculate your potential capacity. This activity will continue on the next slide, where we will determine your realized capacity for project work from this potential capacity.
    Screenshot of tab 3 in the PPM High-Level Supply/Demand Calculator. It has 4 columns, 'Resource Type', '# People', 'Hours / Week', and 'Hours / Year', which are referred to in notes as columns B through E respectively. The note on 'Resource Type' reads '1. Compile a list of each of the roles within your department in column B'. The note on '# People' reads '2. In column C, provide the number of staff currently performing each role'. The note on 'Hours / Week' reads '3. In column D, provide a baseline for the number of hours in a typical work week for each role'. The note on 'Hours / Year' reads '4. Column E will auto-populate based on E and D. The total at the bottom of column E (row 26) constitutes your department’s total capacity'.

    Determine the project/non-project ratio for each role

    Associated Activity icon 1.1.2 (continued)

    The previous slide walked you through columns B to E of tab 3. This slide walks you through columns F to J, which ask you to consider how your potential capacity is spent.

    Screenshot of tab 3 in the PPM High-Level Supply/Demand Calculator. It has 6 columns, 'Hours / Year', 'Absence', 'Working Time / Year', 'Admin', 'KTLO', and 'Project Work', which, starting at 'Absence', are referred to in notes as columns F through J respectively. The note on 'Absence' reads '5. Enter the percentage of your total time across each role that is unavailable due to foreseeable out-of-office time (vacation, sick time, etc.) in column F. Industry standard runs anywhere from 12% to 16%, depending on your industry and geographical region'. The note on 'Working Time / Year' reads '6. Column G will auto-calculate to show your overall net capacity after out-of-office percentages have been taken off the top. These totals constitute your working time for the year'. The note on 'Admin' and 'KTLO' reads '6. Column G will auto-calculate to show your overall net capacity after out-of-office percentages have been taken off the top. These totals constitute your working time for the year'. The note on 'Project Work' reads '8. The project percentage in column J will auto-calculate based upon what’s leftover after your non-project working time allocations in columns H and I have been subtracted'.

    Review your annual portfolio capacity for projects

    Associated Activity icon 1.1.2 (continued)

    The previous slides walked you through the inputs for tab “3. Project Capacity.” This slide walks you through the outputs of the tab.

    Based upon the inputs from columns B to J, the rest of tab 3 analyzes how IT available time is spent across the time categories, highlighting how much of IT’s capacity is actually available for projects after admin work, support and maintenance work, and absences have been taken into account.

    A table and pie chart of output data from Tab 3 of the PPM High-Level Supply/Demand Calculator. Pie segments are labelled 'Admin', 'Absence', 'Project Capacity', and 'Keep The Lights On'.

    Customize Info-Tech’s PPM Strategic Plan Template. Update slide 10, “Current Project Capacity,” of your PPM Strategic Plan Template to include the outputs from tab 3 of the Calculator.

    Create an inventory of active and backlog projects to help gauge overall project demand

    Associated Activity icon 1.1.3 – 15 to 30 minutes

    INPUT: Number of active and backlog projects across different sizes

    OUTPUT: Total project demand in estimated hours of work effort

    Materials: PPM High-Level Supply/Demand Calculator, tab 4

    Participants: Portfolio manager (or equivalent), Project managers

    Where tab 3 of the Calculator gave you visibility into your overall resource supply for projects, tab 4 will help you establish insight into the demand side.

    • Before starting on tab 4, be sure to enter the required project size data on the set-up tab.
    • Using a list of current active projects, categorize the items on the list by size: small, medium, large, and extra large. Enter the number of projects in each category of project in column C of tab 4.
    • Using a list of on-hold projects, or projects that have been approved but not started, categorize the list by size and enter the number of projects in each category in column D.
    • In column E, estimate the number of new requests and projects across each size that you anticipate being added to the portfolio/backlog in the next 12 months. Use historical data from the past 12 to 24 months to inform your estimates.
    • In column F, estimate the number of projects that you anticipate being completed in each size category in the next 12 months. Take the current state of active projects into account as you make your estimates, as well as throughput data from the previous 12 to 24 months.
    Screenshot of tab 4 in the PPM High-Level Supply/Demand Calculator. It has 5 columns labelled 'Project Types' with values Small to Extra-Large, 'Number of active projects currently in the portfolio', 'Number of projects currently in the portfolio backlog', 'Number of new requests anticipated to be added to the portfolio/backlog in the next 12 months', and 'Number of projects expected to be delivered within the next 12 months'.

    Make supply and demand part of the conversation as you get buy-in for your top-down strategy

    Tab 5 of the Calculator is an output tab, visualizing the alignment (or lack thereof) of project demand and resource supply.

    Once tabs 3 and 4 are complete, use tab 5 to analyze the supply/demand data to help build your case for a top-down PPM strategy and get buy-in for it.

    Screenshots of Tab 5 in the PPM High-Level Supply/Demand Calculator. A bar chart obscures a table with the note 'The bar chart shows your estimated total project demand in person hours (in black) relative to your estimated total resource capacity for projects (in green)'. Notes on the table are 'The table below the bar chart shows your estimated annual project throughput rate (based upon the number of projects you estimated you would complete this year) as well as the rate at which portfolio demand will grow (based upon the number of new requests and projects you estimated for the next 12 months)' and 'If the “Total Estimated Project Demand (in hours) in 12 Months Time” number is more than your current demand levels, then you have a supply-demand problem that your PPM strategy will need to address'.

    Customize Info-Tech’s PPM Strategic Plan Template. Update slides 11 and 12, “Current Project Demand,” of your PPM Strategic Plan Template to include the outputs from tabs 4 and 5 of the Calculator.

    Recommended: Complete Info-Tech’s PPM Current State Scorecard to measure your resource utilization

    Associated Activity icon Contact your rep or call 1-888-670-8889

    This step is highly recommended but not required. Call 1-888-670-8889 to inquire about or request the PPM Diagnostics.

    Info-Tech’s PPM Current State Scorecard diagnostic provides a comprehensive view of your portfolio management strengths and weaknesses, including project portfolio management, project management, customer management, and resource utilization.

    Screenshots of Info-Tech's PPM Current State Scorecard diagnostic with a pie chart obscuring a table/key. The attached note reads 'In particular, the analysis of resource utilization in the PPM Current State Scorecard report, will help to complement the supply/demand analysis in the previous slides. The diagnostic will help you to analyze how, within that percentage of your overall capacity that is available for project work, your staff productively utilizes this time to successfully complete project tasks and how much of this time is lost within Info-Tech’s categories of resource waste.'

    Customize Info-Tech’s PPM Strategic Plan Template. Update slides 14 and 15, “Current State Resource Utilization” of your PPM Strategic Plan Template to include the resource utilization outputs from your PPM Current State Scorecard.

    Finalize section one of the PPM Strategic Plan Template and prepare to communicate your strategy

    Associated Activity icon 1.1.4 – 10 to 30 minutes

    INPUT: The previous activities from this step

    OUTPUT: An presentation communication your PPM strategy

    Materials: PPM Strategic Plan Template, section 1

    Participants: Portfolio manager (or equivalent)

    By now, you should be ready to complete section one of the PPM Strategic Plan Template.

    The purpose of this section of the Template is to capture the outputs of this step and use them to communicate the value of a top-down PPM strategy and to get buy-in for this strategy from senior management before you move forward to develop your PPM processes in the subsequent phases of this blueprint.

    • Within section one, update any of the text that is (in grey) to reflect the specifics of your organization – i.e. the name of your organization and department – and the specific outcomes of step 1.2 activities. In addition, replace the placeholders for a company logo with the logo of your company.
    • Replace the tool screenshots with the outputs from your version of the PPM High-Level Supply/Demand Calculator.
    • Proofread all of the text to ensure the content accurately reflects your outcomes. Edit the content as needed to more accurately reflect your outcomes.
    • Determine the audience for the presentation of your PPM strategy and make a logistical arrangement. Include PPM strategy sponsors, senior management from within IT and the business, and other important stakeholders.

    Get executive buy-in for your top-down PPM strategy

    Executive layer buy-in is a critical prerequisite for the success of a top-down PPM strategy. Ensure your executives are on board before preceding.

    You’re now ready to communicate your PPM strategy to your leadership team and other stakeholders.

    It is essential that you get preliminary buy-in for this strategy from the executive layer before you move forward to develop your PPM processes in the subsequent phases of this blueprint. Lack of executive engagement is one of the top barriers to PPM strategy success.

    • If you have gone through the preceding activities in this step, section one of your PPM Strategic Plan Template should now be ready to present.
    • As explained in 1.1.4, you should present this section to an audience of PPM strategy sponsors, C-suite executives, and other members of the senior management team.
    • Allow at least 60 minutes for the presentation – around 20 minutes to deliver the slide presentation and 40 minutes for discussion.
    • If you get sufficient buy-in by the end of the presentation, proceed to the next step of this blueprint. If buy-in is lacking, now might not be the right time for a top-down PPM strategy. Think about adopting a bottom-up approach until leadership is more engaged in the portfolio.

    "Gaining executive sponsorship early is key…It is important for the executives in your organization to understand that the PPM initiatives and the PMO organization are there to support (but never hinder) executive decision making." (KeyedIn Projects)

    Info-Tech Best Practice

    Engage(d) sponsorship. According to Prosci, the top factor in contributing to the success of a change initiative is active and visible executive sponsorship. Use this meeting to communicate to your sponsor(s) the importance of their involvement in championing the PPM strategy.

    A PPM strategic plan elevates PMO’s status to a business strategic partner

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    The PMO operated in a way that is, in their self-assessment, reactive; project requests and capacity were not effectively managed. Perhaps due to this, the leadership team was not always visible, or regularly available, to PM leaders. This, in turn, complicated efforts to effectively manage their projects.

    Solution

    Establishing a simple prioritization methodology enabled the senior leadership to engage and effectively steer the project portfolio by strategic importance. The criteria and tool also gave the business units a clear understanding to promote the strategic value of each of their project requests.

    Results

    PM leaders now have the support and confidence of the senior leadership team to both proactively manage and deliver on strategic projects. This new prioritization model brought the PM Leader and senior leadership team in direct access with each other.

    "By implementing this new project intake and prioritization framework, we drastically improved our ability to predict, meet, and manage project requests and unit workload. We adopted a client-focused and client-centric approach that enabled all project participants to see their role and value in successful project delivery. We created methodologies that were easy to follow from the client participation perspective, but also as PM leaders, provided us with the metrics, planning, and proactive tools to meet and anticipate client project demand. The response from our clients was extremely positive, encouraging, and appreciative."

    Step 1.2: Translate PPM strategic expectations to process goals

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine process goals based upon your PPM strategy.
    • Set metrics and preliminary targets for your PPM processes.

    This step involves the following participants:

    • CIO
    • Steering Committee
    • Business Unit Leaders
    • PMO Director/Portfolio Manager

    Outcomes of this step

    • Stakeholder-prioritized PPM process goals
    • Metrics and targets for high-priority process goals

    Use the PPM strategy to set the direction for PPM processes that make up the infrastructure around projects

    PPM strategy enables you to answer any and all of these questions in a way that is consistent, cohesive, and aligned with one another.

    Info-Tech's PPM Process Model from earlier with notes overlaid asking a series of questions. The questions for '1. Intake, Approval, and Prioritization' are 'Who can request a project? How do you request a project? Who decides what to fund? What is the target investment mix? How will they decide?' The questions for '2. Resource Management' are 'Who assigns the resources? Who feeds the data on resources? How do we make sure it’s valid? How do we handle contingencies when projects are late, or if availability changes?' The questions for '3. Status and Progress Reporting' are 'What project information that should be reported? Who reports on project status? When? How?' The questions between 'Project Management' and '4. Project Closure' are 'Who declares that a project is done? Who validates it? Who is this reported to? Who terminates low-value projects? How will they decide?' The questions for '5. Benefits Tracking' are 'How do we validate the project benefits from the original business case? How do we track the benefits? Who reports it? When?'

    Set process goals to address PPM strategic expectations and steer the PPM strategic plan

    Associated Activity icon 1.2.1 – 2 hours

    INPUT: PPM strategy & expectations, Organizational strategy and culture

    OUTPUT: Prioritized list of strategy-aligned PPM process goals

    Materials: PPM Strategy-Process Translation Matrix

    Participants: CIO, Steering Committee, Business Unit Leaders, PMO Director/ Portfolio Manager

    This activity is designed for key departmental stakeholders to articulate how PPM processes should be developed or refined to meet the PPM strategic expectations.

    Participation of the key departmental stakeholders in this exercise is critical, e.g. CIO, Steering Committee, business unit leaders.

    Strategic Expectations x Processes = Process goals aligned to strategy
    Throughput Project Intake, Approval, & Prioritization
    Visibility Resource Management
    Responsiveness Status & Progress Reporting
    Resource Utilization Project Closure
    Benefits Benefits Realization

    Download Info-Tech’s PPM Strategy-Process Goals Translation Matrix Template.

    Use Info-Tech’s Translation Matrix to systematically articulate strategy-aligned PPM process goals

    Supporting Tool icon 1.2.1 – PPM Strategy-Process Translation Matrix, tab 2

    Formula: To answer “[question]” in a way that we can [strategic expectation], it will be important to [process goal].

    Example 1:
    To answer the question “who can request a project, and how?” in a way that we can maximize the throughput of the best projects, it will be important to standardize the project request process.

    Example 2:
    To answer the question “how will they decide what to fund?” in a way that we can maximize the throughput of the best projects, it will be important to reach a consensus on project prioritization criteria.

    Example 3:
    To answer the question “how will we track the projected benefits?” in a way that we can maximize the throughput of the best projects, it will be important to double-check the validity of benefits before projects are approved.

    Screenshot of Tab 2 in Info-Tech's PPM Strategy-Process Translation Matrix tool. There is a table with notes overlaid 'Enter the process goals in the appropriate question–strategic expectation slot' and 'Assign a priority, from the most important (1) to the least important (5)'.

    Set metrics and preliminary targets for your high-priority PPM process goals

    Associated Activity icon 1.2.2 – 1-2 hours

    INPUT: Prioritized list of strategy-aligned PPM process goals, Organizational strategy and culture

    OUTPUT: Metrics and targets for high-priority PPM process goals

    Materials: PPM Strategy-Process Translation Matrix

    Participants: CIO, Steering Committee, Business Unit Leaders, PMO Director/ Portfolio Manager

    Your highest-priority process goals and their corresponding strategy expectations are displayed in tab 3 of the PPM Strategy-Process Translation Matrix template (example below).

    Through a group discussion, document what will be measured to decide the achievement of each process goal, as well as your current estimate and the long-term target. If necessary, adjust the approximate target duration.

    Screenshot of Tab 3 in Info-Tech's PPM Strategy-Process Translation Matrix tool. There is a table with 6 columns 'PPM Process', 'High-priority Process Goals', 'Strategy Expectation', 'How will you measure success?', 'Current Estimate', and 'Long-Term Target'; they are referred to in notes as columns B through G respectively. Overlaid notes are 'Columns C and D will auto-populate based upon your inputs from tab 2. The five PPM process areas are arranged vertically in column B and your top-five process goals from each area appear in column C.' 'Use column E to brainstorm how you might measure the success of each process goal at your organization. These can be tentative for now and refined over time.' 'Determine current metrics for each process goals and long-term target metrics in columns F and G.'

    Project-client-centered approach to PPM process design improves client satisfaction and team confidence

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    Reactive instead of proactive

    "We had no effective means of tracking project intake requests vs. capacity. We struggled using ad hoc processes and methods which worked to meet immediate needs, but we quickly realized that they were ineffective in tracking critical project metrics, key performance indicators (KPIs), or performance measures...In short, we were being reactive, instead of proactive."

    The result was a disorganized portfolio that led to low client satisfaction and team morale.

    Solution

    Examine processes “through the eyes of the client”

    With the guiding principle of “through the eyes of the client,” PPM processes and tools were developed to formalize project intake, prioritization, and capacity planning. All touchpoints between client and PPM processes were identified, and practices for managing client expectations were put in place. A client satisfaction survey was formulated as part of the post-project assessment and review.

    Results

    Client-centered processes improved client satisfaction and team confidence

    People, processes, and tools are now aligned to support client demand, manage client expectations, measure project KPIs, and perform post-project analysis. A standard for client satisfaction metrics was put in place. The overwhelmingly positive feedback has increased team confidence in their ability to deliver quality efforts.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Barry Cousins.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of activity 1.1.2 'Determine your actual resource capacity for projects'. Determine your actual resource capacity for projects

    Work with Info-Tech analysts to define your project vs. non-project ratio to help define how much of your overall resource capacity is actual available for projects.

    Sample of activity 1.2.1 'Set realistic PPM process goals'. Set realistic PPM process goals

    Leverage Info-Tech facilitators to help walk you through our PPM framework and define achievable process goals that are rooted in your current PPM maturity levels and organizational culture.

    Develop a Project Portfolio Management Strategy

    PHASE 2

    Align PPM Processes to Your Strategic Goals

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Align PPM processes to your strategic goals

    Proposed Time to Completion: 2-4 weeks
    Step 2.1: Develop intake & resource mgmt. processes Step 2.2: Define reporting, closure, & benefits processes
    Work with an analyst to:
    • Assess your current intake, prioritization, and resource management processes and wireframe a sustainable target state for each capability.
    Work with an analyst to:
    • Analyze your current portfolio reporting, project closure, and benefits realization processes and wireframe a sustainable target state for each capability.
    Then complete these activities…
    • Set near-term and long-term goals.
    • Draft high-level steps within your target-state processes.
    • Document your process steps and roles and responsibilities.
    Then complete these activities…
    • Set near-term and long-term goals.
    • Draft high-level steps within your target-state processes.
    • Document your process steps and roles and responsibilities.
    With these tools & templates:
    • PPM Strategy Development Tool
    • PPM Strategic Plan Template
    With these tools & templates:
    • PPM Strategy Development Tool
    • PPM Strategic Plan Template

    Phase 2 Results & Insights

    • The means of project and portfolio management (i.e. processes) shouldn’t eclipse the ends – strategic goals. Root your process in your PPM strategic goals to realize PPM benefits (e.g. optimized portfolio value, improved project throughput, increased stakeholder satisfaction).

    Read first: Overview of the methodology for articulating new strategy-aligned PPM processes

    In the previous step of the blueprint, key department stakeholders established the PPM process goals, metrics, and targets in a way that aligns with the overall PPM strategy. In this phase, we draft a high-level description of the five PPM processes that reflect those goals using the following methodology:

    Methodology at a glance

    1. Articulate the current state of the process.
    2. Examine the process against the strategy-aligned goals.
    3. Create short- and long-term action items to refine the current process and meet the strategy-aligned targets.
    4. Develop a high-level target-state description of the PPM process.
    5. Estimate costs-in-use of the target-state process.

    Out-of-scope topics

    • Draft a detailed target-state description of the PPM process. Avoid falling into the “analysis paralysis” trap and keep the discussion focused on the overall PPM strategy.
    • PPM tools to support the process. This discussion will take place in the next phase of the blueprint.

    INPUT

    –›

    PROCESS

    –›

    OUTPUT

    • Strategy-aligned process goals, metrics, and targets (Activity 1.2.1)
    • Knowledge of current process
    • Knowledge of organizational culture and structure
    • Capability level assessment
    • Table-top design planning activity
    • Start-stop-continue retrospective
    • High-level description of the target state
    • PPM Strategy Development Tool
    • High-level descriptions of current and target states
    • Short- and long-term action items for improving the process
    • Cost-in-use of the current- and target-state processes

    Download Info-Tech’s PPM Strategy Development Tool

    Build a sound business case for implementing the new PPM strategy with realistic costs and benefits of managing your project portfolio.

    Time spent on managing the project portfolio is an investment. Like any other business endeavors, the benefits must outweigh the costs to be worth doing.

    As you draft a high-level description of the PPM processes in this phase of the blueprint, use Info-Tech’s PPM Strategy Development Tool to track the estimate the cost-in-use of the process. In the next phase, this information will be inform a cost-benefit analysis, which will be used to support your plan to implement the PPM strategy.

    Download Info-Tech’s PPM Strategy Development Tool.

    Screenshots of Info-Tech's PPM Strategy Development Tool including a Cost-Benefit Analysis with tables and graphs.

    Step 2.1: Develop and refine project intake, prioritization, and resource management processes

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine your process maturity.
    • Benchmark current processes against strategy-aligned goals.
    • Set near- and long-term action items.
    • Draft a high-level description of your target state.
    • Document your new processes.

    This step involves the following participants:

    • PMO Director/Portfolio Manager
    • Project Managers
    • Resource Managers
    • Business Analysts

    Outcomes of this step

    • A definition of current and target state maturity levels for intake, prioritization, and resource management
    • Near-term and long-term process goals for intake, prioritization, and resource management
    • A high-level wireframe for your intake, prioritization, and resource management process steps

    Project intake, prioritization, and approval: Get projects with the highest value done first

    Give your organization the voice to say “no” (or “not yet”) to new projects.

    Questions

    • Who can request a project?
    • How do you request a project?
    • Who decides what to fund?
    • What is the target investment mix?
    • How will they decide?

    Benefits

    • Maximize value of time spent on project work by aligning projects with priorities and stakeholder needs.
    • Finish the projects you start by improving alignment of intake and prioritization with resource capacity.
    • Improve stakeholder satisfaction by managing expectations with consistent, streamlined processes.

    Challenges

    • Stakeholders who benefit from political or ad hoc prioritization processes will resist or circumvent formal intake processes.
    • Many organizations lack sufficient awareness of resource capacity necessary to align intake with availability.

    A graph highlighting the sweet spot of project intake decision making. The vertical axis is 'Rigor and Effort' increasing upward, and the horizontal axis is 'Quality and Effectiveness of Decisions' increasing to the right. The trend line starts at 'Gut Feel' with low 'Rigor and Effort', and gradually curves upward to 'Analysis Paralysis' at the top. A note with an arrow pointing to a midway point in the line reads 'The sweet spot changes between situations and types of decisions'.

    Info-Tech Insight

    This process aims to control the project demand. A balance between rigor and flexibility is critical in order to avoid the “analysis paralysis” as much as the “gut feel” approach.

    Funnel project requests into a triage system for project intake

    Info-Tech recommends following a four-step process for managing project intake.

    1. Requestor fills out form and submits the request into the funnel.
    2. Requests are triaged into the proper queue.
      1. Divert non-project request.
      2. Quickly assess value and urgency.
      3. Assign specialist to follow up on request.
      4. Inform the requestor.
    3. Business analyst starts to gather preliminary requirements.
      1. Follow up with sponsors to validate and define scope.
      2. Estimate size and determine project management rigor required.
      3. Start to develop an initial business case.
    4. Requestor is given realistic expectations for approval process.

    Info-Tech Best Practice

    An excess number of intake channels is the tell-tale sign of a project portfolio in distress. The PMO needs to exercise and enforce discipline on stakeholders. PMO should demand proper documentation and diligence from stakeholders before proceeding with requests.

    Maintain reliable resourcing data with a recurrent project intake, prioritization, and approval practice

    Info-Tech recommends following a five-step process for managing project intake, prioritization, and approval.

    A diagram of Info-Tech's five-step process for managing project intake. There are four groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Business Analysts', 'PMO', and 'Governance Layer'. The first step is 'Collect project requests' which involves 'Resources'. Step 2 is 'Screen project requests' which involves 'Business Analysts' and 'PMO'. A part of the step that may be applicable to some organizations is 'Concept approval' involving 'Governance Layer'. Step 3 is 'Develop business case' which involves 'Business Analysts' and 'PMO'. A part of the step that may be applicable to some organizations is 'Get a project sponsor' involving 'Governance Layer'. Step 4 is 'Prioritize project' which involves 'Business Analysts' and 'PMO'. Step 5 is 'Approve (greenlight) project' which involves 'Business Analysts', 'PMO', and 'Governance Layer', with an attached note that reads 'Ensure that up-to-date project portfolio information is available (project status, resource forecast, etc.)'. All of these steps lead to 'Initiate project, commit resources, etc.'

    Info-Tech Insight

    “Approval” can be a dangerous word in project and portfolio management. Use it carefully. Clarify precisely what is being “approved” at each step in the process, what is required to pass each gate, and how long the process will take.

    Determine your project intake, prioritization, and approval process maturity

    Associated Activity icon 2.1.1a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Project intake, prioritization, and approval capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Kick-off the discussion about the project intake, prioritization, and approval process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: Optimized We have effective intake processes with right-sized administrative overhead. Work is continuously prioritized to keep up with emerging challenges and opportunities.
    Capability Level 4: Aligned We have very strong intake processes. Project approvals are based on business cases and aligned with future resource capacity.
    Capability Level 3: Engaged Processes are in place to track project requests and follow up on them. Priorities are periodically re-evaluated, based largely on the best judgment of one or several executives.
    Capability Level 2: Defined Some processes are in place, but there is no capacity to say no to new projects. There is a backlog, but little or no method for grooming it.
    Capability Level 1: Unmanaged Our organization has no formal intake processes in place. Most work is done reactively, with little ability to prioritize project work proactively.

    Benchmark the current project intake, prioritization, and approval process against strategy-aligned goals

    Associated Activity icon 2.1.1b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the intake, prioritization, and approval process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Simplify business cases
    • Send emails to requestor to manage expectations
    • Accept verbal project requests
    • Approve “pet projects”
    • Monthly prioritization meetings
    • Evaluate prioritization criteria

    Set near- and long-term action items for the project intake, prioritization, and approval process

    Associated Activity icon 2.1.1c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Limit the number of channels available to request new projects.
    • Revise the intake form.
    • Establish a regular triage process.
    For example:
    • Establish a comprehensive scorecard and business case scoring process at the steering committee level.
    • Limit the rate of approval to be aligned with resource capacity.

    Review and customize slide 23, “Project intake, prioritization, and approval: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the intake, prioritization, and approval process at a target state

    Associated Activity icon 2.1.1d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: project intake, prioritization, and approval
      Collect project requests –› Screen requests –› Develop business case –› Prioritize project –› Approve project

    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      Input What information do you need to perform the work?
      Output What artifacts/deliverables are produced as a result?
      Frequency/Timing How often, and when, will the work be performed?
      Responsibility Who will perform the work?
      Accountability Who will approve the work and assume the ownership of any decisions?

    5. Record the time cost of each process using the PPM Strategy Development Tool; see next slide for instructions.

    Use the PPM Strategy Development Tool to track the time cost of the process

    Supporting Tool icon 2.1.1 – PPM Strategy Development Tool, Tab 3: Costing Assumptions

    Record the time cost of each high-level process task from Activity 2.1.1d.

    Screenshot of tab 3 from Info-Tech's PPM Strategy Development Tool with notes overlaid. Columns are 'ID', 'Task Description', 'Who does the task?', a super-column titled 'Current State' which includes 'How many times per year?', 'How many people?', and 'For how long?', a super-column titled 'Near-Term Target State' with the same three sub columns, and a super-column titled 'Long-Term Target State' with the same three sub columns. Notes for 'Who does the task?' read 'Choose executive, management or resource' and 'If task is done by more than one party, duplicate the task'. Notes for the 3 recurring sub columns are 'Estimate how many times in a year the task is performed (e.g. 120 project requests per year)', 'Indicate the number of people needed to perform the task each time', 'Estimate the average work-hours for the task… either in minutes or in hours', 'If a task is not applicable to a state (e.g. currently PMO does not screen project requests), leave the row blank', and 'For meetings, remember to indicate the number of people'.

    Document the high-level description for the new intake, prioritization, and approval process

    Associated Activity icon 2.1.1e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: Whiteboard, PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new project intake, prioritization, and approval process. Depending on your current process capability level, you may wish to include additional information on your strategic document, for example:

    • Updated prioritization scorecard.
    • Roles and responsibility matrix, identifying consulted and informed parties.

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Optimize Project Intake, Prioritization, and Approval blueprint.

    Review and customize slide 24, “Project intake, prioritization, and approval: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Clarity in project prioritization process leads to enterprise-wide buy-in

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    "Our challenge from the start was to better understand the strategic perspective and priorities of our client departments.

    In addition, much of the work requested was not aligned to corporate goals and efforts, and seemed to be contradictory, redundant, and lacking strategic focus."

    Complicating this challenge was the fact that work requests were being received via all means of communication, which made the monitoring and controlling of requests more difficult.

    Solution

    Client departments were consulted to improve the understanding of their strategic goals and priorities. Based on the consultation:

    • A new, enterprise-wide project prioritization criteria was developed.
    • Priority of project requests from all business areas are evaluated on a quarterly basis.
    • A prioritized list of projects are made available to the senior leadership team.

    Results

    "By creating and implementing a tool for departments to prioritize strategic efforts, we helped them consider the important overall project criteria and measure them uniformly, across all anticipated projects. This set a standard of assessment, prioritization, and ranking, which helped departments clearly see which efforts were supportive and matched their strategic goals."

    Resource management process ensures that projects get the resources they need

    Reclaim project capacity: properly allocate project work and establish more stable project timelines.

    Questions

    • Who assigns the resources?
    • Who feeds the data on resources?
    • How do we make sure it’s valid?
    • How do we handle contingencies when projects are late, or if availability changes?

    Benefits

    • Ensure that approved projects can be completed by aligning intake with real project capacity.
    • Reduce over-allocation of resources by allocating based on their proportion of project vs. non-project work.
    • Forecast future resource requirements by maintaining accurate resource capacity data.

    Challenges

    • Time tracking can be difficult when project workers balance project work with “keep the lights on” activities and other administrative work.
    • Continuous partial attention, interruptions, and distractions are a part of today’s reality that makes it very difficult to maximize productivity.
    A see-saw balancing 'Resource availability' on one side and 'Ongoing projects, Operational work, Administrative work, and Resource absence' on the other side.

    Maintain reliable resourcing data with a recurrent resource management practice

    Info-Tech recommends following a five-step process for resource management.

    A diagram of Info-Tech's five-step process for resource management. There are five groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Resource Managers', 'Project Managers', 'PMO', and 'Governance Layer'. The first step is 'Collect resource availability' which involves 'Resources' and 'Resource Managers'. Step 2 is 'Collect resource demand' which involves 'Resource Managers', 'Project Managers' and 'PMO'. Step 3 is 'Identify need for reconciliation' which involves 'PMO'. Step 4 is 'Resolve conflicts and smoothen resource allocations' which involves 'Resource Managers', 'Project Managers' and 'PMO'. Step 5 is 'Report resource allocations and forecast' which involves all groups, with an attached note that reads 'Ensure that up-to-date information is available for project approval, portfolio reporting, closure, etc.'

    Info-Tech Insight

    This process aims to control the resource supply to meet the demand – project and non-project alike. Coordinate this process with the intake, approval, and prioritization process.

    Determine your resource management process capability level

    Associated Activity icon 2.1.2a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Resource management capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Kick-off the discussion about the resource management process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedOur organization has an accurate picture of project versus non-project work loads and allocates resources accordingly. We periodically reclaim lost capacity through organizational and behavioral change.
    Capability Level 4: AlignedWe have an accurate picture of how much time is spent on project versus non-project work. We allocate resources to these projects accordingly. We are checking in on project progress bi-weekly.
    Capability Level 3: PixelatedWe are allocating resources to projects and tracking progress monthly. We have a rough estimate of how much time is spent on project versus non-project work.
    Capability Level 2: OpaqueWe match resources teams to projects and check in annually, but we do not forecast future resource needs or track project versus non-project work.
    Capability Level 1: UnmanagedOur organization expects projects to be finished, but there is no process in place for allocating resources or tracking project progress.

    Benchmark the current resource management process against strategy-aligned goals

    Associated Activity icon 2.1.2b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the resource management process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Collect project actuals
    • Make enhancements to the PPM tool in use
    • Over allocating resources
    • “Around the room” reporting at monthly meeting
    • Send project updates before resource management meetings

    Set near- and long-term action items for the resource management process

    Associated Activity icon 2.1.2c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Determine the percentage of project vs. non-project work through implementation of a weekly survey.
    For example:
    • Reduce resource waste to 6%.
    • Forecast resource requirements monthly.
    • Implement a mid-market PPM tool.

    Review and customize slide 26, “Resource management: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the resource management process at a target state

    Associated Activity icon 2.1.2d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: resource management
      Collect resource availability –› Collect resource demand –› Identify need for reconciliation –› Resolve conflicts and over-allocation –› Update resource forecast


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      Input What information do you need to perform the work?
      Output What artifacts/deliverables are produced as a result?
      Frequency/Timing How often, and when, will the work be performed?
      Responsibility Who will perform the work?
      Accountability Who will approve the work and assume the ownership of any decisions?


    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new resource management process

    Associated Activity icon 2.1.2e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new resource management process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Resource management meeting agenda template
    • Roles and responsibility matrix, identifying consulted and informed parties

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Develop a Resource Management for the New Reality blueprint.

    Review and customize slide 27, “Resource management: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Step 2.2: Develop and refine portfolio reporting, project closure, and benefits realization processes

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine your process maturity.
    • Benchmark current processes against strategy-aligned goals.
    • Set near- and long-term action items.
    • Draft a high-level description of your target state.
    • Document your new processes.

    This step involves the following participants:

    • PMO Director/Portfolio Manager
    • Project Managers
    • Business Analysts

    Outcomes of this step

    • A definition of current and target state maturity levels for portfolio reporting, project closure, and benefits realization
    • Near-term and long-term process goals for portfolio reporting, project closure, and benefits realization
    • A high-level wireframe for your portfolio reporting, project closure, and benefits realization process steps

    Portfolio reporting process makes trustworthy data accessible for informing decisions

    Giving stakeholders the ability to make informed decisions is the most important function of managing the project portfolio.

    Questions

    • What project information should be reported?
    • Who reports on project status?
    • When and how do we report on the status of the project portfolio?

    Benefits

    • Reporting is the linchpin of any successful PPM strategy.
    • Timely and accurate status reports enable decision makers to address issues risks and issues before they create bigger problems.
    • Executive visibility can be achieved with or without a commercial tool using spreadsheets, a content management system such as SharePoint, or a combination of tools you already have.

    Challenges

    • Trying to increase detailed visibility too fast leads to difficulty gathering and maintaining data. As a result, reporting is rarely accurate and people quickly lose trust in the portfolio.
    • If you are planning to adopt a commercial tool, Info-Tech strongly recommends validating your organization’s ability to maintain a consistent reporting process using simple tools before investing in a more sophisticated system.

    Info-Tech Insight

    If you can only do one thing, establish frequently current reporting on project status. Reporting doesn’t have to be detailed or precise, as long as it’s accurate.

    Maintain reliable portfolio status data with a recurrent status and progress reporting practice

    Info-Tech recommends following a four-step process for portfolio status and progress reporting.

    A diagram of Info-Tech's four-step process for portfolio status and progress reporting. There are four groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Project Managers', 'PMO', and 'Governance Layer'. The first step is 'Create project status reports' which involves 'Resources' and 'Project Managers'. Step 2 is 'Create a project portfolio status report' which involves 'Project Managers' and 'PMO', with a note that reads 'Ensure that up-to-date information is available for project approval, resource management, closure, etc.' Step 3 is 'Report on project portfolio status' which involves 'PMO' and 'Governance layer'. Step 4 is 'Act on portfolio steering decisions' which involves 'Resources', 'Project Managers' and 'PMO'.

    Start by establishing a regular reporting cadence with lightweight project status KPIs:

    Red Issue or risk that requires intervention For projects that are red or yellow, high-level status reports should be elaborated on with additional comments on budget, estimated hours/days until completion, etc.
    Yellow Issue or risk that stakeholders should be aware of
    Green No significant risks or issues

    Determine your resource management process capability level

    Associated Activity icon 2.2.1a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Portfolio reporting capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers

    Kick-off the discussion about the portfolio reporting process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedWith the right tools, we can ensure that all projects are planned and maintained at a detailed task level with high-quality estimates, and that actual task progress is updated at least weekly.
    Capability Level 4: AlignedWe have the skills, knowledge, and resources needed to prepare a detailed cost-benefit analysis for all proposed projects. We track the progress throughout project execution.
    Capability Level 3: InterventionWith the right tools, we can ensure that project issues and risks are identified and addressed on a regular basis (e.g. at least monthly) for all projects.
    Capability Level 2: OversightWith the right tools, we can ensure that project status updates are revised on a regular basis (e.g. at least monthly) for all ongoing projects.
    Capability Level 1: ReactiveProject managers escalate issues directly with their direct supervisor or project sponsor because there is no formal PPM practice.

    Benchmark the current portfolio reporting process against strategy-aligned goals

    Associated Activity icon 2.2.1b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the portfolio reporting process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Report on lightweight KPIs
    • Standardize the status reports
    • Project managers waiting too long before declaring a red status
    • Produce weekly project portfolio-wide report for senior leadership

    Set near- and long-term action items for the portfolio reporting process

    Associated Activity icon 2.2.1c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Establish a reporting process that can be consistently maintained using lightweight KPIs.
    • Provide a simple dashboard that stakeholders can use to see their project status reports at a high level.
    For example:
    • Adopt a commercial tool for maintaining consistent status reports.
    • Support the tool with training and a mandate of adoption among all users.

    Review and customize slide 29, “Portfolio reporting: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the portfolio reporting process at a target state

    Associated Activity icon 2.2.1d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: portfolio reporting
      Create project status reports –› Create a project portfolio status report –› Report on project portfolio status –› Act on portfolio steering decisions


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      InputWhat information do you need to perform the work?
      OutputWhat artifacts/deliverables are produced as a result?
      Frequency/TimingHow often, and when, will the work be performed?
      ResponsibilityWho will perform the work?
      AccountabilityWho will approve the work and assume the ownership of any decisions?

    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new portfolio reporting process

    Associated Activity icon 2.2.1e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new portfolio reporting process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Updated project status report template with new KPIs.
    • Documentation of requirements for improved PPM dashboards and reports.

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Enhance PPM Dashboards and Reports blueprint.

    Review and customize slide 30, “Portfolio reporting: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Streamlined status reporting improves portfolio visibility for executives, enabling data-driven steering of the portfolio

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    The client had no effective real-time reporting in place to summarize their work efforts. In addition, the client struggled with managing existing resources against the ability to deliver on the requested project workload.

    Existing project reporting processes were manually intensive and lacked mature reporting capabilities.

    Solution

    Through a short and effective engagement, IAG conducted surveys and facilitated interviews to identify the information needed by each stakeholder. From this analysis and industry best practices, IAG developed scorecards, dashboards, and project summary reports tailored to the needs of each stakeholder group. This integrated reporting tool was then made available on a central portal for PPM stakeholders.

    Results

    Stakeholders can access project scorecard and dashboard reports that are available at any given time.

    Resource reporting enabled the PMO to better balance client demand with available project capacity and forecast any upcoming deficiencies in resourcing that affect project delivery.

    Project closure at the portfolio level controls throughput and responsiveness of the portfolio

    Take control over projects that linger on, projects that don’t provide value, and projects that do not align with changing organizational priority.

    Questions

    • Who declares that a project is done?
    • Who validates it?
    • Who is this reported to?
    • Who terminates low-value projects?
    • How will they decide that a project is too low value to continue?

    Benefits

    • Minimize post-implementation problems by ensuring clean handoffs, with clear responsibilities for ongoing support and maintenance.
    • Drive continuous improvement by capturing and applying lessons learned.
    • Increase the project portfolio’s responsiveness to change by responding to emerging opportunities and challenges.

    Challenges

    • Completion criteria and “definition of done” need to be well defined and done so at project initiation.
    • Scope changes need to be managed and documented throughout the project.
    • Portfolio responsiveness requires deep cultural changes that will be met with confusion and resistance from some stakeholders.

    Info-Tech Insight

    Although “change in organizational priority” is the most frequently cited cause of project failure (PMI Pulse of Profession, 2017), closing projects that don’t align with organizational priority ought to be a key PPM goal. Therefore, don’t think of it as project failure; instead, think of it as PPM success.

    Maintain the health of the project portfolio with a repeatable project closure process

    Info-Tech recommends following a four-step process for project closure.

    A diagram of Info-Tech's four-step process for project closure. There are five groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Resource Managers', 'Project Managers', 'PMO', and 'Governance Layer'. The first steps are 'Complete project' which involves 'Project Managers', and 'Terminate low value projects' which involves 'PMO' and 'Governance layer'. Step 2 is 'Validate project closure' which involves 'Project Managers' and 'PMO', with a note that reads 'This includes facilitating the project sponsor sign-off, accepting and archiving lessons learned documents, etc.' The third steps are 'Conduct post-project work' which involves 'Project Managers' and 'PMO', and 'Update resource availability' which includes 'Resource Managers'. Step 4 is 'Conduct post-implementation review' which involves all groups.

    Info-Tech Best Practice

    Post-implementation review checks which benefits (including those set out in the business case) have been achieved and identifies opportunities for further improvement. Without it, it can be difficult to demonstrate that investment in a project was worthwhile.

    Determine your project closure process capability level

    Associated Activity icon 2.2.2a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Project closure capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Business Analysts

    Kick-off the discussion about the project closure process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedProject closure is centrally managed and supports post-project benefits tracking.
    Capability Level 4: AlignedProject closure is centrally managed at the portfolio level to ensure completion/acceptance criteria are satisfied.
    Capability Level 3: EngagedProject closure is confirmed at the portfolio level, but with minimal enforcement of satisfaction of completion/acceptance criteria.
    Capability Level 2: EncouragedProject managers often follow handoff and closure procedures, but project closure is not confirmed or governed at the portfolio level.
    Capability Level 1: UnmanagedProject closure is not governed at either the project or portfolio level.

    Benchmark the current project closure process against strategy-aligned goals

    Associated Activity icon 2.2.2b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the project closure process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Conduct reprioritization of projects at a regular cadence
    • Prune projects every year
    • Waive post-implementation review for time-constrained projects
    • Collect project post-mortem reports and curate in PMO SharePoint

    Set near- and long-term action items for the project closure process

    Associated Activity icon 2.2.2c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Begin establishing project closure criteria in the project initiation process.
    • Manage and document scope changes throughout the project.
    For example:
    • Institute a formal process to ensure that all projects are closed at the portfolio level and properly handed off to support and maintenance teams.

    Review and customize slide 32, “Project closure: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the project closure process at a target state

    Associated Activity icon 2.2.2d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: project closure
      Complete or terminate projects –› Validate project closure –› Conduct post-project work –› Conduct post-implementation review


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      Input What information do you need to perform the work?
      Output What artifacts/deliverables are produced as a result?
      Frequency/Timing How often, and when, will the work be performed?
      Responsibility Who will perform the work?
      Accountability Who will approve the work and assume the ownership of any decisions?


    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new project closure process

    Associated Activity icon 2.2.2e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new project closure process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Updated project closure checklist.
    • Project value review meeting process document.
    • Post-implementation review process document.

    Info-Tech has several research notes that elaborate on aspects of project closure. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s research notes on project closure:

    • The Importance of Conducting a Post Implementation Review
    • Five Key Steps to Mastering Project Closure
    • ‘Governance’ Will Kill Your Projects

    Review and customize slide 33, “Project closure: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Validate the time and effort spent on projects with a benefits realization process

    Maximizing benefits from projects is the primary goal of PPM. Tracking and reporting on benefits post-project closes the loop on benefits.

    Questions

    • How do validate the project benefits from the original business case?
    • How do we track the benefits?
    • Who reports it? When?

    Benefits

    • Maximize benefits realization by identifying and addressing unforeseen issues or limitations to success.
    • Improve project approval and prioritization by improving validity of the business case definition process.

    Challenges

    • Project sponsors need to be willing to invest time – months and years post-project completion – to validate benefits realization.
    • Portfolio management needs to proactively work with sponsors to facilitate benefits tracking.
    • Business cases need to be well developed and documented to reflect real anticipated benefits.

    Too many projects fail to achieve the originally proposed benefits, and too few organizations are able to identify and address the root causes of those shortfalls.

    Info-Tech Insight

    In reality, benefits realization process extends across the entire project life cycle: during intake, during the execution of the project, and after project completion. Be mindful of this extended scope when you discuss benefits realization in the following activity.

    Keep project benefits front and center with a repeatable benefits realization process

    Info-Tech recommends following a four-step process for benefits realization.

    A diagram of Info-Tech's four-step process for benefits realization. There are four groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Business Analysts', 'Project Managers', 'PMO', and 'Governance Layer'. The first step is 'Quantify and validate benefits in business case' which happens 'Before Project' and involves 'Business Analysts' and 'Project Managers'. Step 2 is 'Update projected project benefits' which happens 'During Project' and involves 'Project Managers' and 'PMO'. Step 3 is 'Hand-off benefits realization ownership' which happens at the end of project and involves 'Project Managers', 'PMO' and 'Governance layer'. Step 4 is 'Monitor and report on benefits' which happens 'After Project' and involves 'PMO' and 'Governance layer'.

    Info-Tech Insight

    At the heart of benefits realization is accountability: who is held accountable for projects that don’t realize the benefits and how? Without the buy-in from the entire executive layer team, addressing this issue is very difficult.

    Determine your benefits realization process capability level

    Associated Activity icon 2.2.3a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: benefits realization capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Kick-off the discussion about the benefits realization process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedProject sponsors and key stakeholders are accountable for stated project benefits before, during and after the project. There is a process to maximize the realization of project benefits.
    Capability Level 4: AlignedProject benefits are forecasted and taken into account for approval, updated when changes are made to the project, and monitored/reported after projects are completed.
    Capability Level 3: EngagedProject benefits are forecasted and taken into account for approval, and there is a loosely defined process to report on benefits realization.
    Capability Level 2: DefinedProject benefits are forecasted and taken into account for approval, but there is no process to monitor whether the said benefits are realized.
    Capability Level 1: UnmanagedProjects are approved and initiated without discussing benefits.

    Benchmark the current benefits realization process against strategy-aligned goals

    Associated Activity icon 2.2.3b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the benefits realization process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    StartStopContinue
    • Require “hard monetary value” in business benefits
    • Send project updates before resource management meetings

    Set near- and long-term action items for the benefits realization process

    Associated Activity icon 2.2.3c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Create an “orientation for project sponsors” document.
    • Encourage project managers to re-validate project benefits on an ongoing basis and report any deviation.
    For example:
    • Recruit the finance department’s help in benefits tracking.
    • Require Finance’s sign-off on project benefits in business cases during intake.

    Review and customize slide 35, “Benefits realization: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the benefits realization process at a target state

    Associated Activity icon 2.2.3d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: benefits realization
      Validate benefits in business case –› Update project benefits during execution –› Hand-off benefits ownership –› Monitor and report on benefits


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      InputWhat information do you need to perform the work?
      OutputWhat artifacts/deliverables are produced as a result?
      Frequency/TimingHow often, and when, will the work be performed?
      ResponsibilityWho will perform the work?
      AccountabilityWho will approve the work and assume the ownership of any decisions?

    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new benefits realization process

    Associated Activity icon 2.2.3e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new benefits realization process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Updated business plan templates.
    • Communication plan for project sponsors.

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Establish the Benefits Realization Process blueprint.

    Review and customize slide 36, “Benefits realization: target state,” in Info-Tech’s PPM Strategic Plan Template.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Barry Cousins.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of activity 2.1.1 'Align your project intake, prioritization, and approval process to the PPM strategy'. Align your project intake, prioritization, and approval process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Sample of activity 2.1.2 'Align your resource management process to the PPM strategy'. Align your resource management process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Sample of activity 2.2.1 'Align your portfolio reporting process to the PPM strategy'.Align your portfolio reporting process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Sample of activity 2.2.2 'Align your project closure process to the PPM strategy'.Align your project closure process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Sample of activity 2.2.3 'Align your benefits realization process to the PPM strategy'.Align your benefits realization process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Develop a Project Portfolio Management Strategy

    PHASE 3

    Complete Your PPM Strategic Plan

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Complete your PPM strategic plan

    Proposed Time to Completion: 2 weeks
    Step 3.1: Select a right-sized PPM solutionStep 3.2: Finalize your PPM Strategic Plan Template
    Work with an analyst to:
    • Assess your PPM tool requirements to help support your processes.
    Review findings with analyst:
    • Determine the costs and potential benefits of your PPM strategy.
    Then complete these activities…
    • Determine the functionality requirements of the PPM solution.
    • Estimate your PPM tool budget.
    • Review the tool assessment.
    Then complete these activities…
    • Estimate the total cost-in-use of managing the project portfolio.
    • Estimate the benefits of the PPM strategy.
    • Refine and consolidate the near-term action items into a cohesive implementation plan.
    With these tools & templates:
    • PPM Strategy Development Tool
    With these tools & templates:
    • PPM Strategy Development Tool
    • PPM Strategic Plan Template

    Phase 3 Insight:

    • Approach PPM as an evolving discipline that requires adaptability and long-term organizational change. Near-term process improvements should create stakeholder desire for better portfolio visibility and agility over the long term.

    Step 3.1: Select a right-sized PPM solution for supporting your new processes

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine the functionality requirements of a PPM solution in the near and long terms.
    • Estimate your PPM tool budget.
    • Review tool assessment.

    This step involves the following participants:

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • IT Managers

    Outcomes of this step

    • List of functional requirements for a PPM solution
    • An estimate budget and cost for supporting a PPM tool in the near and long terms
    • PPM tool requirements for the near and long terms

    Right-size your PPM solution/tool to fit your PPM processes

    Avoid a common pitfall: the disconnect between PPM processes and PPM tools.

    PPM tools act as both a receptacle for portfolio data generated by your processes and a source of portfolio data to drive your processes forward. Therefore, choosing a suitable PPM tool is critical to the success of your PPM strategy:

    • PPM tool inputs must match the type, level of detail, and amount of portfolio data generated by your PPM processes.
    • PPM tool outputs must be useful, insightful, easy to access, and easy to understand for people who engage in your PPM processes.

    User adoption is an often cited cause of failed PPM tool implementation:

    "The biggest problem is getting the team to work with the tool. We need to make sure that we’re not wasting time delving too far down into the tool, yet putting enough information to get useful information back." (IT Director, Financial Services)

    This final step of the blueprint will discuss the choice of PPM tools to ensure the success of PPM strategy by avoiding the process-tool disconnect.

    Common pitfalls for PPM tools

    • Purchasing and implementing a PPM tool before the process is defined and accepted.
    • Poor expectation setting: inability of tools to perform the necessary analysis.
    • Underleveraged: low user/process adoption.
    • Poor integration with the corporate finance function.
    • (WGroup, 2017)

    Leverage PPM tools to get the information you need

    An optimized PPM solution is the vehicle that provides decision makers with four key pieces of information they require when making decisions for your project portfolio:

    • Historical Insight – inform decision makers about how much time and resources have been spent to date, and benchmark the accuracy of prior project estimates and resource allocations.
    • Forecasting – provide a trustworthy estimate of demand on resources and current projects.
    • Portfolio Analytics – analyze portfolio data and generate easy-to-consume reports that provide answers to questions such as:
      • How big is our overall portfolio?
      • How much money/resource time is available?
      • How efficiently are we using our resources?
    • Project Visibility – provide a trustworthy report on the status of current projects and the resources working on them.

    Info-Tech Insight

    Without the proper information, decision makers are driving blind and are forced to make gut feel decisions as opposed to data-informed decisions. Implement a PPM solution to allocate projects properly and ensure time and money don’t vanish without being accounted for.

    Commercial PPM tools have more functionality but are more costly, complex, and difficult to adopt

    • Granular timesheet management
    • Workflow and team collaboration
    • Robust data and application integration
    • Advanced what-if planning
    • Mobile usability
    A map comparing commercial PPM tools by 'Functionality', 'Cost', and 'Difficulty to implement/adopt'. 'Functionality' and 'Difficulty to implement/adopt' share an axis and can be assumed to have a linear relationship. 'Spreadsheets' are low functionality and low cost. 'Google Sites' are low to middling functionality and low cost. 'SharePoint' is middling functionality with a slightly higher cost. The next three start at middling cost and above-average functionality and trend higher in both categories: 'Commercial Entry-Level PPM', 'Commercial Mid-Market PPM', and 'Commercial Enterprise PPM'.
    • Business case scoring and prioritization
    • Multi-user reporting and request portal
    • High-level resource management
    • Project status, cost, and risk tracking

    "Price tags [for PPM tools] vary considerably. Expensive products don't always provide more capability. Inexpensive products are generally low cost for good reason." (Merkhofer)

    Your PPM tool options are not limited to commercial offerings

    Despite the rapid growth in the commercial PPM tool market today, homegrown approaches like spreadsheets and intranet sites continue to be used as PPM tools.

    Kinds of PPM solutions used by Info-Tech clients

    A pie chart visualizing the kinds of PPM solutions that are used by Info-Tech clients. There are three sections, the largest of which is 'Spreadsheet-based, 46%', then 'Commercial, 33%', then 'No solution, 21%'. (Source: Info-Tech Research Group (2016), N=433)

    Category

    Characteristics

    PPM maturity

    Enterprise tool
    • Higher professional services requirements for enterprise deployment
    • Larger reference customers
    High
    Mid-market tool
    • Lower expectation of professional services engaged in initial deployment contract
    • Fewer globally recognizable reference clients
    • Faster deployments
    High
    Entry-level tool
    • Lower cost than mid-market & enterprise PPM tools
    • Limited configurability, reporting, and resource management functionalities
    • Compelling solutions to the organizations that wants to get a fast start to a trial deployment
    Intermediate
    Spreadsheet based
    • Little/no up-front cost, highly customizable to suit your organization’s needs
    • Varying degrees of sophistication
    • Few people in the organization may understand the logic behind the tool; knowledge may not be easily transferrable
    Intermediate Low

    Determine the functional requirements of the PPM solution

    Associated Activity icon 3.1.1 – 20 minutes

    INPUT: PPM strategic plan

    OUTPUT: Modified PPM strategic plan with a proposed choice of PPM tool

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, IT Managers

    Use the Tool Assessment tab (tab 4) of Info-Tech’s PPM Strategy Development Tool to rate and analyze functional requirements of your PPM solution.

    • Review the list of PPM features provided on column B of tab 4. You can add any desired features not listed.
    • Rate your near-term and long-term feature requirements using the drop-down menus in columns C and D. Your selections here will inform the tool selection bubble chart to the right of the features list.

    Screenshot showing the features list on tab 4 of the PPM Strategy Development Tool.

    Estimate your PPM tool budget

    Associated Activity icon 3.1.2 – 20 minutes

    INPUT: PPM strategic plan

    OUTPUT: Modified PPM strategic plan with a proposed choice of PPM tool

    Materials: PPM Strategy Development Tool

    Participants: CIO, PMO Director/ Portfolio Manager, Project Managers, IT Managers

    Enter the PPM tool budget information on the Tool Assessment tab of Info-Tech’s PPM Strategy Development Tool.

    • As a starting point, it can help to know that low-priced PPM tools cost around $1,000 per user per year. High-priced PPM tools cost around $3,000 per user per year.
    • Software-as-a-Service (SaaS)-based pricing for PPM solutions is increasingly popular. If you plan to purchase perpetual licensing, divide the total implementation and licensing cost by three years to be comparable with a three-year SaaS total cost of ownership analysis.

    Screenshot showing the tool assessment from the PPM Strategy Development Tool with 'Near-Term' and 'Long-Term' budget columns. Notes include 'Enter the number of fully licensed PPM users you expect to provision for and your estimated annual budget for a PPM tool', 'The tool assessment automatically calculates your annual budget per user, which is reflected in the bubble chart analysis (see next slide)'.

    Review the tool assessment graphic

    Associated Activity icon 3.1.3 – 20 minutes

    The map comparing commercial PPM tools from before, this time overlaid with 'Near-Term' and 'Long-Term' budgets as coloured circles. The vertical axis is 'Functionality Rating' and the horizontal axis is now 'Annual Cost/Budget per User'. 'Spreadsheets' are low functionality and low cost. 'Google Sites' are low to middling functionality and low cost. 'SharePoint' is middling functionality with a slightly higher cost. The 'Near-Term' budget circle covers those three tools. The next three start at middling cost and above-average functionality and trend higher in both categories: 'Commercial Entry-Level PPM', 'Commercial Mid-Market PPM', and 'Commercial Enterprise PPM'. The 'Long-Term' budget circle covers 'Commercial Mid-Market PPM'.

    If you are in one of the non-covered areas, consider revisiting your functional requirements and PPM strategy. You may need to lessen your expectations to be able to stay within your budget, or find a way to get more money.

    Keep in mind that the long-term goal can be to work towards a commercial tool, while the short-term goal would be to be able to maintain your portfolio in a simple spreadsheet first.

    Info-Tech Insight

    If you choose a commercial solution, you will need to gain executive buy-in in order to implement the tool; proceed to near-term and long-term plans to get the ball rolling on this decision.

    Review and customize slide 37, “Tools for PPM: proposed near- and long-term solutions,” in Info-Tech’s PPM Strategic Plan Template.

    Grow your own, or select and implement, a PPM solution with Info-Tech

    Whether you choose spreadsheet-based or commercially available PPM solutions, use Info-Tech’s research for scoping, designing, and implementing them.

    Info-Tech’s Grow Your Own PPM Solution blueprint will help you implement a highly evolved spreadsheet-based PPM solution. It features the Portfolio Manager 2017, a Microsoft Excel-based workbook that leverages its business intelligence features to provide a basis for implementing a scalable, highly customizable PPM tool with useful and easy-to-manipulate analytics.

    Read Info-Tech’s Grow Your Own PPM Solution blueprint.

    Info-Tech’s Select and Implement a PPM Solution blueprint is part of our Vendor Landscape research. Make sense of the diversity of PPM solutions available in today’s market, and choose the most appropriate solutions for your organization’s size and level of PPM maturity.

    Read Info-Tech’s Select and Implement a PPM Solution blueprint.

    A right-sized PPM strategy leads to a right-sized portfolio management tool based on Info-Tech’s template

    CASE STUDY

    Industry: Energy
    Source: Info-Tech Client

    “The approach makes it easy to run the portfolio without taking time away from the project themselves.” (IT Manager, Energy Resources Firm)

    Situation

    • A small IT department struggled with balancing project work with ongoing operational management and support work.
    • The department includes experienced and successful project managers and a mature, skilled team.
    • However, the nature of the department’s role has evolved to the point where the project and operational work demands have exceeded the available time.
    • Prioritization needed to become more centralized and formalized while management control of the work assignments became increasingly decentralized.

    Complication

    • Agile projects offer clear advantages by lightening the requirement for proactive planning. However, getting the staff to adapt would be challenging because of the overall workload and competing priorities.
    • Some of the team’s time needed to be carefully tracked and reported for time & materials-based billing, but the time sheet system was unsuited to their portfolio management needs.
    • Commercial PPM systems were ruled out because strict task management seemed unlikely to gain adoption.

    Resolution

    • The team deployed Info-Tech’s Project Portfolio Workbook, based on a Microsoft Excel template, and the Grow Your Own PPM Solution blueprint.
    • For the first time, executive leadership was given a 12-month forecast of resource capacity based on existing and pending project commitments. The data behind the capacity forecast was based on allocating people to projects with a percentage of their time for each calendar month.
    • The data behind the forecast is high level but easily maintainable.

    Step 3.2: Finalize customizing your PPM Strategic Plan Template

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine the costs of support your PPM strategic plan.
    • Estimate some of the benefits of your PPM strategic plan.
    • Perform a cost-benefit analysis.
    • Refine and consolidate the near-term action items into a cohesive plan.

    This step involves the following participants:

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • IT Managers

    Outcomes of this step

    • A cost/benefit analyst
    • An implementation action plan
    • A finalized PPM Strategic Plan Template

    Estimate the total cost-in-use of managing the project portfolio

    Supporting Tool icon 3.2.1 – PPM Strategy Development Tool, Tab 5: Costing Summary

    The time cost of PPM processes (tab 3) and PPM tool costs (tab 4) are summarized in this tab. Enter additional data to estimate the total PPM cost-in-use: the setup information and the current cost of PPM software tools.

    Screenshot of the PPM Strategy Development Tool, Tab 5: Costing Summary. Notes include 'If unknown, the overall HR budget of your project portfolio can be estimated as: (# FTEs) * (fully-loaded FTE cost per hour) * 1800', 'This is your total PPM cost-in-use'.

    Estimate the benefits of managing the project portfolio

    Supporting Tool icon 3.2.2 – PPM Strategy Development Tool, Tab 6: Benefits Assumptions

    The benefits of PPM processes are estimated by projecting the sources of waste on your resource capacity.

    1. Estimate the current extent of waste on your resource capacity. If you have completed Info-Tech’s PPM Current Score Scorecard, enter the data from the report.
    2. Screenshot of a Waste Assessment pie chart from the PPM Strategy Development Tool, Tab 6: Benefits Assumptions.
    3. Given your near- and long-term action items for improving PPM processes, estimate how each source of waste on your resource capacity will change.
    4. Screenshot of a Waste Assessment table titled 'These inputs represent the percentage of your overall portfolio budget that is wasted in each scenario' from the PPM Strategy Development Tool, Tab 6: Benefits Assumptions.

    Review the cost-benefit analysis results and update the PPM Strategic Plan Template

    Supporting Tool icon 3.2.3 – PPM Strategy Development Tool, Tab 7: Conclusion Screenshot of a 'PPM Strategy Cost-Benefit Analysis' from the PPM Strategy Development Tool, Tab 7: Conclusion. It has tables on top and bar charts underneath.

    This tab summarizes the costs and benefits of your PPM strategic plan.

    • Costs are estimated from wasted project capacity and time spent on PPM process work.
    • Benefits are estimated from the project capacity to be reclaimed as a result of improvements in PPM.
    • Return on investment is calculated by dividing the value of project capacity to be reclaimed by investment in PPM in addition to the current-state cost.

    Capture this summary in your PPM strategic plan.

    Customize slides 40 and 41, “Return on PPM investment,” in Info-Tech’s PPM Strategic Plan Template.

    Determine who will be responsible for coordinating the flow, collection, and reporting of portfolio data

    Supporting Tool icon 3.2.3 – Project Portfolio/PMO Analyst Job Description

    You will need to determine responsibilities and accountabilities for portfolio management functions within your team.

    If you do not have a clearly identifiable portfolio manager at this time, you will need to clarify who will wear which hats in terms of facilitating intake and prioritization, high-level capacity awareness, and portfolio reporting.

    • Use Info-Tech’s Project Portfolio Analyst Job Description Template to help clarify some of the required responsibilities to support your PPM strategy.
      • If you need to bring in an additional staff member to help support the strategy, you can customize the job description template to help advertise the position. Simply edit the text in grey within the template.
    • If you have other PPM tasks that you need to define responsibilities for, you can use the RASCI chart on the final tab of the PPM Strategy Develop Tool.

    Download Info-Tech’s Project Portfolio Analyst Job Description Template.

    Sample of Info-Tech's Project Portfolio Analyst Job Description Template.

    Refine and consolidate the near-term action items into a cohesive plan

    Associated Activity icon 3.2.4 – 30 minutes

    INPUT: Near-term action items

    OUTPUT: Near-term action plan

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Collect the near-term action items for each of the five PPM processes and arrange them into a table that outlines the near-term action plan. Once it is compiled, adjust the timeline and responsibility so that the plan is coherent and realistic as a whole.

    Example:

    Outcome

    Action required

    Timeline

    Responsibility

    Determine the percentage distribution of project vs. non-project work Run a time audit survey with all project resources 2 weeks Resource managers
    Test a simple dashboard for project status Pilot Info-Tech’s Portfolio Manager 2017 workbook 2 weeks PMO Director

    "There is a huge risk of taking on too much too soon, especially with the introduction of specific tools and tool sets. There is also an element of risk involved that can lead to failure and disappointment with PPM if these tools are not properly introduced and supported." (Jim Carse, Director of the Portfolio Office, Queen’s University)

    Review and customize slide 43, “Summary of near-term action plan,” in Info-Tech’s PPM Strategic Plan Template.

    Finalize and publish your PPM strategic plan

    Table of Contents

    Read over the document to ensure its completeness and consistency.

    At this point, you have a PPM strategic plan that is actionable and realistic, which addresses the goals set by the senior leadership.

    The executive brief establishes the need for PPM strategy, the goals and metrics are set by members of the senior leadership that gave the initial buy-in, and the target states of PPM processes that meet those goals are described. Finally, the costs and benefits of the improved PPM practice are laid out in a way that can be validated.

    The next step for your PPM strategy is to use this document as a foundation for implementing and operationalizing the target-state PPM processes.

    Review and publish the document for your executive layer and key project stakeholders. Solicit their feedback.

    Info-Tech has a library of blueprints that will guide you through each of the five processes. Contact your Info-Tech account manager or Info-Tech analyst to get started.

    • Project Portfolio Management Strategy
      • Strategic Expectations
      • Overview
    • Leadership Mandate
    • Project Demand and Resource Supply
    • The Current State of Resource Utilization
    • PPM Processes
      • Project intake, prioritization, and approval
      • Resource management
      • Portfolio reporting
      • Project closure
      • Benefits realization
      • Tools for PPM
    • The Economic Impact of PPM
    • PPM Strategy Next Steps

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Barry Cousins.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of activity 3.1 'Scope the right-sized PPM solution for your PPM strategy'. Scope the right-sized PPM solution for your PPM strategy

    Use the PPM Strategy Development Tool to quickly determine our near- and long-term recommendation for your PPM solution.

    Sample of activity 3.2 'Conduct a cost-benefit analysis of your PPM strategic plan'. Conduct a cost-benefit analysis of your PPM strategic plan

    Using the time cost estimates of each process and the requirement for a PPM tool, Info-Tech helps you quantify the overhead costs of PPM and estimate the monetary benefits of reclaimed project capacity for your project portfolio.

    Insight breakdown

    Insight 1

    • Executive layer buy-in is a critical prerequisite for the success of a top-down PPM strategy. Ensure your executives are on board before preceding to implement your PPM strategy.

    Insight 2

    • The means of project and portfolio management (i.e. processes) shouldn’t eclipse the ends – strategic goals. Root your process in your PPM strategic goals to realize PPM benefits (e.g. optimized portfolio value, improved project throughput, increased stakeholder satisfaction).

    Insight 3

    • Without the proper information, decision makers are driving blind and are forced to make gut-feel decisions as opposed to data-informed decisions. Implement a PPM solution to allocate projects properly and ensure time and money don’t vanish without being accounted for.

    Summary of accomplishment

    Knowledge Gained

    • Info-Tech’s thought model on PPM processes that create an infrastructure around projects
    • Your current state of project portfolio: project capacity vs. project demand
    • Importance of gaining executive buy-in for installing the PPM practice

    Processes Optimized

    • Project intake, prioritization, and approval process
    • Resource management process
    • Portfolio reporting process
    • Project closure process
    • Benefits realization process

    Deliverables Completed

    • Choice of PPM strategy and the leadership mandate
    • Analysis of current project capacity and demand
    • PPM process goals and metrics, aligned to meet PPM strategic expectations
    • PPM process capability levels
    • Retrospective examination of current state, near/long-term action items for improvement, and high-level descriptions of the five PPM processes
    • Recommendation of PPM tools to support the processes
    • Estimate of PPM overhead costs
    • Cost-benefit analysis of PPM practice
    • PPM strategic plan

    Related Info-Tech Research

    • Develop a Project Portfolio Management Strategy
    • Grow Your Own PPM Solution
    • Optimize Project Intake, Approval, and Prioritization
    • Develop a Resource Management Strategy for the New Reality
    • Manage a Minimum-Viable PMO
    • Establish the Benefits Realization Process
    • Manage an Agile Portfolio
    • Establish the Benefits Realization Process
    • Project Portfolio Management Diagnostic Program
      The Project Portfolio Management Diagnostic Program is a low-effort, high-impact program designed to help project owners assess and improve their PPM practices. Gather and report on all aspects of your PPM environment in order to understand where you stand and how you can improve.

    Research contributors and experts

    Photo of Kiron D. Bondale PMP, PMI-RMP, CDAP, CDAI, Senior Project Portfolio Management Professional Kiron D. Bondale PMP, PMI-RMP, CDAP, CDAI
    Senior Project Portfolio Management Professional

    Kiron has worked in the project management domain for more than fifteen years managing multiple projects, leading Project Management Offices (PMO) and providing project portfolio management consulting services to over a hundred clients across multiple industries. He has been an active member of the Project Management Institute (PMI) since 1999 and served as a volunteer director on the Board of the PMI Lakeshore Chapter for six years. Kiron has published articles on project and project portfolio management in multiple journals and has delivered over a hundred webinar presentations on a variety of PPM and PM topics and has presented at multiple industry conferences. Since 2009, Kiron has been blogging on a weekly basis on project management topics and responds to questions daily in the LinkedIn PMI Project, Program and Portfolio Management discussion group.

    Photo of Shaun Cahill, Project Manager, Queen’s University Shaun Cahill, Project Manager &
    Jim Carse, Director of the Project Portfolio Office
    Queen’s University

    Research contributors and experts

    Photo of Amy Fowler Stadler, Managing Partner, Lewis Fowler Amy Fowler Stadler, Managing Partner
    Lewis Fowler

    Amy has more than 20 years of experience in business and technology, most recently owning her own management consulting firm since 2002, focused on business transformation, technology enablement, and operational improvement. Prior to that, she was at CenturyLink (formerly Qwest) as an IT Director, Perot Systems in various roles, and Information Handling Services, Inc. as a Software Development Product Manager.

    Amy holds a bachelor’s degree in Computer Science with a minor in Business Communications and is also a 2015 Hall of Fame inductee to Illinois State University College of Applied Science and Technology.

    Photo of Rick Morris, President, R2 Consulting LLC Rick Morris, President
    R2 Consulting LLC

    Rick A. Morris, PMP, is a certified Scrum Agile Master, Human Behavior Consultant, best-selling author, mentor, and evangelist for project management. Rick is an accomplished project manager and public speaker. His appetite for knowledge and passion for the profession makes him an internationally sought after speaker delivering keynote presentations for large conferences and PMI events around the world. He holds the PMP (Project Management Professional), MPM (Masters of Project Management), Scrum Agile Master, OPM3, Six Sigma Green Belt, MCITP, MCTS, MCSE, TQM, ATM-S, ITIL, and ISO certifications, and is a John Maxwell Certified Speaker, Mentor, and Coach. Rick is the Owner of R2 Consulting, LLC and has worked for organizations such as GE, Xerox, and CA, and has consulted with numerous clients in a wide variety of industries including financial services, entertainment, construction, non-profit, hospitality, pharmaceutical, retail, and manufacturing.

    Research contributors and experts

    Photo of Terry Lee Ricci PgMP, PfMP, PMP, PPM Practice Lead, IAG Consulting Terry Lee Ricci PgMP, PfMP, PMP, PPM Practice Lead
    IAG Consulting

    Terry is passionate and highly skilled at PMO transformation, developing high-performing teams that sustain long-term business results. Terry has a reputation built upon integrity, resourcefulness, and respect. She has the vision to implement long and short-term strategies, meeting both current and evolving business needs.

    Change Management/Business transformation: Terry has extensive background in PMO strategy development aligned to corporate goals. Many years in the PMO organization integration/transformation building or overhauling programs and processes.

    Governance: Terry loves to monitor and measure performance and outcomes and uses her collaborative style to successfully bring simplicity to complexity (technology – people – process). Performance optimization results are easy to use and clearly define who is doing what across functions. End results consistently align to business strategy while mitigating risks effectively.

    Comprehensive: A “through the ranks” executive with a comprehensive understanding of PMO operations, high-performance teams, and the respective business units they support.

    Photo of Alana Ruckstuhl MSc, IT Project Officer, Federal Economic Development Agency for Southern Ontario Alana Ruckstuhl MSc, IT Project Officer
    Federal Economic Development Agency for Southern Ontario

    Research contributors and experts

    Photo of Jay Wardle, Director of the PMO, Red Wing Shoes Co. Jay Wardle, Director of the PMO
    Red Wing Shoes Co.
    Photo of Bob White, Vice President/Chief Information Officer, ALM Holding Company Bob White, Vice President/Chief Information Officer
    ALM Holding Company

    As vice president and chief information officer for ALM Holding Company, Bob White directs all technology activity and support for three main verticals: road construction, energy management, and delivery and transportation. He has been with ALM Holding Company for one and a half years, focusing on PPM process improvement, cybersecurity initiatives, and IT service management.

    Prior to joining ALM, Bob was executive vice president/chief information officer at Ashley Furniture Industries, Inc. where he led the strategic direction, implementation, and management of information technology throughout the company’s global operations. Bob has also held VP/CIO positions at the Stride Rite Corporation and Timex Corporation.

    Bob holds a Master’s degree in Operations Management from the University of Arkansas and a Bachelor of Science degree in Industrial Engineering from Southern Illinois University.

    Bibliography

    Bersin, Josh. “Time to Scrap Performance Appraisals?” Forbes Magazine, 5 June 2013. Web. 30 Oct 2013.

    Cheese, Peter et al. “Creating an Agile Organization.” Accenture, Oct. 2009. Web. Nov. 2013.

    Croxon, Bruce et al. “Dinner Series: Performance Management with Bruce Croxon from CBC's 'Dragon's Den'” HRPA Toronto Chapter. Sheraton Hotel, Toronto, ON. 12 Nov. 2013. Panel discussion.

    Culbert, Samuel. “10 Reasons to Get Rid of Performance Reviews.” Huffington Post Business, 18 Dec. 2012. Web. 28 Oct. 2013.

    Denning, Steve. “The Case Against Agile: Ten Perennial Management Objections.” Forbes Magazine, 17 Apr. 2012. Web. Nov. 2013.

    Estis, Ryan. “Blowing up the Performance Review: Interview with Adobe’s Donna Morris.” Ryan Estis & Associates, 17 June 2013. Web. Oct. 2013.

    Gallup, Inc. “Gallup Study: Engaged Employees Inspire Company Innovation.” Gallup Management Journal, 12 Oct. 2006. Web. 12 Jan 2012.

    Gartside, David et al. “Trends Reshaping the Future of HR.” Accenture, 2013. Web. 5 Nov. 2013.

    KeyedIn Solutions. “Why PPM and PMOs Fail.” KeyedIn Projects, 2013. Ebook.

    Lessing, Lawrence. Free Culture. Lulu Press Inc.: 30 July 2016.

    Merkhofer, Lee. “Keys to Implementing Project Portfolio Management.” Lee Merkhofer Consulting, 2017.

    Perry, Mark Price. Business Driven Project Portfolio Management. J Ross Pub: 17 May 2011.

    Project Management Institute. “Pulse of the Profession 2015: Capturing the Value of Project Management.” PMI, Feb. 2015. Web.

    Project Management Institute. “Pulse of the Profession 2016: The High Cost of Low Performance.” PMI, 2016. Web.

    Project Management Institute. “Pulse of the Profession 2017: Success Rates Rise.” PMI, 2017. Web.

    Project Management Institute. The Standard for Portfolio Management – Third Edition. PMI: 1 Dec. 2012.

    WGroup. “Common Pitfalls in Project Portfolio Management – Part 2.” WGroup, 24 Jan. 2017. Web.

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    Pandemic Preparation – The People Playbook

    • Buy Link or Shortcode: {j2store}513|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Keeping employees safe – limiting exposure of employees to the virus and supporting them in the event they become ill.
    • Reducing potential disruption to business operations through employee absenteeism and travel restrictions.

    Our Advice

    Critical Insight

    • Communication of facts and definitive action plans from credible leaders is the key to maintaining some stability during a time of uncertainty.
    • Remote work is no longer a remote possibility – implementing alternative temporary work arrangements that keep large groups of employees from congregating reduce risk of employee exposure and operational downtime.
    • Pandemic travel protocols are necessary to support staff and their continuation of work while traveling for business and/or if stuck in a high-risk, restricted area.

    Impact and Result

    • Assign accountability of key planning decisions to members of a pandemic response team.
    • Craft key messages in preparation for communicating to employees.
    • Cascade communications from credible sources in a way that will establish pandemic travel protocols.

    Pandemic Preparation – The People Playbook Research & Tools

    Start here. Read the Pandemic Preparation: The People Playbook

    Read our concise Playbook to find out how you can immediately prepare for the people side of pandemic planning.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Pandemic Preparation: The People Playbook
    [infographic]

    M&A Runbook for Infrastructure and Operations

    • Buy Link or Shortcode: {j2store}60|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • I&O is often the last to be informed of an impending M&A deal.
    • The business doesn’t understand the necessary requirements or timeline for integration.
    • It’s hard to prioritize when you’re buried under a mountain of work.
    • Documentation may be lacking or nonexistent, and members of the target organization may be uncooperative.

    Our Advice

    Critical Insight

    • Manage expectations. The business often expects integration in days or weeks, not months or years. You need to set them straight.
    • Open your checkbook and prepare to hire. Integration will require a temporary increase in resources.
    • Tackle organizational and cultural change. People are harder to integrate than technology. Culture change is the hardest part, and the integration plan should address it.

    Impact and Result

    • Tailor your approach based on the business objectives of the merger or acquisition.
    • Separate the must-haves from the nice-to-haves.
    • Ensure adequate personnel and budget.
    • Plan for the integration into normal operations.

    M&A Runbook for Infrastructure and Operations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to partner with the business to conquer the challenges in your next merger or acquisition.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish goals

    Partner with the business to determine goals and establish high-level scope.

    • M&A Runbook for Infrastructure and Operations – Phase 1: Establish Goals
    • I&O M&A Project Napkin

    2. Conduct discovery

    Find out what the target organization’s I&O looks like.

    • M&A Runbook for Infrastructure and Operations – Phase 2: Conduct Discovery
    • I&O M&A Discovery Letter Template
    • I&O M&A Discovery Template
    • I&O M&A Workbook
    • I&O M&A Risk Assessment Tool

    3. Plan short-term integration

    Build a plan to achieve a day 1 MVP.

    • M&A Runbook for Infrastructure and Operations – Phase 3: Plan Short-Term Integration
    • I&O M&A Short-Term Integration Capacity Assessment Tool

    4. Map long-term integration

    Chart a roadmap for long-term integration.

    • M&A Runbook for Infrastructure and Operations – Phase 4: Map Long-Term Integration
    • I&O M&A Long-Term Integration Portfolio Planning Tool
    [infographic]

    Workshop: M&A Runbook for Infrastructure and Operations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 High-Level Scope

    The Purpose

    Establish goals and conduct discovery.

    Key Benefits Achieved

    Alignment with business goals

    Documentation of target organization’s current state

    Activities

    0.1 Consult with stakeholders.

    0.2 Establish M&A business goals.

    0.3 Conduct target discovery.

    0.4 Document own environment.

    0.5 Clarify goals.

    Outputs

    Stakeholder communication plan

    M&A business goals

    I&O M&A Discovery Template

    Current state of organization

    2 Target Assessment

    The Purpose

    Assess risk and value of target organization.

    Key Benefits Achieved

    Accurate scope of I&O integration

    Risk mitigation plans

    Value realization strategies

    Activities

    1.1 Scope I&O M&A project.

    1.2 Assess risks.

    1.3 Assess value.

    Outputs

    I&O M&A Project Napkin

    Risk assessment

    Value assessment

    3 Day 1 Integration Project Plan

    The Purpose

    Establish day 1 integration project plan.

    Key Benefits Achieved

    Smoother day 1 integration

    Activities

    2.1 Determine Day 1 minimum viable operating model post M&A.

    2.2 Identify gaps.

    2.3 Build day 1 project plan.

    2.4 Estimate required resources.

    Outputs

    Day 1 project plan

    4 Long-Term Project Plan

    The Purpose

    Draw long-term integration roadmap.

    Key Benefits Achieved

    Improved alignment with M&A goals

    Greater realization of the deal’s value

    Activities

    3.1 Set long-term future state goals.

    3.2 Create a long-term project plan.

    3.3 Consult with business stakeholders on the long-term plan.

    Outputs

    Long-term integration project plan

    5 Change Management and Continual Improvement

    The Purpose

    Prepare for organization and culture change.

    Refine M&A I&O integration process.

    Key Benefits Achieved

    Smoother change management

    Improved M&A integration process

    Activities

    4.1 Complete a change management plan.

    4.2 Conduct a process post-mortem.

    Outputs

    Change management plan

    Process improvements action items

    Build a Strategy for Big Data Platforms

    • Buy Link or Shortcode: {j2store}203|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • The immaturity of the big data market means that organizations lack examples and best practices to follow, and they are often left trailblazing their own paths.
    • Experienced and knowledgeable big data professionals are limited and without creative resourcing; IT might struggle to fill big data positions.
    • The term NoSQL has become a catch-all phrase for big data technologies; however, the technologies falling under the umbrella of NoSQL are disparate and often misunderstood. Organizations are at risk of adopting incorrect technologies if they don’t take the time to learn the jargon.

    Our Advice

    Critical Insight

    • NoSQL plays a key role in the emergence of the big data market, but it has not made relational databases outdated. Successful big data strategies can be conducted using SQL, NoSQL, or a combination of the two.
    • Assign a Data Architect to oversee your initiative. Hire or dedicate someone who has the ability to develop both a short-term and long-term vision and that has hands-on experience with data management, mining and modeling. You will still need someone (like a database administrator) who understands the database, the schemas, and the structure.
    • Understand your data before you attempt to use it. Take a master data management approach to ensure there are rules and standards for managing your enterprise’s data, and take extra caution when integrating external sources.

    Impact and Result

    • Assess whether SQL, NoSQL, or a combination of both technologies will provide you with the appropriate capabilities to achieve your business objectives and gain value from your data.
    • Form a Big Data Team to bring together IT and the business in order to leave a successful initiative.
    • Conduct ongoing training with your personnel to ensure up-to-date skills and end-user understanding.
    • Frequently scan the big data market space to identify new technologies and opportunities to help optimize your big data strategy.

    Build a Strategy for Big Data Platforms Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a big data strategy

    Know where to start and where to focus attention in the implementation of a big data strategy.

    • Storyboard: Build a Strategy for Big Data Platforms

    2. Assess the appropriateness of big data technologies

    Decide the most correct tools to use in order to solve enterprise data management problems.

    • Big Data Diagnostic Tool

    3. Determine the TCO of a scale out implementation

    Compare the TCO of a SQL (scale up) with a NoSQL (scale out) deployment to determine whether NoSQL will save costs.

    • Scale Up vs. Scale Out TCO Tool
    [infographic]

    Cybersecurity Priorities in Times of Pandemic

    • Buy Link or Shortcode: {j2store}381|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Novel coronavirus 2019 (COVID-19) has thrown organizations around the globe into chaos as they attempt to continue operations while keeping employees safe.
    • IT needs to support business continuity – juggling available capacity and ensuring that services are available to end users – without clarity of duration, amid conditions that change daily, on a scale never seen before.
    • Security has never been more important than now. But…where to start? What are the top priorities? How do we support remote work while remaining secure?

    Our Advice

    Critical Insight

    • There is intense pressure to enable employees to work remotely, as soon as possible. IT is scrambling to enable access, source equipment to stage, and deploy products to employees, many of whom are unfamiliar with working from home.
    • There is either too much security to allow people to be productive or too little security to ensure that the organization remains protected and secure.
    • These events are unprecedented, and no plan currently exists to sufficiently maintain a viable security posture during this interim new normal.

    Impact and Result

    • Don’t start from scratch. Leverage your current security framework, processes, and mechanisms but tailor them to accommodate the new way of remote working.
    • Address priority security items related to remote work capability and its implications in a logical sequence. Some security components may not be as time sensitive as others.
    • Remain diligent! Circumstances may have changed, but the importance of security has not. In fact, IT security is likely more important now than ever before.

    Cybersecurity Priorities in Times of Pandemic Research & Tools

    Start here – read our Cybersecurity Priorities research.

    Our recommendations and the accompanying checklist tool will help you quickly get a handle on supporting a remote workforce while maintaining security in your organization.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Cybersecurity Priorities in Times of Pandemic Storyboard
    • Cybersecurity Priorities Checklist Tool
    [infographic]

    Define Service Desk Metrics That Matter

    • Buy Link or Shortcode: {j2store}491|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.

    Our Advice

    Critical Insight

    • Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Impact and Result

    • Tracking goal- and action-based metrics allows you to make meaningful, data-driven decisions for your service desk. You can establish internal benchmarks to set your own baselines.
    • Predefining the audience and cadence of each metric allows you to construct targeted dashboards to aid your metrics analysis.

    Define Service Desk Metrics That Matter Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Service Desk Metrics That Matter Storyboard – A deck that shows you how to look beyond benchmarks and rely on internal metrics to drive success.

    Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.

    • Define Service Desk Metrics That Matter Storyboard

    2. Service Desk Metrics Workbook – A tool to organize your service desk metrics.

    For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.

    • Service Desk Metrics Workbook
    [infographic]

    Further reading

    Define Service Desk Metrics That Matter

    Look beyond benchmarks and rely on internal metrics to drive success.

    Analyst Perspective

    Don’t get paralyzed by benchmarks when establishing metrics

    When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.

    Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.

    Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.

    Benedict Chang

    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Measure the business value provided by the service desk.
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard or effective dashboards.

    Common Obstacles

    • Becoming too focused on benchmarks or unidimensional metrics (e.g. cost, first-contact resolution, time to resolve) can lead to misinterpretation of the data and poorly informed actions.
    • Sifting through the many sources of data post hoc can lead to stalling in data analysis or slow reaction times to poor metrics.
    • Dashboards can quickly become cluttered with uninformative metrics, thus reducing the signal-to-noise ratio of meaningful data.

    Info-Tech's Approach

    • Use metrics that drive productive change and improvement. Track only what you need to report on.
    • Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
    • Establish internal benchmarks by analyzing the trends from your own data to set baselines.
    • Act on the results of your metrics by adjusting targets and measuring success.

    Info-Tech Insight

    Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Improve your metrics to align IT with strategic business goals

    The right metrics can tell the business how hard IT works and how well they perform.

    • Only 19% of CXOs feel that their organization is effective at measuring the success of IT projects with their current metrics.
    • Implementing the proper metrics can facilitate communication between the business division and IT practice.
    • The proper metrics can help IT know what issues the business has and how the CEO and CIO should tackle them.
    • If the goals above resonate with your organization, our blueprint Take Control of Infrastructure and Operations Metrics will take you through the right steps.

    Current Metrics Suite

    19% Effective

    36% Some Improvement Necessary

    45% Significant Improvement Necessary

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    CXOs stress that value is the most critical area for IT to improve in reporting

    • You most likely have to improve your metrics suite by addressing business value.
    • Over 80% of organizations say they need improvement to their business value metrics, with 32% of organizations reporting that significant improvement is needed.
    • Of course, measuring metrics for service desk operations is important, but don’t forget business-oriented metrics such as measuring knowledgebase articles written for shift-left enablement, cost (time and money) of service desk tickets, and overall end-user satisfaction.

    The image shows a bar graph with percentages on the Y-Acis, and the following categories on the X-Axis: Business value metrics; Stakeholder satisfaction reporting; Risk metrics; Technology performance & operating metrics; Cost & Salary metrics; and Ad hoc feedback from executives and staff. Each bar is split into two sections, with the blue section marked a Significant Improvement Necessary, and the purple section labelled Some Improvement necessary. Two sections are highlighted with red circles: Business Value metrics--32% blue; 52% purple; and Technology performance & operating metrics--23% blue and 51% purple.

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    Benchmarking used in isolation will not tell the whole story

    Benchmarks can be used as a step in the metrics process

    They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.

    Benchmarking relies on standardized models

    This does not account for all the unique variables that make up an IT organization.

    For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.

    Info-Tech Insight

    Benchmarks reflect the norm and common practice, not best practice.

    Benchmarks are open to interpretation

    Taking the time to establish proper metrics is often more valuable time spent than going down the benchmark rabbit hole.

    Being above or below the norm is neither a good nor a bad thing.

    Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.

    If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:

    Review the collected benchmark data

    See where IT organizations in your industry typically stand in relation to the overall benchmark.

    Assess the gaps

    Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.

    Benchmarks are only guidelines

    The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.

    Rely on internal metrics to measure and improve performance

    Measure internal metrics over time to define goals and drive real improvement

    • Internally measured metrics are more reliable because they provide information about your actual performance over time. This allows for targeted improvements and objective measurements of your milestones.
    • Whether a given metric is the right one for your service desk will depend on several different factors, including:
      • The maturity and capability of your service desk processes
      • The volume of service requests and incidents
      • The complexity of your environment when resolving tickets
      • The degree to which your end users are comfortable with self-service

    Take Info-Tech’s approach to metrics management

    Use metrics that drive productive change and improvement. Track only what you need to report on.

    Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.

    Establish internal benchmarks by analyzing the trends from your own data to set baselines.

    Act on the results of your metrics by adjusting targets and measuring success.

    Define action-based metrics to cut down on analysis paralysis

    Every metric needs to be backed with the following criteria:

    • Defining audience, cadence, goal, and action for each metric allows you to keep your tracked metrics to a minimum while maximizing the value.
    • The audience and cadence of each metric may allow you to define targeted dashboards.

    Audience - Who is this metric tracked for?

    Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.

    Cadence - How often are you going to view, analyze, and action this metric?

    Action - What will you do if this metric spikes, dips, trends up, or trends down?

    Activity 1. Define your critical success factors and key performance indicators

    Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).

    CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.

    1. As a group, brainstorm the CSFs and the KPIs that will help narrow your metrics. Use the Service Desk Metrics Workbook to record the results.
    2. Look at the example to the right as a starting point.

    Example metrics:

    Critical success factor Key performance indicator
    High End-User Satisfaction Increasing CSAT score on transactional surveys
    High end-user satisfaction score
    Proper resolution of tickets
    Low time to resolve
    Low Cost per Ticket Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.)
    Improve Access to Self-Service (tangential to improve customer service) High utilization of knowledgebase
    High utilization of portal

    Download the Service Desk Metrics Workbook

    Activity 2. Define action-based metrics that align with your KPIs and CSFs

    1. Now that you have defined your goals, continue to fill the workbook by choosing metrics that align with those goals.
    2. Use the chart below as a guide. For every metric, define the cadence of measurement, audience of the metric, and action associated with the metric. There may be multiple metrics for each KPI.
    3. If you find you are unable to define the cadence, audience, or action associated with a metric, you may not need to track the metric in the first place. Alternatively, if you find that you may action a metric in the future, you can decide to start gathering data now.

    Example metrics:

    Critical success factor Key performance indicator Metric Cadence Audience Action
    High End-User Satisfaction Increasing CSAT score on transactional surveys Monthly average of ticket satisfaction scores Monthly Management Action low scores immediately, view long-term trends
    High end-user satisfaction score Average end-user satisfaction score from annual survey Annually IT Leadership View IT satisfaction trends to align IT with business direction
    Proper resolution of tickets Number of tickets reopened Weekly Service Desk Technicians Action reopened tickets, look for training opportunities
    SLA breach rate Daily Service Desk Technicians Action reopened tickets, look for training opportunities
    Low time to resolve Average TTR (incidents) Weekly Management Look for trends to monitor resources
    Average TTR by priority Weekly Management Look for TTR solve rates to align with SLA
    Average TTR by tier Weekly Management Look for improperly escalated tickets or shift-left opportunities

    Download the Service Desk Metrics Workbook

    Activity 3. Define the data ownership, metric viability, and dashboards

    1. For each metric, define where the data is housed. Ideally, the data is directly in the ticketing tool or ITSM tool. This will make it easy to pull and analyze.
    2. Determine how difficult the metric will be to pull or track. If the effort is high, decide if the value of tracking the metric is worth the hassle of gathering it.
    3. Lastly, for each metric, use the cadence and audience to place the metric in a reporting dashboard. This will help divide your metrics and make them easier to report and action.
    4. You may use the output of this exercise to add your tracked metrics to your service desk SOP.
    5. A full suite of metrics can be found in our Infrastructure & Operations Metrics Library in the Take Control of Infrastructure Metrics Storyboard. The metrics have been categorized by low, medium, and advanced capabilities for you.

    Example metrics:

    Metric Who Owns the Data? Efforts to Track? Dashboards
    Monthly average of ticket satisfaction scores Service Desk Low Monthly Management Meeting
    Average end-user satisfaction score Service Desk Low Leadership Meeting
    Number of tickets reopened Service Desk Low Weekly Technician Standup
    SLA breach rate Service Desk Low Daily Technician Standup
    Average TTR (incidents) Service Desk Low Weekly Technician Standup
    Average TTR by priority Service Desk Low Weekly Technician Standup
    Average TTR by tier Service Desk Low Weekly Technician Standup
    Average TTR (SRs) Service Desk Low Weekly Technician Standup
    Number of tickets reopened Service Desk Low Daily Technician Standup

    Download the Service Desk Metrics Workbook

    Keep the following considerations in mind when defining which metrics matter

    Keep the customer in mind

    Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.

    Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.

    Don’t settle for tool defaults

    ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.

    Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.

    Establish tension metrics to achieve balance

    Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.

    Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.

    Adjust those targets

    An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.

    Take Control of Infrastructure and Operations Metrics

    Make faster decisions and improve service delivery by using the right metrics for the job.

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    IT Diagnostics: Build a Data-Driven IT Strategy

    Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.

    Activate Your Augmented Reality Initiative

    • Buy Link or Shortcode: {j2store}465|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Augmented reality is a new technology and use cases are still emerging. Organizations have to work hard to stay ahead of the curve and predict how they will be impacted.
    • There are limited off-the-shelf augmented reality solutions in terms of business applications. IT not only needs to understand the emerging augmented reality hardware, but also the plethora of development platforms.

    Our Advice

    Critical Insight

    • Augmented reality presents a new avenue to solve problems that cannot be addressed efficiently with existing technology. It is a new tool that will impact the way you work.
    • Beyond addressing existing problems, augmented reality will provide the ability to differently execute business processes. Current processes have been designed with existing systems and capabilities in mind. Augmented reality impacts organizational design processes that are more complex.
    • As a technology with an evolving set of use cases, IT and the business must anticipate some of the challenges that may arise with the use of augmented reality (e.g. health and safety, application development, regulatory).

    Impact and Result

    • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “art of the possible” for augmented reality.
    • With an understanding of augmented reality, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.
    • By utilizing Info-Tech’s Augmented Reality Use Case Picklist and the Augmented Reality Stakeholder Presentation Template, the IT team and their business stakeholders can confidently approach augmented reality adoption.

    Activate Your Augmented Reality Initiative Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about augmented reality’s potential to transform the workplace and how Info-Tech will support you as you identify and build your augmented reality use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand augmented reality

    Analyze the four key benefits of augmented reality to understand how the technology can resolve industry issues.

    • Activate Your Augmented Reality Initiative – Phase 1: Understand Augmented Reality
    • Augmented Reality Glossary

    2. Finding space for augmented reality

    Develop and prioritize use cases for augmented reality using Info-Tech’s AR Initiative Framework.

    • Activate Your Augmented Reality Initiative – Phase 2: Finding Space for Augmented Reality
    • Augmented Reality Use Case Picklist

    3. Communicate project decisions to stakeholders

    Present the augmented reality initiative to stakeholders and understand the way forward for the AR initiative.

    • Activate Your Augmented Reality Initiative – Phase 3: Communicate Project Decisions to Stakeholders
    • Augmented Reality Stakeholder Presentation Template
    [infographic]

    Workshop: Activate Your Augmented Reality Initiative

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Augmented Reality and Its Use Cases

    The Purpose

    Understand the fundamentals of augmented reality technology and its real-world business applications.

    Key Benefits Achieved

    A prioritized list of augmented reality use cases.

    Activities

    1.1 Introduce augmented reality technology.

    1.2 Understand augmented reality use cases.

    1.3 Review augmented reality case studies.

    Outputs

    An understanding of the history and current state of augmented reality technology.

    An understanding of “the art of the possible” for augmented reality.

    An enhanced understanding of augmented reality.

    2 Conduct an Environmental Scan and Internal Review

    The Purpose

    Examine where the organization stands in the current competitive environment.

    Key Benefits Achieved

    Understanding of what is needed from an augmented reality initiative to differentiate your organization from its competitors.

    Activities

    2.1 Environmental analysis (PEST+SWOT).

    2.2 Competitive analysis.

    2.3 Listing of interaction channels and disposition.

    Outputs

    An understanding of the internal and external propensity for augmented reality.

    An understanding of comparable organizations’ approach to augmented reality.

    A chart with the disposition of each interaction channel and its applicability to augmented reality.

    3 Parse Critical Technology Drivers

    The Purpose

    Determine which business processes will be affected by augmented reality.

    Key Benefits Achieved

    Understanding of critical technology drivers and their KPIs.

    Activities

    3.1 Identify affected process domains.

    3.2 Brainstorm impacts of augmented reality on workflow enablement.

    3.3 Distill critical technology drivers.

    3.4 Identify KPIs for each driver.

    Outputs

    A list of affected process domains.

    An awareness of critical technology drivers for the augmented reality initiative.

    Define Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}55|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $83,641 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Your organizational digital business strategy sits on the shelf because it fails to guide implementation.
    • Your organization has difficulty adapting new technologies or rethinking their existing business models.
    • Your organization lacks a clear vision for the digital customer journey.
    • Your management team lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.

    Our Advice

    Critical Insight

    • Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    Impact and Result

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for derisking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Define Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Digital Business Strategy Deck – A step-by-step document that walks you through how to identify top value chains and a digitally enabled growth opportunity, transform stakeholder journeys, and build a digital transformation roadmap.

    This blueprint guides you through a value-driven approach to digital transformation that allows you to identify what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. This approach to digital transformation unifies digital possibilities with your customer experiences.

    • Define Your Digital Business Strategy – Phases 1-4

    2. Digital Business Strategy Workbook – A tool to guide you in planning and prioritizing projects to build an effective digital business strategy.

    This tool guides you in planning and prioritizing projects to build an effective digital business strategy. Key activities include conducting a horizon scan, conducting a journey mapping exercise, prioritizing opportunities from a journey map, expanding opportunities into projects, and lastly, building the digital transformation roadmap using a Gantt chart visual to showcase project execution timelines.

    • Digital Strategy Workbook

    3. Digital Business Strategy Final Report Template – Use this template to capture the synthesized content from outputs of the activities.

    This deck is a visual presentation template for this blueprint. The intent is to capture the contents of the activities in a presentation PowerPoint. It uses sample data from “City of X” to demonstrate the digital business strategy.

    • Digital Business Strategy Final Report Template
    [infographic]

    Workshop: Define Your Digital Business Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Two Existing Value Chains

    The Purpose

    Understand how your organization creates value today.

    Key Benefits Achieved

    Identify opportunities for digital transformation in how you currently deliver value today.

    Activities

    1.1 Validate business context.

    1.2 Assess business ecosystem.

    1.3 Identify and prioritize value streams.

    1.4 Break down value stream into value chains.

    Outputs

    Business context

    Overview of business ecosystem

    Value streams and value chains

    2 Identify a Digitally Enabled Growth Opportunity

    The Purpose

    Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.

    Key Benefits Achieved

    Identify a leapfrog idea to sidestep competitors.

    Activities

    2.1 Conduct a horizon scan.

    2.2 Identify leapfrog ideas.

    2.3 Identify impact to existing or new value chains.

    Outputs

    One leapfrog idea

    Corresponding value chain

    3 Transform Stakeholder Journeys

    The Purpose

    Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.

    Key Benefits Achieved

    Identify a unified view of customer experience.

    Identify opportunities to automate non-routine cognitive tasks.

    Identify gaps in value delivery.

    Improve customer journey.

    Activities

    3.1 Identify stakeholder persona.

    3.2 Identify journey scenario.

    3.3 Conduct one journey mapping exercise.

    3.4 Identify opportunities to improve stakeholder journey.

    3.5 Break down opportunities into projects.

    Outputs

    Stakeholder persona

    Stakeholder scenario

    Journey map

    Journey-based projects

    4 Build a Digital Transformation Roadmap

    The Purpose

    Build a customer-centric digital transformation roadmap.

    Key Benefits Achieved

    Keep your team on the same page with key projects, objectives, and timelines.

    Activities

    4.1 Prioritize and categorize initiatives.

    4.2 Build roadmap.

    Outputs

    Digital goals

    Unified roadmap

    Further reading

    Define Your Digital Business Strategy

    After a major crisis, find your place in the digital economy.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

    35,000 members sharing best practices you can leverage

    Millions spent developing tools and templates annually

    Leverage direct access to over 100 analysts as an extension of your team

    Use our massive database of benchmarks and vendor assessments

    Get up to speed in a fraction of the time

    Analyst Perspective

    Build business resilience and prepare for a digital economy.

    This is a picture of Senior Research Analyst, Dana Daher

    Dana Daher
    Senior Research Analyst

    To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
    This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
    If there was ever a time for an organization to become a digital business, it is today.

    Executive Summary

    Your Challenge

    • Your organization has difficulty adapting new technologies or rethinking the existing business models.
    • Your management lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.
    • There is uncertainty on how to meet evolving customer needs and how to compete in a digital economy.

    Common Obstacles

    • Your organization might approach digital transformation as if we were still in 2019, not recognizing that the pandemic resulted in a major shift to an end-to-end digital economy.
    • Your senior-most leadership thinks digital is "IT's problem" because digital is viewed synonymously with technology.
    • On the other hand, your IT team lacks the authority to make decisions without the executives’ involvement in the discussion around digital.

    Info-Tech’s Approach

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for de-risking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Info-Tech Insight

    After a major crisis, focus on restarting the growth engine and bolstering business resilience.

    Your digital business strategy aims to transform the business

    Digital Business Strategy

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Accountability lies with the executive leadership.
    • Must involve cross-functional participation from senior management from the different areas of the organization.

    IT Strategy

    • Aims to identify how to change, fix, or improve technology in support of the organization’s business strategy.
    • Accountability lies with the CIO.
    • Must involve IT management and gather strategic input from the business.

    Becoming a digital business

    Automate tasks to free up time for innovation.

    Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.

    When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).

    These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.

    We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.

    As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.

    Key Concepts:

    Digital: The representation of a physical item in a format used by computers

    Digitization: Conversion of information and processes into a digital format

    Digitalization: Conversion of information into a format to be processed by a computer

    Why transform your business?

    COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.

    As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.

    Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:

    • Recover from the COVID-19 recession.
    • Compete in a digital economy.

    To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies. – Dana Daher, Info-Tech Research Group

    We are amid an economic transformation

    What we are facing today is a paradigm shift transforming the ways in which we work, live, and relate to one another.

    In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.

    As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.

    These rapid changes are captured in a new 21st century term:

    The Digital Economy.

    90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place. – Paul Taylor, Forbes, 2020

    Analyst Perspective

    Become a Digital Business

    this is a picture of Research Fellow, Kenneth McGee

    Kenneth McGee
    Research Fellow

    Today, the world faces two profoundly complex, mega-challenges simultaneously:

    1. Ending the COVID-19 pandemic and recession.
    2. Creating strategies for returning to business growth.

    Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.

    As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.

    We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.

    The Digital Economy

    The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).

    The digital economy captures decades of digital trends including:

    • Declining enterprise computing costs
    • Improvements in computing power and performance; unprecedent analytic capabilities
    • Rapid growth in network speeds, affordability, and geographic reach
    • High adoption rates of PCs, mobile, and other computing devices

    These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.

    The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.

    Download Info-Tech’s Digital Economy Report

    Signals of Change

    60%
    of People on Earth Use the Internet
    (DataReportal, 2021)
    20%
    of Global Retail Sales Performed via E-commerce
    (eMarketer, 2021)
    6.64T
    Global Business-to-Business
    E-commerce Market
    (Derived from The Business Research Company, 2021)
    9.6%
    of US GDP ($21.4T) accounted for by the digital economy ($2.05T)
    (Bureau of Economic Analysis, 2021)

    The digital economy captures technological developments transforming the way in which we live, work, and socialize

    Technological evolution

    this image contains a timeline of technological advances, from computers and information technology, to the digital economy of the future

    Info-Tech’s approach to digital business strategy

    A path to thrive in a digital economy.

    1. Identify top value chains to be transformed
    2. Identify a digitally enabled growth opportunity
    3. Transform stakeholder journeys
    4. Build a digital transformation roadmap

    Info-Tech Insight

    Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    The Info-Tech difference:

    • Understand how your organization creates value today to identify opportunities for digital transformation.
    • Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
    • Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    A digital transformation starts by transforming how you deliver value today

    As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.

    We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

    Our approach helps you to digitally transform those value streams that generate the most value for your organization.

    Higher Education Value stream

    Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement

    Local Government Value Stream

    Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure

    Manufacturing Value Stream

    Design Product → Produce Product → Sell Product

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Assess your external environment to identify new value generators

    Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.

    Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.

    And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:

    • Conduct a PESTLE first and deduce, from the analysis, what are possible shifts in six characteristics of an organization’s industry, or
    • Proceed immediately with identifying evolutionary trends that impact the organization’s direct market.

    the image depicts the relationship of factors from the Macro Environment, to the Industry/Addressable Market, to the Organization. the macro environmental factors are Political; Economic; Social; Technological; Legal; and Environmental. the Industry/addressable market factors are the Customer; Talent; Regulation; technology and; Supply chain.

    Info-Tech Insight

    While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.

    An analysis of evolutionary shifts in five industry-specific characteristics would be more effective for identifying trends that impact the organization

    A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
    Shifts in these five characteristics directly impact an organization:

    ORGANIZATION

    • Customer Expectations
    • Talent Availability
    • Regulatory System
    • Supply Chain Continuity
    • Technological Landscape

    Capture existing and new value generators through a customer journey map

    As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.

    However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.

    This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.

    This image contains an example of how a school might use a value chain and customer journey map. the value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Instruction and Research Value stream. The value chain includes: Research; Course Creation, Delivery, and assessment. The Customer journey map for curricula delivery includes: Understanding the needs of students; Construct the course material; Deliver course material; Conduct assessment and; Upload Grades into system

    A digital transformation is not just about customer journeys but also about building business resilience

    Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.

    As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.

    Ultimately, a digital transformation has two purposes:

    1. The classical model – whereby there is a focus on improving digital experiences.
    2. Value protection or the reduction of enterprise risk by systematically identifying how the organization delivers value and digitally transforming it to protect future cashflows and improve the overall enterprise value.
    Old Paradigm New Paradigm
    Predictable regulatory changes with incremental impact Unpredictable regulatory changes with sweeping impact
    Reluctance to use digital collaboration Wide acceptance of digital collaboration
    Varied landscape of brick-and-mortar channels Last-mile consolidation
    Customers value brand Customers value convenience/speed of fulfilment
    Intensity of talent wars depends on geography Broadened battlefields for the war for talent
    Cloud-first strategies Cloud-only strategies
    Physical assets Aggressive asset decapitalization
    Digitalization of operational processes Robotization of operational processes
    Customer experience design as an ideation mechanism Business resilience for value protection and risk reduction

    Key deliverable:

    Digital Business Strategy Presentation Template

    A highly visual and compelling presentation template that enables easy customization and executive-facing content.

    three images are depicted, which contain slides from the Digital Business Strategy presentation template, which will be available in 2022.

    *Coming in 2022

    Blueprint deliverables

    The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:

    Initiative Prioritization

    A screenshot from the Initiative Prioritization blueprint is depicted, no words are legible in the image.

    Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.

    Roadmap Gantt Chart

    A screenshot from the Roadmap Gantt Chart blueprint is depicted, no words are legible in the image.

    Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.

    Journey Mapping Workbook

    A screenshot from the Journey Mapping Workbook blueprint is depicted, no words are legible in the image.

    Populate the journey maps to evaluate a user experience over its end-to-end journey.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    Discuss business context and customize your organization’s capability map.
    Call #2:
    Assess business ecosystem.
    Call #3:
    Perform horizon scanning and trends identification.
    Call #5:
    Identify stakeholder personas and scenarios.
    Call #7:
    Discuss initiative generation and inputs into roadmap.
    Call #3:
    Identify how your organization creates value.
    Call #4:
    Discuss value chain impact.
    Call #6:
    Complete journey mapping exercise.
    Call #8:
    Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Requirements

    Business Inputs

    Gather business strategy documents and find information on:

    • Business goals
    • Current transformation initiatives
    • Business capabilities to create or enhance
    • Identify top ten revenue and expense generators
    • Identify stakeholders

    Interview the following stakeholders to uncover business context information:

    • CEO
    • CIO

    Download the Business Context Discovery Tool

    Optional Diagnostic

    • Assess your digital maturity (Concierge Service)

    Visit Assess Your Digital Maturity

    Phase 1

    Identify top value chains to be transformed

    • Understand the business
    • Assess your business ecosystem
    • Identify two value chains for transformation

    This phase will walk you through the following activities:

    Understand how your organization delivers value today and identify value chains to be transformed.

    This phase involves the following participants:

    A cross-functional cohort across all levels of the organization.

    Outcomes

    • Business ecosystem
    • Existing value chains to be transformed

    Step 1.1

    Understand the business

    Activities

    • Review business documents.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section you will gain an understanding of the business context for your strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Context

    Understand the business context

    Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.

    Inputs Document(s)/ Method Outputs
    Key stakeholders Strategy Document Stakeholders that are actively involved in, affected by or influence outcome of the organization, e.g. employers, customers, vendors.
    Vision and mission of the organization Website Strategy Document What the organization wants to achieve and how it strives to accomplish those goals.
    Business drivers CEO Interview Inputs and activities that drive the operational and financial results of the organization.
    Key targets CEO Interview Quantitative benchmarks to support strategic goals, e.g. double the enterprise EBITD, improve top-of-mind brand awareness by 15%,
    Strategic investment goals CFO Interview
    Digital Strategy
    Financial investments corresponding with strategic objectives of the organization, e.g. geographic expansion, digital investments.
    Top three value-generating lines of business Financial Document Identification of your top three value-generating products and services or lines of business.
    Goals of the organization over the next 12 months Strategy Document
    Corporate Retreat Notes
    Strategic goals to support the vision, e.g. hire 100 new sales reps, improve product management and marketing.
    Top business initiatives over the next 12 months Strategy Document
    CEO Interview
    Internal campaigns to support strategic goals, e.g. invest in sales team development, expand the product innovation team.
    Business model Strategy Document Products or services that the organization plans to sell, the identified market and customer segments, price points, channels and anticipated expenses.
    Competitive landscape Internal Research Analysis Who your typical or atypical competitors are.

    1.1 Understand the business context

    Objective: Elicit the business context with a careful review of business and strategy documents.

    1. Gather the strategy creation team and review your business context documents. This includes business strategy documents, interview notes from executive stakeholders, and other sources for uncovering the business strategy.
    2. Brainstorm in smaller groups answers to the question you were assigned:
      • What are the strengths and weaknesses of the organization?
      • What are some areas of improvement or opportunity?
      • What does it mean to have a digital business strategy?
    3. Discuss the questions above with participants and document key findings. Share with the group and work through the balanced scorecard questions to complete this exercise.
    4. Document your findings.

    Assess your digital readiness with Info-Tech’s Digital Maturity Assessment

    Input

    • Business Strategy Documents
    • Executive Stakeholder Interviews

    Output

    • Business Context Information

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.2

    Assess your business ecosystem

    Activities

    • Identify disruptors and incumbents.

    Info-Tech Insight

    Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Ecosystem

    Assess your business ecosystem

    Understand the nature of your competition.

    Learn what your competitors are doing.

    To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.

    Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.

    Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)

    An image is shown demonstrating the relationship within an industry between incumbents, disruptors, and the organization. The incumbents are represented by two large purple circles. The disruptors are represented by 9 smaller blue circles, which represent smaller individual customer bases, but overall account for a larger portion of the industry.

    ’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.– Ilan Mochari, Inc., 2015

    Example Business Ecosystem Analysis

    Business Target Market & Customer Product/Service & Key Features Key Differentiators Market Positioning
    University XYZ
    • Local Students
    • Continuous Learner
    • Certificate programs
    • Associate degrees
    • Strong engineering department with access to high-quality labs
    • Strong community impact
    Affordable education with low tuition cost and access to bursaries & scholarships.
    University CDE University CDE
    • Local students
    • International students
    • Continuous learning students
    • Continuous learning offerings (weekend classes)
    • Strong engineering program
    • Strong continuous learning programs
    Outcome focused university with strong co-ops/internship programs and career placements for graduates
    University MNG
    • Local students
    • Non degree, freshman and continuous learning adults
    • Associate degrees
    • Certificate programs (IT programs)
    • Dual credit program
    • More locations/campuses
    • Greater physical presence
    • High web presence
    Nurturing university with small student population and classroom sizes. University attractive to adult learners.
    Disruptors Online Learning Company EFG
    • Full-time employees & executives– (online presence important)
    • Shorter courses
    • Full-time employees & executives– (online presence important)
    Competitive pricing with an open acceptance policy
    University JKL Online Credential Program
    • High school
    • University students
    • Adult learners
    • Micro credentials
    • Ability to acquire specific skills
    Borderless and free (or low cost) education

    1.2 Understand your business ecosystem

    Objective: Identify the incumbents and disruptors in your business ecosystem.

    1. Identify the key incumbents and disruptors in your business ecosystem.
      • Incumbents: These are established leaders in the industry that possess the largest market share.
      • Disruptors: Disruptors are primarily new entrants (startups) that possess the ability to displace the existing market, industry, or technology.
    2. Identify target market and key customers. Who are the primary beneficiaries of your products or service offerings? Your key customers are those who keep you in business, increase profits, and are impacted by your operations.
    3. Identify what their core products or services are. Assess what core problem their products solve for key customers and what key features of their solution support this.
    4. Assess what the competitors' key differentiators are. There are many differentiators that an organization can have, examples include product, brand, price, service, or channel.
    5. Identify what the organization’s value proposition is. Why do customers come to them specifically? Leverage insights from the key differentiators to derive this.
    6. Finally, assess how your organization derives value relative to your competitors.

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.3

    Value-chain prioritization

    Activities

    • Identify and prioritize value chains for innovation.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    Identify and prioritize how your organization currently delivers value today and identify value chains to be transformed.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized Value Chains

    Determine what value the organization creates

    Identify areas for innovation.

    Value streams and value chains connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within.

    Different types of value your organization creates

    This an example of a value chain which a school would use to analyze how their organization creates value. The value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Student enrolment stream is displayed. The value chain includes: Matriculation; Enrolment into a Program and; Unit enrolment.

    Value Streams

    A value stream refers to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer.

    Value Chains

    A value chain is a ”string” of processes within a company that interrelate and work together to meet market demand. Examining the value chain of a company will reveal how it achieves competitive advantage.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Begin with understanding your industry’s value streams

    Value Streams

    Recruitment

    • The promotion of the institution and the communication with prospective students is accommodated by the recruitment component.
    • Prospective students are categorized as domestic and international, undergraduate and graduate. Each having distinct processes.

    Admission

    • Admission into the university involves processes distinct from recruitment. Student applications are processed and evaluated and the students are informed of the decision.
    • This component is also concerned with transfer students and the approval of transfer credits.

    Student Enrolment

    • Student enrolment is concerned with matriculation when the student first enters the institution, and subsequent enrolment and scheduling of current students.
    • The component is also concerned with financial aid and the ownership of student records.

    Instruction & Research

    • Instruction involves program development, instructional delivery and assessment, and the accreditation of courses of study.
    • The research component begins with establishing policy and degree fundamentals and concerns the research through to publication and impact assessment.

    Graduation

    • Graduation is not only responsible for the ceremony but also the eligibility of the candidate for an award and the subsequent maintenance of transcripts.

    Advancement

    • Alumni relations are the first responsibility of advancement. This involves the continual engagement with former students.
    • Fundraising is the second responsibility. This includes the solicitation and stewardship of gifts from alumni and other benefactors.

    Value stream defined…

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Leverage your industry’s capability maps to identify value chains

    Business Capability Map Defined

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically, will have a defined business outcome.

    A capability map is a great starting point to identify value chains within an organization as it is a strong indicator of the processes involved to deliver on the value streams.

    this image contains an example of a business capability map using the value streams identified earlier in this blueprint.

    Info-Tech Insight

    Leverage your industry reference architecture to define value streams and value chains.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Prioritize value streams to be supported or enhanced

    Use an evaluation criteria that considers both the human and business value generators that these streams provide.

    two identical value streams are depicted. The right most value stream has Student Enrolment and Instruction Research highlighted in green. between the two streams, are two boxes. In these boxes is the following: Business Value: Profit; Enterprise Value; Brand value. Human Value: Faculty satisfaction; Student satisfaction; Community impact.

    Info-Tech Insight

    To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value.

    Business Value

    Assess the value generators to the business, e.g. revenue dollars, enterprise value, cost or differentiation (competitiveness), etc.

    Human Value

    Assess the value generators to people, e.g. student/faculty satisfaction, well-being, and social cohesion.

    Identify value chains for transformation

    Value chains, pioneered by the academic Michael Porter, refer to the ”string” of processes within a company that interrelate and work together to meet market demand. An organization’s value chain is connected to the larger part of the value stream. This perspective of how value is generated encourages leaders to see each activity as a part of a series of steps required deliver value within the value stream and opens avenues to identify new opportunities for value generation.

    this image depicts two sample value chains for the value streams: student enrolment and Instruction & Research. Each value chain has a stakeholder associated with it. This is the primary stakeholder that seeks to gain value from that value chain.

    Prioritize value chains for transformation

    Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain to identify opportunities for transformation. Evaluate the value chain processes based on the level of pain experienced by a stakeholder to accomplish that task, and the financial impact that level of the process has on the organization.

    this image depicts the same value chains as the image above, with a legend showing which steps have a financial impact, which steps have a high degree of risk, and which steps are prioritized for transformation. Matriculation and publishing are shown to have a financial impact. Research foundation is shown to have a high degree of risk, and enrollment into a program and conducting research are prioritized for transformation.

    1.3 Value chain analysis

    Objective: Determine how the organization creates value, and prioritize value chains for innovation.

    1. The first step of delivering value is defining how it will happen. Use the organization’s industry segment to start a discussion on how value is created for customers. Working back from the moment value is realized by the customer, consider the sequential steps required to deliver value in your industry segment.
    2. Define and validate the organization’s value stream. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream.
    3. Prioritize the value streams based on an evaluation criteria that reflects business and human value generators to the organization.
    4. Identify value chains that are associated with each value stream. The value chains refer to a string of processes within the value stream element. Each value chain also captures a particular stakeholder that benefits from the value chain.
    5. Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain and identify areas for transformation. Evaluate the value chain processes based on the level of pain or exposure to risk experienced by a stakeholder to accomplish that task and the financial impact that level of the process has on the organization.

    Visit Info-Tech’s Industry Coverage Research to identify value streams and capability maps

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 2

    Identify a digitally enabled growth opportunity

    • Conduct horizon scan
    • Identify leapfrog idea
    • Conduct value chain impact analysis

    This phase will walk you through the following activities:

    Assess trends that are impacting your industry and identify strategic growth opportunities.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    Identify new growth opportunities and value chains impacted

    Phase 2.1

    Horizon scanning

    Activities

    • Scan the internal and external environment for trends.

    Info-Tech Insight

    Systematically scan your environment to identify avenues or opportunities to skip one or several stages of technological development and stay ahead of disruption.

    Identify a digitally enabled growth opportunity

    This step will walk you through the following activities:

    Scan the environment for external environment for megatrends, trends, and drivers. Prioritize trends and build a trends radar to keep track of trends within your environment.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Growth opportunity

    Horizon scanning

    Understand how your industry is evolving.

    Horizon scanning is a systematic analysis of detecting early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend that could impact your addressable market.

    Trends

    A trend captures a business use case of the macro trend. Consider trends in relation to competitors in your industry.

    Drivers

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    Identifying macro trends

    A macro trend captures a large-scale transformative trend that could change the addressable market. Here are some examples of macro trends to consider when horizon scanning for your own organization:

    Talent Availability

    • Decentralized workforce
    • Hybrid workforce
    • Diverse workforce
    • Skills gap
    • Digital workforce
    • Multigenerational workforce

    Customer Expectations

    • Personalization
    • Digital experience
    • Data ownership
    • Transparency
    • Accessibility

    Technological Landscape

    • AI & robotics
    • Virtual world
    • Ubiquitous connectivity,
    • Genomics
    • Materials (smart, nano, bio)

    Regulatory System

    • Market control
    • Economic shifts
    • Digital regulation
    • Consumer protection
    • Global green

    Supply Chain Continuity

    • Resource scarcity
    • Sustainability
    • Supply chain digitization
    • Circular supply chains
    • Agility

    Identifying trends and drivers

    A trend captures a business use case of a macro trend. Assessing trends can reduce some uncertainties about the future and highlight potential opportunities for your organization. A driver captures the internal or external forces that lead the trend to occur. Understanding and capturing drivers is important to understanding why these trends are occurring and the potential impacts to your value chains.

    This image contains a flow chart, demonstrating the relationship between Macro trends, Trends, and Drivers. in this example, the macro trend is Accessibility. The Trends, or patterns of change, are an increase in demands for micro-credentials, and Preference for eLearning. The Drivers, or the why, are addressing skill gaps for increase in demand for micro-credentials, and Accommodating adult/working learners- for Preference for eLearning.

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    this image contains three screenshots from Rethinking Higher Education Report and 2021 Tech Trends Report

    Images are from Info-Tech’s Rethinking Higher Education Report and 2021 Tech Trends Report

    Example horizon scanning activity

    Macro Trends Trends Drivers
    Talent Availability Diversity Inclusive campus culture Systemic inequities
    Hybrid workforce Online learning staff COVID-19 and access to physical institutions
    Customer Expectations Digital experience eLearning for working learners Accommodate adult learners
    Accessibility Micro-credentials for non-traditional students Addressing skills gap
    Technological Landscape Artificial intelligence and robotics AI for personalized learning Hyper personalization
    IoT IoT for monitoring equipment Asset tracking
    Augmented reality Immersive education AR and VR Personalized experiences
    Regulatory System Regulatory System Alternative funding for research Changes in federal funding
    Global Green Environmental and sustainability education curricula Regulatory and policy changes
    Supply Chain Continuity Circular supply chains Vendors recycling outdated technology Sustainability
    Cloud-based solutions Cloud-based eLearning software Convenience and accessibility

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Prioritize trends

    Develop a cross-industry holistic view of trends.

    Visualize emerging and prioritize action.

    Moving from horizon scanning to action requires an evaluation process to determine which trends can lead to growth opportunities. First, we need to make a short list of trends to analyze. For your digital strategy, consider trends on the time horizon that are under 24 months. Next, we need to evaluate the shortlisted opportunities by a second set of criteria: relevance to your organization and impact on industry.

    Timing

    The estimated time to disruption this trend will have for your industry. Assess whether the trend will require significant developments to support its entry into the ecosystem.

    Relevance

    The relevance of the trend to your organization. Does the trend fulfil the vision or goals of the organization?

    Impact

    The degree of impact the trend will have on your industry. A trend with high impact will drive new business models, products, or services.

    Prioritize trends to adopt into your organization

    Prioritize trends based on timing, impact, and relevance.

    Trend Timing
    (S/M/L)
    Impact
    (1-5)
    Relevance
    ( 1-5)
    1. Micro-credentialing S 5 5
    2. IoT-connected devices for personalized experience S 1 3
    3. International partnerships with educational institutions M
    4. Use of chatbots throughout enrollment process L
    5. IoT for energy management of campus facilities L
    6. Gamification of digital course content M
    7. Flexible learning curricula S 4 3
    Deprioritize trends
    that have a time frame
    to disruption of more
    than 24 months.
    this image contains a graph demonstrating the relationship between relevance (x axis) and Impact (Y axis).

    2.1 Scanning the horizon

    Objective: Generate trends

    60 minutes

    • Start by selecting macro trends that are occurring in your environment using the five categories. These are the large-scale transformative trends that impact your addressable market. Macro trends have three key characteristics:
      • They span over a long period of time.
      • They impact all geographic regions.
      • They impact governments, individuals, and organizations.
    • Begin to break down these macro trends into trends. Trends should reflect the direction of a macro trend and capture the pattern in events. Consider trends that directly impact your organization.
    • Understand the drivers behind these trends. Why are they occurring? What is driving them? Understanding the drivers helps us understand the value they may generate.
    • Deprioritize trends that are expected to happen beyond 24 months.
    • Prioritize trends that have a high impact and relevance to the organization.
    • If you identify more than one trend, discuss with the group which trend you would like to pursue and limit it to one opportunity.

    Input

    • Macro Trends
    • Trends

    Output

    • Trends Prioritization

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive Team

    Step 2.2

    Leapfrogging ideation

    Activities

    • Identify leapfrog ideas.
    • Identify impact to value chain.

    Info-Tech Insight

    A systematic approach to leapfrog ideation is one of the most critical ways in which an organization can build the capacity for resilient innovation.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. You will also work towards identifying the impact the trend has on your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities
    • Value chain impact

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    The best way to predict the future is to invent it. – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors who are unable to mobilize to respond to the opportunities.

    Case Study

    Classroom of the Future

    Higher Education: Barco’s Virtual Classroom at UCL

    University College London (UCL), in the United Kingdom, selected Barco weConnect virtual classroom technology for its continuing professional development medical education offering. UCL uses the platform for synchronous teaching, where remote students can interact with a lecturer.

    One of the main advantages of the system is that it enables direct interaction with students through polls, questions, and whiteboarding. The system also allows you to track student engagement in real time.

    The system has also been leveraged for scientific research and publications. In their “Delphi” process, key opinion leaders were able to collaborate in an effective way to reach consensus on a subject matter. The processes that normally takes months were successfully completed in 48 hours (McCann, 2020).

    Results

    The system has been largely successful and has supported remote, real-time teaching, two-way engagement, engagement with international staff, and an overall enriched teaching experience.

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas.

    Brainstorm ways of generating leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth strategies for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.
    A funnel shaped image is depicted. At the top, at the entrance of the funnel, is the word Trend. At the bottom of the image, at the output of the funnel, is the word Opportunity.

    From trend to leapfrog ideas

    Trend New Customer New Market New Business Model New Product or Service
    What trends pose a high-immediate impact to the organization? Target new customers for existing products or services Enter or create new markets by applying existing products or services to different problems Adjust the business model to capture a change in how the organization delivers value Introduce new products or services to the existing market
    Micro-credentials for non-traditional students Target non-traditional learners/students - Online delivery Introduce mini MBA program

    2.2 Identify and prioritize opportunities

    60 minutes

    1. Gather the prioritized trend identified in the horizon scanning exercise (the trend identified to be “adopted” within the organization).
    2. Analyze each trend identified and assess whether the trend provides an opportunity for a new customers, new markets, new business models, or new products and services.

    Input

    • “Adopt” Trends

    Output

    • Trends to pursue
    • Breakdown of strategic opportunities that the trends pose

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 2.3

    Value chain impact

    Activities

    • Identify impact to value chain.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. Prioritize the opportunities and identify impact to your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities

    Value chain analysis

    Identify implications of strategic growth opportunities to the value chains.

    As we identify and prioritize the opportunities available to us, we need to assess their impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.
    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    this image depicts the value chain for the value stream, student enrolment.

    2.3 Value chain impact

    Objective: Identify impacts to the value chain from the opportunities identified.
    60 minutes

    1. Once you have identified the opportunity, turn back to the value stream, and with the working group, identify the value stream impacted most by the opportunity. Leverage the human impact/business impact criteria to support the identification of the value stream to be impacted.
    2. Within the value stream, brainstorm what parts of the value chain will be impacted by the new opportunity. Or ask whether this new opportunity provides you with a new value chain to be created.
    3. If this opportunity will require a new value chain, identify what set of new processes or steps will be created to support this new entrant.
    4. Identify any critical value chains that will be impacted by the new opportunity. What areas of the value chain pose the greatest risk? And where can we estimate the financial revenue will be impacted the most?

    Input

    • Opportunity

    Output

    • Value chains impacted

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 3

    Transform stakeholder journeys

    • Identify stakeholder personas and scenarios
    • Conduct journey map
    • Identify projects

    This phase will walk you through the following activities:

    Take the prioritized value chains and create a journey map to capture the end-to-end experience of a stakeholder.

    Through a journey mapping exercise, you will identify opportunities to digitize parts of the journey. These opportunities will be broken down into functional initiatives to tackle in your strategy.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    1. Stakeholder persona
    2. Stakeholder scenario
    3. Stakeholder journey map
    4. Opportunities

    Step 3.1

    Identify stakeholder persona and journey scenario

    Activities

    • Identify stakeholder persona.
    • Identify stakeholder journey scenario.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    In this step, you with identify stakeholder personas and scenarios relating to the prioritized value chains.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A taxonomy of critical stakeholder journeys.

    Identify stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    Learn more about applying design thinking methodologies

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phase 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.
    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a member of the faculty (engineering), and the scenario is the curricula design process.
    this image contains the value chains for instruction (engineering) and enrolment of engineering student. the instruction(engineering) value chain includes curricula research, curricula design, curricula delivery, and Assessment for the faculty-instructor. The enrolment of engineering student value chain includes matriculation, enrolment into a program, and unit enrolment for the student. In the instruction(engineering) value chain, curricula design is highlighted in blue. In the enrolment of engineering student value chain, Enrolment into a program is highlighted.
    Identify one new value chain.
    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.
    this image contains an example of a value chain for micro-credentialing (mini online MBA)

    Identify stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    Example Stakeholder Persona

    Name: Anne
    Age: 35
    Occupation: Engineering Faculty
    Location: Toronto, Canada

    Pains

    What are their frustrations, fears, and anxieties?

    • Time restraints
    • Using new digital tools
    • Managing a class while incorporating individual learning
    • Varying levels within the same class
    • Unmotivated students

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Design curricula in a hybrid mode without loss of quality of experience of in-classroom learning.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Interactive content for students
    • Curriculum alignment
    • Ability to run a classroom lab (in hybrid format)
    • Self-paced and self-directed learning opportunities for students

    (Adapted from Osterwalder, et al., 2014)

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.
    Leverage the following format to define the journey statement.
    As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    this image contains the instruction(engineering) value chain shown above. next to it is a stakeholder journey statement, which states: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences.

    3.1 Identify stakeholder persona and journey scenario

    Objective: Identify stakeholder persona and journey scenario statement for journey mapping exercise.

    1. Start by identifying who your stakeholder is. Give your stakeholder a demographic profile – capture a typical stakeholder for this value chain.
    2. Identify what the gains and pains are during this value chain and what the stakeholder is seeking to accomplish.
    3. Looking at the value chain, create a statement that captures the goals and needs of the stakeholder. Use the following format to create a statement:
      As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    Input

    • Prioritized Value Chains (existing and opportunity)

    Output

    • Stakeholder Persona
    • Stakeholder Journey Statement

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)
    • Stakeholder Persona Canvas

    Participants

    • Executive Team
    • Stakeholders (if possible)
    • Individual who works directly with stakeholders

    Step 3.2

    Map stakeholder journeys

    Activities

    • Map stakeholder journeys.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the journeys by focusing on what matters most to the stakeholders and estimating the organizational effort to improve those experiences.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Candidate journeys identified for redesign or build.

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    Embrace design thinking methodologies to elevate the stakeholder journey and to build a competitive advantage for your organization.

    this image contains an example of the result of a journey mapping exercise. the main headings are Awareness, Consideration, Acquisition, Service and, Loyalty.

    Internal vs. external stakeholder perspective

    In journey mapping, we always start with the stakeholder's perspective, then eventually transition into what the organization does business-wise to deliver value to each stakeholder. It is important to keep in mind both perspectives while conducting a journey mapping exercise as there are often different roles, processes, and technologies associated with each of the journey steps.

    Stakeholder Journey
    (External Perspective)

    • Awareness
    • Consideration
    • Selecting
    • Negotiating
    • Approving

    Business Processes
    (Internal Perspective)

    • Preparation
    • Prospecting
    • Presentation
    • Closing
    • Follow-Up

    Info-Tech Insight

    Take the perspective of an end user, who interacts with your products and services, as it is different from the view of those inside the organization, who implement and provide those services.

    Build a stakeholder journey map

    A stakeholder journey map is a tool used to illustrate the user’s perceptions, emotions, and needs as they move through a process and interact with the organization in the form of touch points, channels, and supporting characters.

    this image depicts an example of a stakeholder journey map, the headings in the map are: Journey Activity; Touch Points; Metrics; Nature of Activity; Key Moments & Pain Points; Opportunities

    Stakeholder Journey Map: Journey Activity

    The journey activity refers to the steps taken to accomplish a goal.

    The journey activity comprises the steps or sequence of tasks the stakeholder takes to accomplish their goal. These steps reflect the high-level process your candidates perform to complete a task or solve a problem.

    Stakeholder Journey Map: Touch Points

    Touch points are the points of interaction between a stakeholder and the organization.

    A touch point refers to any time a stakeholder interacts with your organization or brand. Consider three main points of interaction with the customer in the journey:

    • Before: How did they find out about you? How did they first contact you to start this journey? What channels or mediums were used?
      • Social media
      • Rating & reviews
      • Word of mouth
      • Advertising
    • During: How was the sale or service accomplished?
      • Website
      • Catalog
      • Promotions
      • Point of sale
      • Phone system
    • After: What happened after the sale or service?
      • Billing
      • Transactional emails
      • Marketing emails
      • Follow-ups
      • Thank-you emails

    Stakeholder Journey Map: Nature of Activity

    The nature of activity refers to the type of task the journey activity captures.

    We categorize the activity type to identify opportunities for automation. There are four main types of task types, which in combination (as seen in the table below) capture a task or job to be automated.

    Routine Non-Routine
    Cognitive Routine Cognitive: repeatable tasks that rely on knowledge work, e.g. sales, administration
    Prioritize for automation (2)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection
    Prioritize for automation (3)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) Routine Manual: repeatable tasks that rely on physical work, e.g. manufacturing, production
    Prioritize for automation (1)
    Non-Routine Manual: infrequent tasks that rely on physical work, e.g. food preparation
    Not mature for automation

    Info-Tech Insight

    Where automation makes sense, routine manual activities should be transformed first, followed by routine cognitive activities. Non-routine cognitive activities are the final frontier.

    Stakeholder Journey Map: Metrics

    Metrics are a quantifiable measurement of a process, activity, or initiative.

    Metrics are crucial to justify expenses and to estimate growth for capacity planning and resourcing. There are multiple benefits to identifying and implementing metrics in a journey map:

    • Metrics provide accurate indicators for accurate IT and business decisions.
    • Metrics help you identify stakeholder touch point efficiencies and problems and solve issues before they become more serious.
    • Active metrics tracking makes root cause analysis of issues much easier.

    Example of journey mapping metrics: Cost, effort, turnaround time, throughput, net promoter score (NPS), satisfaction score

    Stakeholder Journey Map: Key Moments & Pain Points

    Key moments and pain points refer to the emotional status of a stakeholder at each stake of the customer journey.

    The key moments are defining pieces or periods in a stakeholder's experience that create a critical turning point or memory.

    The pain points are the critical problems that the stakeholder is facing during the journey or business continuity risks. Prioritize identifying pain points around key moments.

    Info-Tech Insight

    To identify key moments, look for moments that can dramatically influence the quality of the journey or end the journey prematurely. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    Stakeholder Journey Map: Opportunities

    An opportunity is an investment into people, process, or technology for the purposes of building or improving a business capability and accomplishing a specific organizational objective.

    An opportunity refers to the initiatives or projects that should address a stakeholder pain. Opportunities should also produce a demonstrable financial impact – whether direct (e.g. cost reduction) or indirect (e.g. risk mitigation) – and be evaluated based on how technically difficult it will be to implement.

    Customer

    Create new or different experiences for customers

    Workforce

    Generate new organizational skills or new ways of working

    Operations

    Improve responsiveness and resilience of operations

    Innovation

    Develop different products or services

    Example of stakeholder journey output: Higher Education

    Stakeholder: A faculty member
    Journey: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences

    Journey activity Understanding the needs of students Construct the course material Deliver course material Conduct assessments Upload grades into system
    Touch Points
    • Research (primary or secondary)
    • Teaching and learning center
    • Training on tools
    • Office suite
    • Video tools
    • PowerPoint live
    • Chat (live)
    • Forum (FAQ
    • Online assessment tool
    • ERP
    • LMS
    Nature of Activity Non-routine cognitive Non-routine cognitive Non-routine cognitive Routine cognitive Routine Manual
    Metrics
    • Time to completion
    • Time to completion
    • Student satisfaction
    • Student satisfaction
    • Student scores
    Ken Moments & Pain Points Lack of centralized repository for research knowledge
    • Too many tools to use
    • Lack of Wi-Fi connectivity for students
    • Loss of social aspects
    • Adjusting to new forms of assessments
    No existing critical pain points; process already automated
    Opportunities
    • Centralized repository for research knowledge
    • Rationalize course creation tool set
    • Connectivity self-assessment/checklist
    • Forums for students
    • Implement an online proctoring tool

    3.2 Stakeholder journey mapping

    Objective: Conduct journey mapping exercise for existing value chains and for opportunities.

    1. Gather the working group and, with the journey mapping workbook, begin to map out the journey scenario statements identified in the value chain analysis. In total, there should be three journey maps:
      • Two for the existing value chains. Map out the specific point in the value chain that is to be transformed.
      • One for the opportunity value chain. Map out all parts of the value chain to be impacted by the new opportunity.
    2. Start with the journey activity and map out the steps involved to accomplish the goal of the stakeholder.
    3. Identify the touch points involved in the value chain.
    4. Categorize the nature of the activity in the journey activity.
    5. Identify metrics for the journey. How can we measure the success of the journey?
    6. Identify pain points and opportunities in parallel with one another.

    Input

    • Value Chain Analysis
    • Stakeholder Personas
    • Journey Mapping Scenario

    Output

    • Journey Map

    Materials

    • Digital Strategy Workbook, Stakeholder Journey tab

    Participants

    • Executives
    • Individuals in the organization that have a direct interaction with the stakeholders

    Info-Tech Insight

    Aim to build out 90% of the stakeholder journey map with the working team; validate the last 10% with the stakeholder themselves.

    Step 3.3

    Prioritize opportunities

    Activities

    • Prioritize opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the opportunities that arose from the stakeholder journey mapping exercise.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized opportunities

    Prioritization of opportunities

    Leverage design-thinking methods to prioritize opportunities.

    As there may be many opportunities arising from the journey map, we need to prioritize ideas to identify which ones we can tackle first – or at all. Leverage IDEO’s design-thinking “three lenses of innovation” to support prioritization:

    • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
    • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
    Opportunities Feasibility
    (L/M/H)
    Desirability
    (L/M/H)
    Viability
    (L/M/H)
    Centralized repository for research knowledge H H H
    Rationalize course creation tool set H H H
    Connectivity self-assessment/ checklist H M H
    Forums for students M H H
    Exam preparation (e.g. education or practice exams) H H H

    3.3 Prioritization of opportunities

    Objective: Prioritize opportunities for creating a roadmap.

    1. Gather the opportunities identified in the journey mapping exercise
    2. Assess the opportunities based on IDEO’s three lenses of innovation:
      • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
      • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
      • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    3. Opportunities that score high in all three areas are prioritized for the roadmap.

    Input

    • Opportunities From Journey Map

    Output

    • Prioritized Opportunities

    Materials

    • Digital Strategy Workbook

    Participants

    • Executives

    Step 3.4

    Define digital goals

    Activities

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Define a digital goal as it relates to the prioritized opportunities and the stakeholder journey map.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Digital goals

    Define digital goals

    What digital goals can be derived from the stakeholder journey?

    With the prioritized set of opportunities for each stakeholder journey, take a step back and assess what the sum of these opportunities mean for the journey. What is the overall goal or objective of these opportunities? How do these opportunities change or facilitate the journey experience? From here, identify a single goal statement for each stakeholder journey.

    Stakeholder Scenario Prioritized Opportunities Goal
    Faculty (Engineering) As a faculty (Engineering), I want to prepare and teach my course in a hybrid mode of delivery Centralized repository for research knowledge
    Rationalized course creation tool set
    Support hybrid course curricula development through value-driven toolsets and centralized knowledge

    3.4 Define digital goals

    Objective: Identify digital goals derived from the journey statements.

    1. With the prioritized set of opportunities for each stakeholder journey (the two existing journeys and one opportunity journey) take a step back and assess what the sum of these opportunities means for each journey.
      • What is the overall goal or objective of these opportunities?
      • How do these opportunities change or facilitate the journey experience?
    2. From here, identify a single goal for each stakeholder journey.

    Input

    • Opportunities From Journey Map
    • Stakeholder Persona

    Output

    • Digital Goals

    Materials

    • Prioritization Matrix

    Participants

    • Executives

    Step 3.5

    Breakdown opportunities into series of initiatives

    Activities

    • Identify initiatives from the opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Identify people, process, and technology initiatives for the opportunities identified.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • People, process, and technology initiatives

    Break down opportunities into a series of initiatives

    Brainstorm initiatives for each high-priority opportunity using the framework below. Describe each initiative as a plan or action to take to solve the problem.

    Opportunity → Initiatives:

    People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?

    Process: What processes must be created, changed, or removed based on the data?

    Technology: What systems are required to support this opportunity?

    Break down opportunities into a series of initiatives

    Initiatives
    Centralized repository for research knowledge Technology Acquire and implement knowledge management application
    People Train researchers on functionality
    Process Periodically review and validate data entries into repository
    Initiatives
    Rationalize course creation toolset Technology Retire duplicate or under-used tools
    People Provide training on tool types and align to user needs
    Process Catalog software applications and tools across the organization
    Identify under-used or duplicate tools/applications

    Info-Tech Insight

    Ruthlessly evaluate if a initiative should stand alone or if it can be rolled up with another. Fewer initiatives or opportunities increases focus and alignment, allowing for better communication.

    3.5 Break down opportunities into initiatives

    Objective: Break down opportunities into people, process, and technology initiatives.

    1. Split into groups and identify initiatives required to deliver on each opportunity. Document each initiative on sticky notes.
    2. Have each team answer the following questions to identify initiatives for the prioritized opportunities:
      • People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?
      • Process: What processes must be created, changed, or removed based on the data?
      • Technology: What systems are required to support this opportunity?
    3. Document findings in the Digital Strategy Workbook.

    Input

    • Opportunities

    Output

    • Opportunity initiatives categorized by people, process and technology

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive team

    Phase 4

    Build a digital transformation roadmap

    • Detail initiatives
    • Build a unified roadmap roadmap

    This phase will walk you through the following activities:

    Build a digital transformation roadmap that captures people, process, and technology initiatives.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    • Digital transformation roadmap

    Step 4.1

    Detail initiatives

    Activities

    • Detail initiatives.

    Build a digital transformation roadmap

    This step will walk you through the following activities:

    Detail initiatives for each priority initiative on your horizon.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital business strategy.

    Create initiative profiles for each high-priority initiative on your strategy

    this image contains a screenshot of an example initiative profile

    Step 4.2

    Build a roadmap

    Activities

    • Create a roadmap of initiatives.

    Build a digital transformation roadmap

    Info-Tech Insight

    A roadmap that balances growth opportunities with business resilience will transform your organization for long-term success in the digital economy.

    This step will walk you through the following activities:

    Identify timing of initiatives and build a Gantt chart roadmap.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital transformation and the journey canvases for each of the prioritized journeys.

    Build a roadmap to visualize your key initiative plan

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the initiative from inception through executive inquiry, project management, and finally execution.

    A initiative needs to be discrete: able to be conceptualized and discussed as an independent item. Each initiative must have three characteristics:

    • Specific outcome: Describe an explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.
    this image contains screenshots of a sample roadmap for supporting hybrid course curricula development through value-driven toolsets and centralized knowledge.

    4.2 Build your roadmap (30 minutes)

    1. For the Gantt chart:
      • Input the Roadmap Start Year date.
      • Change the months and year in the Gantt chart to reflect the same roadmap start year.
      • Populate the planned start and planned end date for the pre-populated list of high-priority initiatives in each category (people, process, and technology).

    Input

    • Initiatives
    • Initiative start & end dates
    • Initiative category

    Output

    • Digital strategy roadmap visual

    Materials

    • Digital Strategy Workbook

    Participants

    • Senior Executive

    Learn more about project portfolio management strategy

    Step 4.3

    Create a refresh strategy

    Activities

    • Refresh your strategy.

    Build a digital transformation roadmap

    Info-Tech Insight

    A digital strategy is a design process, it must be revisited to pressure test and account for changes in the external environment.

    This step will walk you through the following activities:

    Detail a refresh strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Refresh strategy

    Create a refresh strategy

    It is important to dedicate time to your strategy throughout the year. Create a refresh plan to assess for the changing business context and its impact on the digital business strategy. Make sure the regular planning cycle is not the primary trigger for strategy review. Put a process in place to review the strategy and make your organization proactive. Start by examining the changes to the business context and how the effect would trickle downwards. It’s typical for organizations to build a refresh strategy around budget season and hold planning and touch points to accommodate budget approval time.
    Example:

    this image contains an example of a refresh strategy.

    4.3 Create a refresh strategy (30 minutes)

    1. Work with the digital strategy creation team to identify the time frequencies the organization should consider to refresh the digital business strategy. Time frequencies can also be events that trigger a review (i.e. changing business goals). Record the different time frequencies in the Refresh of the Digital Business Strategy slide of the section.
    2. Discuss with the team the different audience members for each time frequency and the scope of the refresh. The scope represents what areas of the digital business strategy need to be re-examined and possibly changed.

    Example:

    Frequency Audience Scope Date
    Annually Executive Leadership Resurvey, review/ validate, update schedule Pre-budget
    Touch Point Executive Leadership Status update, risks/ constraints, priorities Oct 2021
    Every Year (Re-build) Executive Leadership Full planning Jan 2022

    Input

    • Digital Business Strategy

    Output

    • Refresh Strategy

    Materials

    • Digital Business Strategy Presentation Template
    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Leaders

    Related Info-Tech Research

    Design a Customer-Centric Digital Operating Model

    Design a Customer-Centric Digital Operating Model

    Establish a new way of working to deliver value on your digital transformation initiatives.

    Develop a Project Portfolio Management Strategy

    Develop a Project Portfolio Management Strategy

    Drive project throughput by throttling resource capacity.

    Adopt Design Thinking in Your Organization

    Adopt Design Thinking in Your Organization

    Innovation needs design thinking.

    Digital Maturity Improvement Service

    Digital Maturity Improvement Service

    Prepare your organization for digital transformation – or risk falling behind.

    Research Contributors and Experts

    Kenneth McGee

    this is a picture of Research Fellow, Kenneth McGee

    Research Fellow
    Info-Tech Research Group

    Kenneth McGee is a Research Fellow within the CIO practice at Info-Tech Research Group and is focused on IT business and financial management issues, including IT Strategy, IT Budgets and Cost Management, Mergers & Acquisitions (M&A), and Digital Transformation. He also has extensive experience developing radical IT cost reduction and return-to-growth initiatives during and following financial recessions.

    Ken works with CIOs and IT leaders to help establish twenty-first-century IT organizational charters, structures, and responsibilities. Activities include IT organizational design, IT budget creation, chargeback, IT strategy formulation, and determining the business value derived from IT solutions. Ken’s research has specialized in conducting interviews with CEOs of some of the world’s largest corporations. He has also interviewed a US Cabinet member and IT executives at the White

    House. He has been a frequent keynote speaker at industry conventions, client sales kick-off meetings, and IT offsite planning sessions.

    Ken obtained a BA in Cultural Anthropology from Dowling College, Oakdale, NY, and has pursued graduate studies at Polytechnic Institute (now part of NYU University). He has been an adjunct instructor at State University of New York, Westchester Community College.

    Jack Hakimian

    this is a picture of Vice President of the Info-Tech Research Group, Jack Hakimian

    Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Bibliography

    Abrams, Karin von. “Global Ecommerce Forecast 2021.” eMarketer, Insider Intelligence, 7 July 2021. Web.

    Christenson, Clayton. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business School, 1997. Book.

    Drucker, Peter F., and Joseph A. Maciariello. Innovation and Entrepreneurship. Routledge, 2015.

    Eagar, Rick, David Boulton, and Camille Demyttenaere. “The Trends in Megatrends.” Arthur D Little, Prism, no. 2, 2014. Web.

    Enright, Sara, and Allison Taylor. “The Future of Stakeholder Engagement.” The Business of a Better World, October 2016. Web.

    Hatem, Louise, Daniel Ker, and John Mitchell. “A roadmap toward a common framework for measuring the digital economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Web.

    Kemp, Simon. “Digital 2021 April Statshot Report.” DataReportal, Global Digital Insights, 21 Apr. 2021. Web.

    Larson, Chris. “Disruptive Innovation Theory: 4 Key Concepts.” Business Insights, Harvard Business School, HBS Online, 15 Nov. 2016. Web.

    McCann, Leah. “Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?” rAVe, 2 July 2020. Web.

    Mochari, Ilan. “The Startup Buzzword Almost Everyone Uses Incorrectly.” Inc., 19 Nov. 2015. Web.

    Osterwalder, Alexander, et al. Value Proposition Design. Wiley, 2014.

    Reed, Laura. “Artificial Intelligence: Is Your Job at Risk?” Science Node, 9 August 2017.

    Rodeck, David. “Alphabet Soup: Understanding the Shape of a Covid-19 Recession.” Forbes, 8 June 2020. Web.

    Tapscott, Don. Wikinomics. Atlantic Books, 2014.

    Taylor, Paul. “Don't Be A Dodo: Adapt to the Digital Economy.” Forbes, 27 Aug. 2015. Web.

    The Business Research Company. "Wholesale Global Market Report 2021: COVID-19 Impact and Recovery to 2030." Research and Markets, January 2021. Press Release.

    “Topic 1: Megatrends and Trends.” BeFore, 11 October 2018.

    “Updated Digital Economy Estimates – June 2021.” Bureau of Economic Analysis, June 2021. Web.

    Williamson, J. N. The Leader Manager. John Wiley & Sons, 1984.

    Corporate security consultancy

    Corporate security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Engage our corporate security consultancy firm to discover any weaknesses within your company’s security management. Tymans Group has extensive expertise in helping small and medium businesses set up clear security protocols to safeguard their data and IT infrastructure. Read on to discover how our consulting firm can help improve corporate security within your company.

    Why should you hire a corporate security consultancy company?

    These days, corporate security includes much more than just regulating access to your physical location, be it an office or a store. Corporate security increasingly deals in information and data security, as well as general corporate governance and responsibility. Proper security protocols not only protect your business from harm, but also play an important factor in your overall success. As such, corporate security is all about setting up practical and effective strategies to protect your company from harm, regardless of whether the threat comes from within or outside. As such, hiring a security consulting firm to improve corporate security and security management within your company is not an unnecessary luxury, but a must.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Improve your corporate security with help from our consulting company

    As a consultancy firm, Tymans Group can help your business to identify possible threats and help set up strategies to avoid them. However, as not all threats can be avoided, our corporate security consultancy firm also helps you set up protocols to mitigate and manage them, as well as help you develop effective incident management protocols. All solutions are practical, people-oriented and based on our extensive experience and thus have proven effectiveness.

    Hire our experienced consultancy firm

    Engage the services of our consulting company to improve corporate security within your small or medium business. Contact us to set up an appointment on-site or book a one-hour talk with expert Gert Taeymans to discuss any security issues you may be facing. We are happy to offer you a custom solution.

    Register to read more …

    The challenge of corporate security management

    • Buy Link or Shortcode: {j2store}41|cart{/j2store}
    • Related Products: {j2store}41|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    Corporate security management is a vital aspect in every modern business, regardless of business area or size. At Tymans Group we offer expert security management consulting to help your business set up proper protocols and security programs. More elaborate information about our security management consulting services and solutions can be found below.

    Corporate security management components

    You may be experiencing one or more of the following:

    • The risk goals should support business goals. Your business cannot operate without security, and security is there to conduct business safely. 
    • Security governance supports security strategy and security management. These three components form a protective arch around your business. 
    • Governance and management are like the legislative branch and the executive branch. Governance tells people what to do, and management's job is to verify that they do it.

    Our advice with regards to corporate security management

    Insight

    To have a successful information security strategy, take these three factors into account:

    • Holistic: your view must include people, processes, and technology.
    • Risk awareness: Base your strategy on the actual risk profile of your company and then add the appropriate best practices.
    • Business-aligned: When your strategic security plan demonstrates alignment with the business goals and supports it, embedding will be much more straightforward.

    Impact and results of our corporate security management approach

    • The approach of our security management consulting company helps to provide a starting point for realistic governance and realistic corporate security management.
    • We help you by implementing security governance and managing it, taking into account your company's priorities, and keeping costs to a minimum.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within the corporate security management domain have access to:

    Get up to speed

    Read up on why you should build your customized corporate information security governance and management system. Review our methodology and understand the four ways we can support you.

    Align your security objectives with your business goals

    Determine the company's risk tolerance.

    • Implement a Security Governance and Management Program – Phase 1: Align Business Goals With Security Objectives (ppt)
    • Information Security Governance and Management Business Case (ppt)
    • Information Security Steering Committee Charter (doc)
    • Information Security Steering Committee RACI Chart (doc)
    • Security Risk Register Tool (xls)

    Build a practical governance framework for your company

    Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.

    • Implement a Security Governance and Management Program – Phase 2: Develop an Effective Governance Framework (ppt)
    • Information Security Charter (doc)
    • Security Governance Organizational Structure Template (doc)
    • Security Policy Hierarchy Diagram (ppt)
    • Security Governance Model Facilitation Questions (ppt)
    • Information Security Policy Charter Template (doc)
    • Information Security Governance Model Tool (Visio)
    • Pdf icon 20x20
    • Information Security Governance Model Tool (PDF)

    Now that you have built it, manage your governance framework.

    There are several essential management activities that we as a security management consulting company suggest you employ.

    • Implement a Security Governance and Management Program – Phase 3: Manage Your Governance Framework (ppt)
    • Security Metrics Assessment Tool (xls)
    • Information Security Service Catalog (xls)
    • Policy Exception Tracker (xls)
    • Information Security Policy Exception Request Form (doc)
    • Security Policy Exception Approval Workflow (Visio)
    • Security Policy Exception Approval Workflow (PDF)
    • Business Goal Metrics Tracking Tool (xls)

    Book an online appointment for more advice

    We are happy to tell you more about our corporate security management solutions and help you set up fitting security objectives. As a security management consulting firm we offer solutions and advice, based on our own extensive experience, which are practical and people-orientated. Discover our services, which include data security management and incident management and book an online appointment with CEO Gert Taeymans to discuss any issues you may be facing regarding risk management or IT governance.

    cybersecurity

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    • Buy Link or Shortcode: {j2store}367|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $129,465 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Processes pertaining to managing the application are inconsistent and do not drive excellence.
    • There is a lack of interdepartmental collaboration between different teams pertaining to the application.
    • There are no formalized roles and responsibilities for governance and support around enterprise applications.

    Our Advice

    Critical Insight

    • Scale the Center of Excellence (CoE) based on business needs. There is flexibility in how extensively the CoE methodology is applied and rigidity in how consistently it should be used.
    • The CoE is a refinery. It takes raw inputs from the business and produces an enhanced product, removing waste and isolating it from re-entering day-to-day operations.
    • Excellence is about people as much as it is about process. Documented best practices should include competencies, key resources, and identified champions to advocate the CoE practice.

    Impact and Result

    • Formalize roles and responsibilities for all application initiatives.
    • Develop a standard process of governance and oversight surrounding the application.
    • Develop a comprehensive support network that consists of IT, the business, and external stakeholders to address issues and problem areas surrounding the application.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a Center of Excellence for your enterprise application, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a vision for the CoE

    Understand the importance of developing an enterprise application CoE, define its scope, and identify key stakeholders.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 1: Create a Vision for the Center of Excellence
    • Enterprise Application Center of Excellence Project Charter

    2. Design the CoE future state

    Gather high-level requirements to determine the ideal future state.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 2: Design the Center of Excellence Future State
    • Center of Excellence Refinery Model Template

    3. Develop a CoE roadmap

    Assess the required capabilities to reach the ideal state CoE.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 3: Develop a Center of Excellence Roadmap
    • Center of Excellence Exceptions Report
    • Track and Measure Benefits Tool
    • Enterprise Application Center of Excellence Stakeholder Presentation Template
    [infographic]

    Workshop: Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create a Vision for the CoE

    The Purpose

    Understand the importance of developing a CoE for enterprise applications.

    Determine how to best align the CoE mandate with business objectives.

    Complete a CoE project charter to gain buy-in, build a project team, and track project success. 

    Key Benefits Achieved

    Key stakeholders identified.

    Project team created with defined roles and responsibilities.

    Project charter finalized to gain buy-in.

    Activities

    1.1 Evaluate business needs and priorities.

    1.2 Identify key stakeholders and the project team.

    1.3 Align CoE with business priorities.

    1.4 Map current state CoE.

    Outputs

    Project vision

    Defined roles and responsibilities

    Strategic alignment of CoE and the business

    CoE current state schematic

    2 Design the CoE Future State

    The Purpose

    Gain a thorough understanding of pains related to the lack of application governance.

    Identify and recycle existing CoE practices.

    Visualize the CoE enhancement process.

    Visualize your ideal state CoE. 

    Key Benefits Achieved

    Requirements to strengthen the case for the enterprise application CoE.

    CoE value-add refinery.

    Future potential of the CoE.

    Activities

    2.1 Gather requirements.

    2.2 Map the CoE enhancement process.

    2.3 Sketch future state CoE.

    Outputs

    Classified pains, opportunities, and existing practices

    CoE refinery model

    Future state CoE sketch

    3 Develop a CoE Roadmap

    The Purpose

    Assess required capabilities and resourcing.

    List and prioritize CoE initiatives.

    Track and monitor CoE performance. 

    Key Benefits Achieved

    Next steps for the enterprise application CoE.

    CoE resourcing plan.

    CoE benefits realization tracking.

    Activities

    3.1 Build CoE capabilities.

    3.2 Identify risks and mitigation efforts.

    3.3 Prioritize and track CoE initiatives.

    3.4 Finalize stakeholder presentation.

    Outputs

    CoE potential capabilities

    Risk management plan

    CoE initiatives roadmap

    CoE stakeholder presentation

    Renovate the Data Center

    • Buy Link or Shortcode: {j2store}497|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Center & Facilities Optimization
    • Parent Category Link: /data-center-and-facilities-optimization
    • 33% of enterprises will be undertaking facility upgrades or refreshes in 2010 aimed at extending the life of their existing data centers.
    • Every upgrade or refresh targeting specific components in the facility to address short-term pain will have significant impact on the data center environment as a whole. Planning upfront and establishing a clear project scope will minimize expensive changes in later years.
    • This solution set will provide you with step-by-step design, planning, and selection tools to define a Data Center renovation plan to reduce cost and risk while supporting cost-effective long-term growth for power, cooling, standby power, and fire protection renovations.

    Our Advice

    Critical Insight

    • 88% of organizations cited they would spend more time and effort on documenting and identifying facility requirements for initial project scoping. Organizations can prevent scope creep by conducting the necessary project planning up front and identify requirements and the effect that the renovation project will have in all areas of the data center facility.
    • Data Center facilities renovations must include the specific requirements related to power provisioning, stand-by power, cooling, and fire protection - not just the immediate short-term pain.
    • 39% of organizations cited they would put more emphasis on monitoring contractor management and performance to improve the outcome of the data center renovation project.

    Impact and Result

    • Early internal efforts to create a budget and facility requirements yields better cost and project outcomes when construction begins. Each data center renovation project is unique and should have its own detailed budget.
    • Upfront planning and detailed project scoping can prevent a cascading impact on data center renovation projects to other areas of the data center that can increase project size, scope and spend.
    • Contractor selection is one of the most important first steps in a complex data center renovation. Organizations must ensure the contractor selected has experience specifically in data center renovation.

    Renovate the Data Center Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and understand the renovation project.

    • Storyboard: Renovate the Data Center
    • None
    • Data Center Annual Review Checklist

    2. Renovate power in the data center.

    • Data Center Power Requirements Calculator

    3. Renovate cooling in the data center.

    • Data Center Cooling Requirements Calculator

    4. Renovate standby power in the data center.

    • Data Center Standby Power Requirements Calculator

    5. Define current and future fire protection requirements.

    • Fire Protection & Suppression Engineer Selection Criteria Checklist
    • None

    6. Assess the opportunities and establish a clear project scope.

    • Data Center Renovation Project Charter
    • Data Center Renovation Project Planning & Monitoring Tool

    7. Establish a budget for the data center renovation project.

    • Data Center Renovation Budget Tool

    8. Select a general contractor to execute the project.

    • None
    • Data Center Renovation Contractor Scripted Interview
    • Data Center Renovation Contractor Scripted Interview Scorecard
    • Data Center Renovation Contractor Reference Checklist
    [infographic]

    Data Quality

    • Buy Link or Shortcode: {j2store}19|cart{/j2store}
    • Related Products: {j2store}19|crosssells{/j2store}
    • Teaser Video: Visit Website
    • Teaser Video Title: Big data after pandemic
    • member rating overall impact: 8.3/10
    • member rating average dollars saved: $5,100
    • member rating average days saved: 8
    • Parent Category Name: Data and Business Intelligence
    • Parent Category Link: /data-and-business-intelligence
    Restore trust in your data by aligning your data management approach to the business strategy

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}366|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Regulatory and Compliance Risk Impacts to Your Organization Storyboard – Use the research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Storyboard

    2. Regulatory Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Regulatory Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Risk Impacts on Your Organization

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.

    Analyst perspective

    Organizations must understand the regulatory damage vendors may cause from lack of compliance.

    Frank Sewell.

    The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance.

    As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance.

    Frank Sewell,

    Research Director, Vendor Management

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Regulatory and Compliance risk impacts

    Potential losses to the organization due regulatory and compliance incidents.

    • In this blueprint we’ll:
      • Explore regulatory and compliance risks and their impacts.
      • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational. Regulatory & Compliance is highlighted on the cube.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.

    When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    45%

    Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers.

    2022 McKinsey

    61%

    Of compliance officers expect to increase investment in their compliance function over the next two years.

    2022 Accenture

    $770k+

    Breaches involving third-party vendors cost more on average.

    2022 HIT Consultant.net

    Regulatory Compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    Review your expectations with your vendors and hold them accountable.

    Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Regulatory Guidance and Industry Standards

    Are you confident your vendors meet your standards?

    Identify and manage regulatory and compliance risks

    Environmental, Social, Governance (ESG)
    Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.

    Data Protection
    Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and Acquisitions
    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    What to look for

    Identify regulatory and compliance risk impacts.

    • Is there a record of complaints against the vendor from their employees or customers?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for regulatory violations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term, with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess third-party risk

    1. Review Organizational Regulations
    2. Understand the organization’s regulatory risks to prepare for the “What If” game exercise.

    3. Identify & Understand Potential Regulatory-Compliance Risks
    4. Play the “What If” game with the right people at the table.

    5. Create a Risk Profile Packet for Leadership
    6. Pull all the information together in a presentation document.

    7. Validate the Risks
    8. Work with leadership to ensure that the proposed risks are in line with their thoughts.

    9. Plan to Manage the Risks
    10. Lower the overall risk potential by putting mitigations in place.

    11. Communicate the Plan
    12. It is important not only to have a plan but also to socialize it in the organization for awareness.

    13. Enact the Plan
    14. Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Identifying regulatory and compliance risks

    Who should be included in the discussion.

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from regulatory risk experts within your organization will enhance your long-term potential for successful compliance.
    • Involving those who not only directly manage vendors but also understand your regulatory requirements will aid in determining the path forward for relationships with your current vendors, and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor regulatory and compliance risk impacts

    How could your vendors fall out of compliance?

    • Review vendors’ downstream connections to understand thoroughly with whom you are in business.
      • Monitor their regulatory stance as it could reflect on your organization.
    • Institute proper vendor lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to consistently do so is a recipe for disaster.
    • Develop IT risk governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your regulatory requirements for new and changing risks.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly.

    Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and update our plans.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Regulatory Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
    Input Output
    • List of identified potential risk scenarios scored by regulatory-compliance impact
    • List of potential mitigations of the scenarios to reduce the risk
    • Comprehensive regulatory risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Regulatory Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    The image contains a screenshot demonstrating high risk example from the tool.

    How to mitigate:

    Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    Low risk example from tool

    The image contains a screenshot demonstrating low risk example from the tool.

    Summary

    Seek to understand all regulatory requirements to obtain compliance.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Those organizations that consistently follow their established risk assessment and due diligence processes are better positioned to avoid penalties.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Keeping up with the ever-changing regulations can make compliance a difficult task.

    Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Info-Tech Insight

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.


    Bibliography

    Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
    Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
    Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Create Stakeholder-Centric Architecture Governance

    • Buy Link or Shortcode: {j2store}583|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $3,099 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Traditional enterprise architecture management (EAM) caters to only 10% – the IT people, and not to the remaining 90% of the organization.
    • EAM practices do not scale well with the agile way of working and are often perceived as "bottlenecks” or “restrictors of design freedom.”
    • The organization scale does not justify a full-fledged EAM with many committees, complex processes, and detailed EA artifacts.

    Our Advice

    Critical Insight

    Architecture is a competency, not a function. Project teams, including even business managers outside of IT, can assimilate “architectural thinking.”

    Impact and Result

    Increase business value through the dissemination of architectural thinking throughout the organization. Maturing your EAM practices beyond a certain point does not help.

    Create Stakeholder-Centric Architecture Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here

    Improve benefits from your enterprise architecture efforts through the dissemination of architecture thinking throughout your organization.

    • Create Stakeholder-Centric Architecture Governance Storyboard
    [infographic]

    Master Your Security Incident Response Communications Program

    • Buy Link or Shortcode: {j2store}321|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $2,339 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • When a significant security incident is discovered, usually very few details are known for certain. Nevertheless, the organization will need to say something to affected stakeholders.
    • Security incidents tend to be ongoing situations that last considerably longer than other types of crises, making communications a process rather than a one-time event.
    • Effective incident response communications require collaboration from: IT, Legal, PR, and HR – groups that often speak “different languages.”

    Our Advice

    Critical Insight

    • There’s no such thing as successful incident response communications; strive instead for effective communications. There will always be some fallout after a security incident, but it can be effectively mitigated through honesty, transparency, and accountability.
    • Effective external communications begin with effective internal communications. Security Incident Response Team members come from departments that don’t usually work closely with each other. This means they often have different ways of thinking and speaking about issues. Be sure they are familiar with each other before a crisis occurs.
    • You won’t save face by withholding embarrassing details. Lying only makes a bad situation worse, but coming clean and acknowledging shortcomings (and how you’ve fixed them) can go a long way towards restoring stakeholders’ trust.

    Impact and Result

    • Effective and efficient management of security incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities: communications must be integrated into each of these phases.
    • Understand that prior planning helps to take the guesswork out of incident response communications. By preparing for several different types of security incidents, the communications team will get used to working with each other, as well as learning what strategies are and are not effective. Remember, the communications team contains diverse members from various departments, and each may have different ideas about what information is important to release.

    Master Your Security Incident Response Communications Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a security incident response communications plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Dive into communications planning

    This phase addresses the benefits and challenges of incident response communications and offers advice on how to assemble a communications team and develop a threat escalation protocol.

    • Master Your Security Incident Response Communications Program – Phase 1: Dive Into Communications Planning
    • Security Incident Management Plan

    2. Develop your communications plan

    This phase focuses on creating an internal and external communications plan, managing incident fallout, and conducting a post-incident review.

    • Master Your Security Incident Response Communications Program – Phase 2: Develop Your Communications Plan
    • Security Incident Response Interdepartmental Communications Template
    • Security Incident Communications Policy Template
    • Security Incident Communications Guidelines and Templates
    • Security Incident Metrics Tool
    • Tabletop Exercises Package
    [infographic]

    Integrate IT Risk Into Enterprise Risk

    • Buy Link or Shortcode: {j2store}195|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Our Advice

    Critical Insight

    • Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize the organization’s ability to respond to risk.

    Impact and Result

    • Understand gaps in the organization’s current approach to risk management practices.
    • Establish a standardized approach for how IT risks impact the enterprise as a whole.
    • Drive a risk-aware organization toward innovation and consider alternative options for how to move forward.
    • Integrate IT risks into the foundational risk practice.

    Integrate IT Risk Into Enterprise Risk Research & Tools

    Integrated Risk Management Capstone – A framework for how IT risks can be integrated into your organization’s enterprise risk management program to enable strategic risk-informed decisions.

    This is a capstone blueprint highlighting the benefits of an integrated risk management program that uses risk information and data to inform strategic decision making. Throughout this research you will gain insight into the five core elements of integrating risk through assessing, governing, defining the program, defining the process, and implementing.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Integrate IT Risk Into Enterprise Risk Capstone
    • Integrated Risk Maturity Assessment
    • Risk Register Tool

    Infographic

    Further reading

    Integrate IT Risk Into Enterprise Risk

    Don’t fear IT risks, integrate them.

    EXECUTIVE BRIEF

    Analyst Perspective

    Having siloed risks is risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Petar Hristov Research Director, Security, Privacy, Risk & Compliance.
    Petar Hristov
    Research Director, Security, Privacy, Risk & Compliance
    Photo of Ian Mulholland Research Director, Security, Risk & Compliance.
    Ian Mulholland
    Research Director, Security, Risk & Compliance
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice
    Ibrahim Abdel-Kader
    Research Analyst, CIO Practice

    Every organization has a threshold for risk that should not be exceeded, whether that threshold is defined or not.

    In the age of digital, information and technology will undoubtedly continue to expand beyond the confines of the IT department. As such, different areas of the organization cannot address these risks in silos. A siloed approach will produce different ways of identifying, assessing, responding to, and reporting on risk events. Integrated risk management is about embedding IT uncertainty to inform good decision making across the organization.

    When risk is integrated into the organization's enterprise risk management program, it enables a single view of all risks and the potential impact of each risk event. More importantly, it provides a consistent view of the risk event in relation to uncertainty that might have once been seemingly unrelated to IT.

    And all this can be achieved while remaining within the enterprise’s clearly defined risk appetite.

    Executive Summary

    Your Challenge

    Most organizations fail to integrate IT risks into enterprise risks:

    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Common Obstacles

    IT leaders have to overcome these obstacles when it comes to integrating risk:

    • Making business leaders aware of, involved in, and able to respond to all enterprise risks.
    • A lack of data or information being used to support a holistic risk management process.
    • A low level of enterprise risk maturity.
    • A lack of risk management capabilities.

    Info-Tech’s Approach

    By leveraging the Info-Tech Integrated Risk approach, your business can better address and embed risk by:

    • Understanding gaps in the organization’s current approach to risk management practices.
    • Establishing a standardized approach for how IT risks impact the enterprise as a whole.
    • Driving a risk-aware organization toward innovation and considering alternative options for how to move forward.
    • Helping integrate IT risks into the foundational risk practice.

    Info-Tech Insight

    Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize its ability to respond to risk.

    What is integrated risk management?

    • Integrated risk management is the process of ensuring all forms of risk information, including information and technology, are considered and included in the enterprise’s risk management strategy.
    • It removes the siloed approach to classifying risks related to specific departments or areas of the organization, recognizing that each of those risks is a threat to the overarching enterprise.
    • Aggregating the different threats or uncertainty that might exist within an organization allows for informed decisions to be made that align to strategic goals and continue to drive value back to the business.
    • By holistically considering the different risks, the organization can make informed decisions on the best course of action that will reduce any negative impacts associated with the uncertainty and increase the overall value.

    Enterprise Risk Management (ERM)

    • IT
    • Security
    • Digital
    • Vendor/Third Party
    • Other

    Enterprise risk management is the practice of identifying and addressing risks to your organization and using risk information to drive better decisions and better opportunities.

    IT risk is enterprise risk

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Your challenge

    Embedding IT risks into the enterprise risk management program is challenging because:

    • Most organizations classify risks based on the departments or areas of the business where the uncertainty is likely to happen.
    • Unnecessary expectations are placed on the IT department to own risks over which they have no authority or oversight.
    • Risks are often only identified when conducting due diligence for a project or ensuring compliance with regulations and standards.

    Risk-mature organizations have a unique benefit in that they often have established an overarching governance framework and embedded risk awareness into the culture.

    35% — Only 35% of organizations had embraced ERM in 2020. (Source: AICPA and NC State Poole College of Management)

    12% — Only 12% of organizations are leveraging risk as a tool to their strategic advantage. (Source: AICPA and NC State Poole College of Management)

    Common obstacles

    These barriers make integrating IT risks difficult to address for many organizations:

    • IT risks are not seen as enterprise risks.
    • The organization’s culture toward risk is not defined.
    • The organization’s appetite and threshold for risk are not defined.
    • Each area of the organization has a different method of identifying, assessing, and responding to risk events.
    • Access to reliable and informative data to support risk management is difficult to obtain.
    • Leadership does not see the business value of integrating risk into a single management program.
    • The organization’s attitudes and behaviors toward risk contradict the desired and defined risk culture.
    • Skills, training, and resources to support risk management are lacking, let alone those to support integrated risk management.

    Integrating risks has its challenges

    62% — Accessing and disseminating information is the main challenge for 62% of organizations maturing their organizational risk management. (Source: OECD)

    20-28% — Organizations with access to machine learning and analytics to address future risk events have 20 to 28% more satisfaction. (Source: Accenture)

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in Enterprise Risk Management.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Integrated Risk Mapping — Downside Risk Focus

    A diagram titled 'Risk and Controls' beginning with 'Possible Sources' and a list of sources, 'Control Activities' to prevent, the 'RISK EVENT', 'Recovery Activities' to recover, and 'Possible Repercussions' with a list of ramifications.

    Integrated Risk Mapping — Downside and Upside Risk

    Third-Party Risk Example

    Example of a third-party risk mapped onto the diagram on the previous slide, but with potential upsides mapped out as well. The central risk event is 'Vendor exposes private customer data'. Possible Sources of the downside are 'External Attack' with likelihood prevention method 'Define security standard requirements for vendor assessment' and 'Exfiltration of data through fourth-party staff' with likelihood prevention method 'Ensure data is properly classified'. Possible Sources of the upside are 'Application rationalization' with likelihood optimization method 'Reduce number of applications in environment' and 'Review vendor assessment practices' with likelihood optimization method 'Improve vendor onboarding'. Possible Repercussions on the downside are 'Organization unable to operate in jurisdiction' with impact minimization method 'Engage in-house risk mitigation responses' and 'Fines levied against organization' with impact minimization method 'Report incident to any regulators'. Possible Repercussions on the upside are 'Easier vendor integration and management' with impact utilization method 'Improved vendor onboarding practices' and 'Able to bid on contracts with these requirements' with impact utilization method 'Vendors must provide attestations (e.g. SOC or CMMC)'.

    Insight Summary

    Overarching insight

    Stop fearing risk – integrate it. Integration leads to opportunities for organizations to embrace innovation and new digital technologies as well as reducing operational costs and simplifying reporting.

    Govern risk strategically

    Governance of risk management for information- and technology-related events is often misplaced. Just because it's classified as an IT risk does not mean it shouldn’t be owned by the board or business executive.

    Assess risk maturity

    Integrating risk requires a baseline of risk maturity at the enterprise level. IT can push integrating risks, but only if the enterprise is willing to adopt the attitudes and behaviors that will drive the integrated risk approach.

    Manage risk

    It is not a strategic decision to have different areas of the organization manage the risks perceived to be in their department. It’s the easy choice, but not the strategic one.

    Implement risk management

    Different areas of an enterprise apply risk management processes differently. Determining a single method for identification, assessment, response, and monitoring can ensure successful implementation of enterprise risk management.

    Tactical insight

    Good risk management will consider both the positives and negatives associated with a risk management program by recognizing both the upside and downside of risk event impact and likelihood.

    Integrated risk benefits

    IT Benefits

    • IT executives have a responsibility but not accountability when it comes to risk. Ensure the right business stakeholders have awareness and ability to make informed risk decisions.
    • Controls and responses to risks that are within the “IT” realm will be funded and provided with sufficient support from the business.
    • The business respects and values the role of IT in supporting the enterprise risk program, elevating its role into business partner.

    Business Benefits

    • Business executives and boards can make informed responses to the various forms of risk, including those often categorized as “IT risks.”
    • The compounding severity of risks can be formally assessed and ideally quantified to provide insight into how risks’ ramifications can change based on scenarios.
    • Risk-informed decisions can be used to optimize the business and drive it toward adopting innovation as a response to risk events.
    • Get your organization insured against cybersecurity threats at the lowest premiums possible.

    Measure the value of integrating risk

    • Reduce Operating Costs

      • Organizations can reduce their risk operating costs by 20 to 30% by adopting enterprise-wide digital risk initiatives (McKinsey & Company).
    • Increase Cybersecurity Threat Preparedness

      • Increase the organization’s preparedness for cybersecurity threats. 79% of organizations that were impacted by email threats in 2020 were not prepared for the hit (Diligent)
    • Increase Risk Management’s Impact to Drive Strategic Value

      • Currently, only 3% of organizations are extensively using risk management to drive their unique competitive advantage, compared to 35% of companies who do not use it at all (AICPA & NC State Poole College of Management).
    • Reduce Lost Productivity for the Enterprise

      • Among small businesses, 76% are still not considering purchasing cyberinsurance in 2021, despite the fact that ransomware attacks alone cost Canadian businesses $5.1 billion in productivity in 2020 (Insurance Bureau of Canada, 2021).

    “31% of CIO’s expected their role to expand and include risk management responsibilities.” (IDG “2021 State of the CIO,” 2021)

    Make integrated risk management sustainable

    58%

    Focus not just on the preventive risk management but also the value-creating opportunities. With 58% of organizations concerned about disruptive technology, it’s an opportunity to take the concern and transform it into innovation. (Accenture)

    70%

    Invest in tools that have data and analytics features. Currently, “gut feelings” or “experience” inform the risk management decisions for 70% of late adopters. (Clear Risk)

    54%

    Align to the strategic vision of the board and CEO, given that these two roles account for 54% of the accountability associated with extended enterprise risk management. (Extended Enterprise Risk Management Survey, 2020,” Deloitte)

    63%

    Include IT leaders in the risk committee to help informed decision making. Currently 63% of chief technology officers are included in the C‑suite risk committee. (AICPA & NC State Poole College of Management)

    Successful adoption of integrated risk management is often associated with these key elements.

    Assessment

    Assess your organization’s method of addressing risk management to determine if integrated risk is possible

    Assessing the organization’s risk maturity

    Mature or not, integrated risk management should be a consideration for all organizations

    The first step to integrating risk management within the enterprise is to understand the organization’s readiness to adopt practices that will enable it to successfully integrate information.

    In 2021, we saw enterprise risk management assessments become one of the most common trends, particularly as a method by which the organization can consolidate the potential impacts of uncertainties or threats (Lawton, 2021). A major driver for this initiative was the recognition that information and technology not only have enterprise-wide impacts on the organization’s risk management but that IT has a critical role in supporting processes that enable effective access to data/information.

    A maturity assessment has several benefits for an organization: It ensures there is alignment throughout the organization on why integrated risk is the right approach to take, it recognizes the organization’s current risk maturity, and it supports the organization in defining where it would like to go.

    Pie chart titled 'Organizational Risk Management Maturity Assessment Results' showing just under half 'Progressing', a third 'Established', a seventh 'Emerging', and a very small portion 'Leading or Aspirational'.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understand the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Maturity should inform your approach to risk management

    The outcome of the risk maturity assessment should inform how risk management is approached within the organization.

    A row of waves starting light and small and becoming taller and darker in steps. The levels are 'Non-existent', 'Basic', 'Partially Integrated', 'Mostly Integrated', 'Fully Integrated', and 'Optimized'.

    For organizations with a low maturity, remaining superficial with risk will offer more benefits and align to the enterprise’s risk tolerance and appetite. This might mean no integrated risk is taking place.

    However, organizations that have higher risk maturity should begin to integrate risk information. These organizations can identify the nuances that would affect the severity and impact of risk events.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM).

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment

    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization

    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organization.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    Review Your Application Strategy

    • Buy Link or Shortcode: {j2store}82|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Over 80% of CXOs experience frustration with IT’s failure to deliver business value.
    • Sixty percent of CEOs believe that improvement is required around IT’s understanding of business goals.
    • Sixty percent of IT professionals know there is an opportunity to run applications more efficiently, eliminating wasteful or low-value activities.

    Our Advice

    Critical Insight

    • Organizations need to better align their application strategy with their business strategy as they proceed through tactical initiatives.
    • Application strategies provide guidance on how they will help the organization survive and thrive.

    Impact and Result

    Aligning your business with applications through your strategy will not only increase business satisfaction but also help to ensure you’re delivering applications that enable the organization’s goals.

    Review Your Application Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have an application strategy and why you should use Info-Tech’s approach to review it. Learn how we can support you in completing this strategy and review.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your strategy

    This review guide provides organizations with a detailed assessment of their application strategy, ensuring that the applications enable the business strategy so that the organization can be more effective.The assessment provides criteria and exercises to provide actionable outcomes.

    • Application Strategy Assessment Tool
    • Application Strategy Action Plan Report Template
    • Application Strategy Sample Action Plan Report
    [infographic]

    Data security consultancy

    Data security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Data security consultancy makes up one of Tymans Group’s areas of expertise as a corporate consultancy firm. We are happy to offer our insights and solutions regarding data security and risk to businesses, both through online and offline channels. Read on and discover how our consultancy company can help you set up practical data security management solutions within your firm.

    How our data security consultancy services can help your company

    Data security management should be an important aspect of your business. As a data security consultancy firm, Tymans Group is happy to assist your small or medium-sized enterprise with setting up clear protocols to keep your data safe. As such, we can advise on various aspects comprising data security management. This ranges from choosing a fit-for-purpose data architecture to introducing IT incident management guidelines. Moreover, we can perform an external IT audit to discover which aspects of your company’s data security are vulnerable and which could be improved upon.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Discover our practical data security management solutions

    Data security is just one aspect with which our consultancy firm can assist your company. Tymans Group offers its extensive expertise in various corporate management domains, such as quality management and risk management. Our solutions all stem from our vast expertise and have proven their effectiveness. Moreover, when you choose to employ our consultancy firm for your data security management, you benefit from a holistic, people-oriented approach.

    Set up an appointment with our experts

    Do you wish to learn more about our data security management solutions and services for your company? We are happy to analyze any issues you may be facing and offer you a practical solution if you contact us for an appointment. You can book a one-hour online talk or elect for an on-site appointment with our experts. Contact us to set up your appointment now.

    Register to read more …

    Applications Priorities 2023

    • Buy Link or Shortcode: {j2store}186|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.
    • These tools and technologies must meet the top business goals of CXOs: ensure service continuity, improve customer experience, and make data-driven decisions.
    • While today’s business applications are good and well received, there is still room for improvement. The average business application satisfaction score among IT leadership was 72% (n=1582, CIO Business Vision).

    Our Advice

    Critical Insight

    • Applications are critical components in any business strategic plan. They can directly influence an organization’s internal and external brand and reputation, such as their uniqueness, competitiveness and innovativeness in the industry
    • Business leaders are continuously looking for innovative ways to better position their application portfolio to satisfy their goals and objectives, i.e., application priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfies the different needs very different customers, stakeholders, and users.
    • Unfortunately, expectations on your applications team have increased while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    Impact and Result

    Learn and explore the technology and practice initiatives in this report to determine which initiatives should be prioritized in your application strategy and align to your business organizational objectives:

    • Optimize the effectiveness of the IT organization.
    • Boost the productivity of the enterprise.
    • Enable business growth through technology.

    Applications Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Applications Priorities Report 2023 – A report that introduces and describes five opportunities to prioritize in your 2023 application strategy.

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the ambitions of your organization.

    • Applications Priorities 2023 Report

    Infographic

    Further reading

    Applications Priorities 2023

    Applications are the engine of the business: keep them relevant and modern

    What we are facing today is transforming the ways in which we work, live, and relate to one another. Applications teams and portfolios MUST change to meet this reality.

    Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.

    As organizations continue to strengthen business continuity, disaster recovery, and system resilience, activities to simply "keep the lights on" are not enough. Be pragmatic in the prioritization and planning of your applications initiatives, and use your technologies as a foundation for your growth.

    Your applications must meet the top business goals of your CXOs

    • Ensure service continuity
    • Improve customer experience
    • Make data-driven decisions
    • Maximize stakeholder value
    • Manage risk

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Select and align your applications priorities to your business goals and objectives

    Applications are critical components in any business strategic plan. They can directly influence an organization's internal and external brand and reputation, such as their:

    • Uniqueness, competitiveness, and innovativeness in the industry.
    • Ability to be dynamic, flexible, and responsive to changing expectations, business conditions, and technologies.

    Therefore, business leaders are continuously looking for innovative ways to better position their application portfolios to satisfy their goals and objectives, i.e. applications priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfy
    the different needs of very different customers, stakeholders, and users.

    Today's business applications are good but leave room for improvement

    72%
    Average business application satisfaction score among IT leadership in 1582 organizations.

    Source: CIO Business Vision, August 2021 to July 2022, N=190.

    Five Applications Priorities for 2023

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the Ambitions of your organization.

    this is an image of the Five Applications Priorities for which will be addressed in this blueprint.

    Strengthen your foundations to better support your applications priorities

    These key capabilities are imperative to the success of your applications strategy.

    KPI and Metrics

    Easily attainable and insightful measurements to gauge the progress of meeting strategic objectives and goals (KPIs), and the performance of individual teams, practices and processes (metrics).

    BUSINESS ALIGNMENT

    Gain an accurate understanding and interpretation of stakeholder, end-user, and customer expectations and priorities. These define the success of business products and services considering the priorities of individual business units and teams.

    EFFICIENT DELIVERY & SUPPORT PRACTICE

    Software delivery and support roles, processes, and tools are collaborative, well equipped and resourced, and optimized to meet changing stakeholder expectations.

    Data Management & Governance

    Ensuring data is continuously reliable and trustworthy. Data structure and integrations are defined, governed, and monitored.

    Product & Service Ownership

    Complete inventory and rationalization of the product and service portfolio, prioritized backlogs, roadmaps, and clear product and service ownership with good governance. This helps ensure this portfolio is optimized to meet its goals and objectives.

    Strengthen your foundations to better support your applications priorities (cont'd)

    These key capabilities are imperative to the success of your applications strategy.

    Organizational Change Management

    Manage the adoption of new and modified processes and technologies considering reputational, human, and operational concerns.

    IT Operational Management

    Continuous monitoring and upkeep of products and services to assure business continuity, and system reliability, robustness and disaster recovery.

    Architectural Framework

    A set of principles and standards that guides the consistent, sustainable and scalable growth of enterprise technologies. Changes to the architecture are made in collaboration with affected parties, such as security and infrastructure.

    Application Security

    The measures, controls, and tactics at the application layer that prevent vulnerabilities against external and internal threats and ensure compliance to industry and regulatory security frameworks and standards.

    There are many factors that can stand in your team's way

    Expectations on your applications team have increased, while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    1. Attracting and retaining talent
    2. Maximizing the return on technology
    3. Confidently shifting to digital
    4. Addressing competing priorities
    5. Fostering a collaborative culture
    6. Creating high-throughput teams

    CIOs agree that at least some improvement is needed across key IT activities

    A bar graph is depicted which shows the proportion of CIOs who believe that some, or significant improvement is necessary for the following categories: Measure IT Project Success; Align IT Budget; Align IT Project Approval Process; Measure Stakeholder Satisfaction With IT; Define and Align IT Strategy; Understand Business Goals

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Pressure Point 1:
    Attracting and Retaining Talent

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Lack of employee empowerment and few opportunities for learning and development.
    • Poor coworker and manager relationships.
    • Compensation and benefits are inadequate to maintain desired quality of life.
    • Unproductive work environment and conflicting balance of work and life.
    • Unsatisfactory employee experience, including lack of employee recognition
      and transparency of organizational change.

    While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing.
    62% of organizations reported increased working hours, while 80% reported an increase in flexibility.
    Source: McLean & Company, 2022; n=394.

    Be strategic in how you fill and train key IT skills and capabilities

    • Cybersecurity
    • Big Data/Analytics
    • Technical Architecture
    • DevOps
    • Development
    • Cloud

    Source: Harvey Nash Group, 2021; n=2120.

    Pressure Point 2:
    Maximizing the Return of Technology

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Inability to analyze, propose, justify, and communicate modernization solutions in language the stakeholders understand and in a way that shows they clearly support business priorities and KPIs and mitigate risks.
    • Little interest in documenting and rationalizing products and services through business-IT collaboration.
    • Lack of internal knowledge of the system and loss of vendor support.
    • Undefined, siloed product and service ownership and governance, preventing solutions from working together to collectively deliver more value.
    • Little stakeholder appetite to invest in activities beyond "keeping the lights on."

    Only 64% of applications were identified as effective by end users.
    Effective applications are identified as at least highly important and have high feature and usability satisfaction.
    Source: Application Portfolio Assessment, August 2021 to July 2022; N=315.

    "Regardless of the many definitions of modernization floating around, the one characteristic that we should be striving for is to ensure our applications do an outstanding job of supporting the users and the business in the most effective and efficient manner possible."
    Source: looksoftware.

    Pressure Point 3:
    Confidently Shifting to Digital

    "Going digital" reshapes how the business operates and drives value by optimizing how digital and traditional technologies and tactics work together. This shift often presents significant business and technical risks to business processes, enterprise data, applications, and systems which stakeholders and teams are not aware of or prepared to accommodate.

    Address the underlying challenges

    • Differing perspectives on digital can lead to disjointed transformation initiatives, oversold benefits, and a lack of synergy among digital technologies and processes.
    • Organizations have difficulty adapting to new technologies or rethinking current business models, processes, and ways of working because of the potential human, ethical, and reputational impacts and restrictions from legacy systems.
    • Management lacks a framework to evaluate how their organization manages and governs business value delivery.
    • IT is not equipped or resourced to address these rapidly changing business, customer, and technology needs.
    • The wrong tools and technologies were chosen to support the shift to digital.

    The shift to digital processes is starting, but slowly.
    62% of respondents indicated that 1-20% of their processes were digitized during the past year.
    Source: Tech Trends and Priorities 2023; N=500

    Resistance to change and time/budget constraints are top barriers preventing companies from modernizing their applications.
    Source: Konveyor, 2022; n=600.

    Pressure Point 4:
    Addressing Competing Priorities

    Enterprise products and services are not used, operated, or branded in isolation. The various parties involved may have competing priorities, which often leads to disagreements on when certain business and technology changes should be made and how resources, budget, and other assets should be allocated. Without a broader product vision, portfolio vision, and roadmap, the various dependent or related products and services will not deliver the same level of value as if they were managed collectively.

    Address the underlying challenges

    • Undefined product and service ownership and governance, including escalation procedures when consensus cannot be reached.
    • Lack of a unified and grounded set of value and quality definitions, guiding principles, prioritization standards, and broad visibility across portfolios, business capabilities, and business functions.
    • Distrust between business units and IT teams, which leads to the scaling of unmanaged applications and fragmented changes and projects.
    • Decisions are based on opinions and experiences without supporting data.

    55% of CXOs stated some improvement is necessary in activities to understand business goals.
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    CXOs are moderately satisfied with IT's performance as a business partner (average score of 69% among all CXOs). This sentiment is similarly felt among CIOs (64%).
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    Pressure Point 5:
    Fostering a Collaborative Culture

    Culture impacts business results, including bottom-line revenue and productivity metrics. Leaders appreciate the impact culture can have on applications initiatives and wish to leverage this. How culture translates from an abstract concept to something that is measurable and actionable is not straightforward. Executives need to clarify how the desired culture will help achieve their applications strategy and need to focus on the items that will have the most impact.

    Address the underlying challenges

    • Broad changes do not consider the unique subcultures, personalities, and behaviors of the various teams and individuals in the organization.
    • Leaders mandate cultural changes without alleviating critical barriers and do not embody the principles of the target state.
    • Bureaucracy and politics restrict changes and encourage the status quo.
    • Industry standards, technologies, and frameworks do not support or cannot be tailored to fit the desired culture.
    • Some teams are deliberately excluded from the scoping, planning, and execution of key product and service delivery and management activities.

    Agile does not solve team culture challenges.
    43% of organizations cited organizational culture as a significant barrier to adopting and scaling Agile practices.
    Source: Digital.ai, 2021.

    "Providing a great employee experience" as the second priority (after recruiting) highlights the emphasis organizations are placing on helping employees adjust after having been forced to change the way work gets done.
    Source: McLean & Company, 2022; N=826.

    Use your applications priorities to help address your pressure points

    Success can be dependent on your ability to navigate around or alleviate your pressure points. Design and market your applications priorities to bring attention to your pressure points and position them as key risk factors to their success.

    Applications Priorities
    Digital Experience (DX) Intelligent Automation Proactive Application Management Multisource Systems Digital Organization as a Platform
    Attracting and Retaining Talent Enhance the employee experience Be transparent and support role changes Shift focus from maintenance to innovation Enable business-managed applications Promote and showcase achievements and successes
    Maximizing the Return on Technology Modernize or extend the use of existing investments Automate applications across multiple business functions Improve the reliability of mission-critical applications Enhance the functionality of existing applications Increase visibility of underused applications
    Confidently Shifting to Digital Prioritize DX in your shift to digital Select the capabilities that will benefit most from automation Prepare applications to support digital tools and technologies Use best-of-breed tools to meet specific digital needs Bring all applications up to a common digital standard
    Addressing Competing Priorities Ground your digital vision, goals, and objectives Recognize and evaluate the architectural impact Rationalize the health of the applications Agree on a common philosophy on system composition Map to a holistic platform vision, goals, and objectives
    Fostering a Collaborative Culture Involve all perspectives in defining and delivering DX Involve the end user in the delivery and testing of the automated process Include the technical perspective in the viability of future applications plans Discuss how applications can work together better in an ecosystem Ensure the platform is configured to meet the individual needs of the users
    Creating High-Throughput Teams Establish delivery principles centered on DX Remove manual, error-prone, and mundane tasks Simplify applications to ease delivery and maintenance Alleviate delivery bottlenecks and issues Abstract the enterprise system to expedite delivery

    Digital Experience (DX)

    PRIORITY 1

    • Deliver Valuable User, Customer, Employee, and Brand Experiences

    Delivering valuable digital experiences requires the adoption of good management, governance, and operational practices to accommodate stakeholder, employee, customer, and end-user expectations of digital experiences (e.g. product management, automation, and iterative delivery). Technologies are chosen based on what best enables, delivers, and supports these expectations.

    Introduction

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    What is digital experience (DX)?

    Digital experience (DX) refers to the interaction between a user and an organization through digital products and services. Digital products and services are tools, systems, devices, and resources that gather, store, and process data; are continuously modernized; and embody eight key attributes that are described on the following slide. DX is broken down into four distinct perspectives*:

    • Customer Experience – The immediate perceptions of transactions and interactions experienced through a customer's journey in the use of the organization's digital
      products and services.
    • End-User Experience – Users' emotions, beliefs, and physical and psychological responses
      that occur before, during, or after interacting with a digital product or service.
    • Brand Experience – The broader perceptions, emotions, thoughts, feelings and actions the public associate with the organization's brand and reputation or its products and services. Brand experience evolves over time as customers continuously engage with the brand.
    • Employee Experience – The satisfaction and experience of an employee through their journey with the organization, from recruitment and hiring to their departure. How an employee embodies and promotes the organization brand and culture can affect their performance, trust, respect, and drive to innovate and optimize.
    Digital Products and Services
    Customer Experience Brand Experience Employee Experience End-User Experience

    Digital products and services have a common set of attributes

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    • Digital products and services must keep pace with changing business and end-user needs as well as tightly supporting your maturing business model with continuous modernization. Focus your continuous modernization on the key characteristics that drive business value.
    • Fit for purpose: Functionalities are designed and implemented for the purpose of satisfying the end user's needs and solving their problems.
    • User-centric: End users see the product as rewarding, engaging, intuitive, and emotionally satisfying. They want to come back to it.
    • Adaptable: The product can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components.
    • Accessible: The product is available on demand and on the end user's preferred interface.
      End users have a seamless experience across all devices.
    • Private and secured: The end user's activity and data are protected from unauthorized access.
    • Informative and insightful: The product delivers consumable, accurate, and trustworthy real-time data that is important to the end user.
    • Seamless application connection: The product facilitates direct interactions with one or more other products through an uninterrupted user experience.
    • Relationship and network building: The product enables and promotes the connection and interaction of people.

    The Business Value cycle of continuous modernization.

    Signals

    DX is critical for business growth and maturity, but the organization may not be ready

    A good DX has become a key differentiator that gives organizations an advantage over their competition and peers. Shifts in working environments; employee, customer, and stakeholder expectations; and the advancements in modern technologies have raised the importance of adopting and transitioning to digital processes and tools to stay relevant and responsive to changing business and technology conditions.

    Applications teams are critical to ensuring the successful delivery and operation of these digital processes and tools. However, they are often under-resourced and challenged to meet their DX goals.

    • 7% of both business and IT respondents think IT has the resources needed to keep up with digital transformation initiatives and meet deadlines (Cyara, 2021).
    • 43% of respondents said that the core barrier to digital transformation is a lack of skilled resources (Creatio, 2021).
    A circle graph is shown with 91% of the circle coloured in dark blue, with the number 91% in the centre.

    of organizations stated that at least 1% of processes were shifted from being manually completed to digitally completed in the last year. 29% of organizations stated at least 21% were shifted.

    Source: Tech Trends and Priorities 2023; N=500.

    A circle graph is shown with 98% of the circle coloured in dark blue, with the number 98% in the centre.

    of organizations recognized digital transformation is important for competitive advantage. 94% stated it is important to enhance customer experience, and 91% stated it will have a positive impact on revenue.

    Source: Cyara, 2021.

    Drivers

    Brand and reputation

    Customers are swayed by the innovations and advancements in digital technologies and expect your applications team to deliver and support them. Your leaders recognize the importance of these expectations and are integrating them into their business strategy and brand (how the organization presents itself to its customers, employees and the public). They hope that their actions will improve and shape the company's reputation (public perception of the company) as effective, customer-focused, and forward-thinking.

    Worker productivity

    As you evolve and adopt more complex tools and technology, your stakeholders will expect more from business units and IT teams. Unfortunately, teams employing manual processes and legacy systems will struggle to meet these expectations. Digital products and services promote the simplification of complex operations and applications and help the business and your teams better align operational practices with strategic goals and deliver valuable DX.

    Organization modernization

    Legacy processes, systems, and ways of working are no longer suitable for meeting the strategic digital objectives and DX needs stakeholders expect. They drive up operational costs without increased benefits, impede business growth and innovation, and consume scarce budgets that could be used for other priorities. Shifting to digital tools and technologies will bring these challenges to light and demonstrate how modernization is an integral part of DX success.

    Benefits & Risks

    Benefits

    • Flexibility & Satisfaction
    • Adoption
    • Reliability

    Employees and customers can choose how they want to access, modify, and consume digital products and services. They can be tailored to meet the specific functional needs, behaviors, and habits of the end user.

    The customer, end user, brand, and employee drive selection, design, and delivery of digital products and services. Even the most advanced technologies will fail if key roles do not see the value in their use.

    Digital products and services are delivered with technical quality built into them, ensuring they meet the industry, regulatory, and company standards throughout their lifespan and in various conditions.

    Risks

    • Legacy & Lore
    • Bureaucracy & Politics
    • Process Inefficiencies
    • No Quality Standards

    Some stakeholders may not be willing to change due to their familiarity and comfort of business practices.

    Competing and conflicting priorities of strategic products and services undermine digital transformation and broader modernization efforts.

    Business processes are often burdened by wasteful activities. Digital products and services are only as valuable as the processes they support.

    The performance and support of your digital products and services are hampered due to unmanageable technical debt because of a deliberate decision to bypass or omit quality good practices.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enhance the employee experience.

    Design the digital processes, tools, and technologies to meet the individual needs of the employee.

    Maximizing the Return on Technology

    Modernize or extend the use of existing investments.

    Drive higher adoption of applications and higher user value and productivity by implementing digital capabilities to the applications that will gain the most.

    Confidently Shifting to Digital

    Prioritize DX in your shift to digital. Include DX as part of your definition of success.

    Your products and services are not valuable if users, customers, and employees do not use them.

    Addressing Competing Priorities

    Ground your digital vision, goals, and objectives

    Establish clear ownership of DX and digital products and services with a cross-functional prioritization framework.

    Fostering a Collaborative Culture

    Involve all perspectives in defining and delivering DX.

    Maintain a committee of owners, stakeholders, and delivery teams to ensure consensus and discuss how to address cross-functional opportunities and risks.

    Creating High-Throughput Teams

    Establish delivery principles centered on DX.

    Enforce guiding principles to streamline and simplify DX delivery, such as plug-and-play architecture and quality standards.

    Recommendations

    Build a digital business strategy

    A digital business strategy clearly articulates the goals and ambitions of the business to adopt digital practices, tools, and technologies. This document:

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Establishes accountability with the executive leadership.
    • States the importance of cross-functional participation from senior management across the organization.

    Related Research:

    Learn, understand, and empathize with your users, employees, and customers

    • To create a better product, solution, or service, understanding those who use it, their needs, and their context is critical.
    • A great experience design practice can help you balance those goals so that they are in harmony with those of your users.
    • IT leaders must find ways to understand the needs of the business and develop empathy on a much deeper level. This empathy is the foundation for a thriving business partnership.

    Related Research:

    Recommendations

    Center product and service delivery decisions and activities on DX and quality

    User, customer, employee, and brand are integral perspectives on the software development lifecycle (SDLC) and the management and governance practices supporting digital products and services. It ensures quality standards and controls are consistently upheld while maintaining alignment with various needs and priorities. The goal is to come to a consensus on a universal definition and approach to embed quality and DX-thinking throughout the delivery process.

    Related Research:

    Instill collaborative delivery practices

    Today's rapidly scaling and increasingly complex digital products and services create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality. This pressure is further compounded by the competing priorities of individual stakeholders and the nuances among different personas of digital products and services.

    A collaborative delivery practice sets the activities, channels, and relationships needed to deliver a valuable and quality product or service with cross-functional awareness, accountability, and agreement.

    Related Research:

    Recommendations

    Continuously monitor and modernize your digital products and services

    Today's modern digital products and services are tomorrow's shelfware. They gradually lose their value, and the supporting technologies will become obsolete. Modernization is a continuous need.

    Data-driven insights help decision makers decide which products and services to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Enhancements focusing on critical business capabilities strengthen the case for investment and build trust with all stakeholders.

    Related Research:

    CASE STUDY
    Mastercard in Asia

    Focus on the customer journey

    Chief Marketing Officer M.V. Rajamannar (Raja) wanted to change Mastercard's iconic "Priceless" ad campaign (with the slogan "There are some things money can't buy. For everything else there's Mastercard."). The main reasons were that the campaign relied on one-way communication and targeted end customers, even though Mastercard doesn't issue cards directly to customers; partner banks do. To drive the change in campaign, Raja and his team created a digital engine that leveraged digital and social media. Digital engine is a seven-step process based on insights gleaned from data and real-time optimization.

    1. Emotional spark: Using data to understand customers' passion points, Mastercard builds videos and creatives to ignite an emotional spark and give customers a reason to engage. For example, weeks before New Year's Eve, Mastercard produced a video with Hugh Jackman to encourage customers to submit a story about someone who deeply mattered to them. The authors of the winning story would be flown to reunite with those both distant and dear.
    2. Engagement: Mastercard targets the right audience with a spark video through social media to encourage customers to share their stories.
    3. Offers: To help its partner banks and merchants in driving their business, the company identifies the best offers to match consumers' interests. In the above campaign, Mastercard's Asia-Pacific team found that Singapore was a favorite destination for Indian customers, so they partnered with Singapore's Resorts World Sentosa with an attractive offer.
    4. Real-time optimization: Mastercard optimizes, in real time, a portfolio of several offers through A/B testing and other analysis.
    5. Amplification: Real-time testing provides confidence to Mastercard about the potential success of these offers and encourages its bank and merchant partners to co-market and co-fund these campaigns.
    6. Network effects: A few weeks after consumers submitted their stories about distant loved ones, Mastercard selected winners, produced videos of them surprising their friends and families, and used these videos in social media to encourage sharing.
    7. Incremental transactions: These programs translate into incremental business for banks who issue cards, for merchants where customers spend money, and for Mastercard, which gets a portion of every transaction.

    Source: Harvard Business Review Press

    CASE STUDY
    Mastercard in Asia (cont'd)

    Focus on the customer journey

    1. Emotional Spark
      Drives genuine personal stories
    2. Engagement
      Through Facebook
      and social media
    3. Offers
      From merchants
      and Mastercard assets
    4. Optimization
      Real-time testing of offers and themes
    5. Amplification
      Paid and organic programmatic buying
    6. Network Effects
      Sharing and
      mass engagement
    7. Incremental Transactions
      Win-win for all parties

    CASE STUDY
    Mastercard in Asia (cont'd)

    The Mastercard case highlights important lessons on how to engage customers:

    • Have a broad message. Brands need to connect with consumers over how they live and spend their time. Organizations need to go beyond the brand or product message to become more relevant to consumers' lives. Dove soap was very successful in creating a conversation among consumers with its "Real Beauty" campaign, which focused not on the brand or even the product category, but on how women and society view beauty.
    • Shift from storytelling to story making. To break through the clutter of advertising, companies need to move from storytelling to story making. A broader message that is emotionally engaging allows for a two-way conversation.
    • Be consistent with the brand value. The brand needs to stand for something, and the content should be relevant to and consistent with the image of the brand. Pepsi announced an award of $20 million in grants to individuals, businesses, and nonprofits that promote a new idea to make a positive impact on community. A large number of submissions were about social causes that had nothing to do with Pepsi, and some, like reducing obesity, were in conflict with Pepsi's product.
    • Create engagement that drives business. Too much entertainment in ads may engage customers but detract from both communicating the brand message and increasing sales. Simply measuring the number of video views provides only a partial picture of a program's success.

    Intelligent Automation

    PRIORITY 2

    • Extend Automation Practices with AI and ML

    AI and ML are rapidly growing. Organizations see the value of machines intelligently executing high-performance and dynamic tasks such as driving cars and detecting fraud. Senior leaders see AI and ML as opportunities to extend their business process automation investments.

    Introduction

    Intelligent automation is the next step in your business process automation journey

    What is intelligent automation (IA)?

    Intelligent automation (IA) is the combination of traditional automation technologies, such as business process management (BPM) and robotic process automation (RPA), with AI and ML. The goal is to further streamline and scale decision making across various business processes by:

    • Removing human interactions.
    • Addressing decisions that involve complex variables.
    • Automatically adapting processes to changing conditions.
    • Bridging disparate automation technologies into an integrated end-to-end value delivery pipeline.

    "For IA to succeed, employees must be involved in the transformation journey so they can experience firsthand the benefits of a new way of working and creating business value," (Cognizant).

    What is the difference between IA and hyperautomation?

    "Hyperautomation is the act of automating everything in an organization that can be automated. The intent is to streamline processes across an organization using intelligent automation, which includes AI, RPA and other technologies, to run without human intervention. … Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible" (IBM, 2021).

    Note that hyperautomation often enables IA, but teams solely adopting IA do not need to abide to its automation-first principles.

    IA is a combination of various tools and technologies

    What tools and technologies are involved in IA?

    • Artificial intelligence (AI) & Machine Learning (ML) – AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. AI is making its own decisions without human intervention. Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned. AI is a combination of technologies and can include machine learning.
    • Intelligent Business Process Management System (iBPMS) – Combination of BPM tools with AI and other intelligence capabilities.
    • Robotic Process Automation (RPA) – Robots leveraging an application's UI rather than programmatic access. Automate rules-based, repetitive tasks performed by human workers with AI/ML.
    • Process Mining & Discovery – Process mining involves reading system event logs and application transactions and applying algorithmic analysis to automatically identify and map inferred business processes. Process discovery involves unintrusive virtual agents that sit on a user's desktop and record and monitor how they interact with applications to perform tasks and processes. Algorithms are then used to map and analyze the processes.
    • Intelligent Document Processing – The conversion of physical or unstructured documents into a structured, digital format that can be used in automation solutions. Optical character recognition (OCR) and natural language processing (NPL) are common tools used to enable this capability.
    • Advanced Analytics – The gathering, synthesis, transformation, and delivery of insightful and consumable information that supports data-driven decision making. Data is queried from various disparate sources and can take on a variety of structured and unstructured formats.

    The cycle of IA technologies

    Signals

    Process automation is an executive priority and requires organizational buy-in

    Stakeholders recognize the importance of business process automation and AI and are looking for ways to deliver more value using these technologies.

    • 90% of executives stated automating business workflows post-COVID-19 will ensure business continuity (Kofax, 2022).
    • 88% of executives stated they need to fast-track their end-to-end digital transformation (Kofax, 2022).

    However, the advertised benefits to vendors of enabling these desired automations may not be easily achievable because of:

    • Manual and undocumented business processes.
    • Fragmented and inaccessible systems.
    • Poor data quality, insights, and security.
    • The lack of process governance and management practice.
    A circle graph is shown with 49% of the circle coloured in dark blue, with the number 49% in the centre.

    of CXOs stated staff sufficiency, skill and engagement issues as a minor IT pain point compared to 51% of CIOs stated this issue as a major pain point.

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    A circle graph is shown with 36% of the circle coloured in dark blue, with the number 36% in the centre.

    of organizations have already invested in AI or machine learning.

    Source: Tech Trends and Priorities 2023; N=662

    Drivers

    Quality & throughput

    Products and services delivered through an undefined and manual process risk the creation of preventable and catchable defects, security flaws and holes, missing information, and other quality issues. IA solutions consistently reinforce quality standards the same way across all products and services while tailoring outputs to meet an individual's specific needs. Success is dependent on the accurate interpretation and application of quality standards and the user's expectations.

    Worker productivity

    IA removes the tedious, routine, and mundane tasks that distract and restrict employees from doing more valuable, impactful, and cognitively focused activities. Practical insights can also be generated through IA tools that help employees make data-driven decisions, evaluate problems from different angles, and improve the usability and value of the products and services they produce.

    Good process management practices

    Automation magnifies existing inefficiencies of a business process management practice, such as unclear and outdated process documentation and incorrect assumptions. IA reinforces the importance of good business process optimization practices, such as removing waste and inefficiencies in a thoughtful way, choosing the most appropriate automation solution, and configuring the process in the right way to maximize the solution's value.

    Benefits & Risks

    Benefits

    • Documentation
    • Hands-Off
    • Reusability

    All business processes must be mapped and documented to be automated, including business rules, data entities, applications, and control points.

    IA can be configured and orchestrated to automatically execute when certain business, process, or technology conditions are met in an unattended or attended manner.

    IA is applicable in use cases beyond traditional business processes, such as automated testing, quality control, audit, website scraping, integration platform, customer service, and data transfer.

    Risks

    • Data Quality & Bias
    • Ethics
    • Recovery & Security
    • Management

    The accuracy and relevance of the decisions IA makes are dependent on the overall quality of the data
    used to train it.

    Some decisions can have significant reputational, moral, and ethical impacts if made incorrectly.
    The question is whether it is appropriate for a non-human to make that decision.

    IA is composed of technologies that can be compromised or fail. Without the proper monitoring, controls,
    and recovery protocols, impacted IA will generate significant business and IT costs and can potentially harm customers, employees, and the organization.

    Low- and no-code capabilities ease and streamline IA development, which makes it susceptible to becoming unmanageable. Discipline is needed to ensure IA owners are aware of the size and health of the IA portfolio.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Be transparent and support role changes.

    Plan to address the human sentiment with automation (e.g. job security) and the transition of the role to other activities.

    Maximizing the Return on Technology

    Automate applications across multiple business functions.

    Recognize the value opportunities of improving and automating the integration of cross-functional processes.

    Confidently Shifting to Digital

    Maximize the learning of automation fit.

    Select the right capabilities to demonstrate the value of IA while using lessons learned to establish the appropriate support.

    Addressing Competing Priorities

    Recognize automation opportunities with capability maps.

    Use a capability diagram to align strategic IA objectives with tactical and technical IA initiatives.

    Fostering a Collaborative Culture

    Involve the user in the delivery process.

    Maximize automation adoption by ensuring the user finds value in its use before deployment.

    Creating High-Throughput Teams

    Remove manual, error-prone, and mundane tasks.

    Look for ways to improve team throughput by removing wasteful activities, enforcing quality, and automating away tasks driving down productivity.

    Recommendations

    Build your business process automation playbook and practice

    Formalize your business process automation practice with a good toolkit and a repeatable set of tactics and techniques.

    • Clarify the problem being solved with IA.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases.

    Related Research:

    Explore the various IA tooling options

    Each IA tool will address a different problem. Which tool to choose is dependent on a variety of factors, such as functional suitability, technology suitability, delivery and support capabilities, alignment to strategic business goals, and the value it is designed to deliver.

    Related Research:

    Recommendations

    Introduce AI and ML thoughtfully and with a plan

    Despite the many promises of AI, organizations are struggling to fully realize its potential. The reasons boil down to a lack of understanding of when these technologies should and shouldn't be used, as well as a fear of the unknown. The plan to adopt AI should include:

    • Understanding of what AI really means in practice.
    • Identifying specific applications of AI in the business.
    • Understanding the type of AI applicable for the situation.

    Related Research:

    Mitigate AI and ML bias

    Biases can be introduced into an IA system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used and what assumptions were made. In most cases, AI and ML bias is a is a social, political, and business problem.

    While bias may not be intentional nor completely prevented or eliminated, early detection, good design, and other proactive preventative steps can be taken to minimize its scope and impact.

    Related Research:

    CASE STUDY
    University Hospitals

    Challenge

    University Hospitals Cleveland (UH) faces the same challenge that every major hospital confronts regarding how to deliver increasingly complex, high-quality healthcare to a diverse population efficiently and economically. In 2017, UH embarked on a value improvement program aiming to improve quality while saving $400 million over a five-year period.

    In emergency department (ED) and inpatient units, leaders found anticipating demand difficult, and consequently units were often over-staffed when demand was low and under-staffed when demand was high. Hospital leaders were uncertain about how to reallocate resources based on capacity needs.

    Solution

    UH turned to Hospital IQ's Census Solution to proactively manage capacity, staff, and flow in the ED and inpatient areas.

    By applying AI, ML, and external data (e.g. weather forecasts) to the hospital's own data (including EMR data and hospital policies), the solution helped UH make two-day census forecasts that managers used to determine whether to open or close in-patient beds and, when necessary, divert low-acuity patients to other hospitals in the system to handle predicted patient volume.

    Source: University Hospitals

    Results

    ED boarding hours have declined by 10% and the hospital has seen a 50% reduction in the number of patients who leave the hospital without
    being seen.

    UH also predicts in advance patients ready for discharge and identifies roadblocks, reducing the average length of stay by 15%. UH is able to better manage staff, reducing overtime and cutting overall labor costs.

    The hospital has also increased staff satisfaction and improved patient safety by closing specific units on weekends and increasing the number of rooms that can be sterilized.

    Proactive Application Management

    PRIORITY 3

    • Strengthen Applications to Prevent and Minimize the Impact of Future Issues

    Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on application management when it becomes a problem. The lack of governance and practice accountability leaves this practice in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated. As a result, application management is often reactive and brushed aside for new development.

    Introduction

    What is application management?

    Application management ensures valuable software is successfully delivered and is maintained for continuous and sustainable business operations. It contains a repeatable set of activities needed to rationalize and roadmap products and services while balancing priorities of new features and maintenance tasks.

    Unfortunately, application management is commonly perceived as a practice that solely addresses issues, updates, and incidents. However, application management teams are also tasked with new value delivery that was not part of the original release.

    Why is an effective application maintenance (reactive) practice not good enough?

    Application maintenance is the "process of modifying a software system or its components after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment or business process," (IEEE, 1998). While it is critical to quickly fix defects and issues when they occur, reactively addressing them is more expensive than discovering them early and employing the practices to prevent them.

    Even if an application is working well, its framework, architecture, and technology may not be compatible with the possible upcoming changes stakeholders and vendors may want to undertake. Applications may not be problems now, but they soon can be.

    What motivates proactive application changes?

    This image shows the motivations for proactive application changes, sorted by external and internal sources.

    Proactive application management must be disciplined and applied strategically

    Proactive application management practices are critical to maintaining business continuity. They require continuous review and modification so that applications are resilient and can address current and future scenarios. Depending on the value of the application, its criticality to business operations, and its susceptibility to technology change, a more proactive management approach may be warranted. Stakeholders can then better manage resources and budget according to the needs of specific products.

    Reactive Management

    Run-to-Failure

    Fix and enhance the product when it breaks. In most cases, a plan is in place ahead of a failure, so that the problem can be addressed without significant disruption and costs.

    Preventive

    Regularly inspect and optimize the product to reduce the likelihood that it will fail in the future. Schedule inspections based on a specific timeframe or usage threshold.

    Predictive

    Predict failures before they happen using performance and usage data to alert teams when products are at risk of failure according to specified conditions.

    Reliability and Risk Based

    Analyze all possible failure scenarios for each component of the product and create tailored delivery plans to improve the stability, reliability, and value of each product.

    Proactive Management

    Signals

    Applications begin to degrade as soon as they are used

    Today's applications are tomorrow's shelfware. They gradually lose their value, stability, robustness, and compatibility with other enterprise technologies. The longer these applications are left unattended or simply "keeping the lights on," the more risks they will bring to the application portfolio, such as:

    • Discovery and exploitation of security flaws and gaps.
    • Increasing the lock-in to specific vendor technologies.
    • Inconsistent application performance across various workloads.

    These impacts are further compounded by the continuous work done on a system burdened with technical debt. Technical debt describes the result of avoided costs that, over time, cause ongoing business impacts. Left unaddressed, technical debt can become an existential threat that risks your organization's ability to effectively compete and serve its customers. Unfortunately, most organizations have a significant, growing, unmanageable technical debt portfolio.

    A circle graph is shown with 60% of the circle coloured in dark green, with the number 60% in the centre.

    of respondents stated they saw an increase in perceived change in technical debt during the past three years. A quarter of respondents indicated that it stayed the same.

    Source: McKinsey Digital, 2020.

    US
    $4.35
    Million

    is the average cost of a data breach in 2022. This figure represents a 2.6% increase from last year. The average cost has climbed 12.7% since 2020.

    Source: IBM, 2022; N=537.

    Drivers

    Technical debt

    Historical decisions to meet business demands by deferring key quality, architectural, or other software delivery activities often lead to inefficient and incomplete code, fragile legacy systems, broken processes, data quality problems, and the other contributors to technical debt. The impacts for this challenge is further heightened if organizations are not actively refactoring and updating their applications behind the scenes. Proactive application management is intended to raise awareness of application fragility and prioritize comprehensive refactoring activities alongside new feature development.

    Long-term application value

    Applications are designed, developed, and tested against a specific set of parameters which may become less relevant over time as the business matures, technology changes, and user behaviors and interactions shift. Continuous monitoring of the application system, regular stakeholder and user feedback, and active technology trend research and vendor engagement will reveal tasks to prepare an application for future value opportunities or stability and resilience concerns.

    Security and resiliency

    Innovative approaches to infiltrating and compromising applications are becoming prevailing stakeholder concerns. The loopholes and gaps in existing application security protocols, control points, and end-user training are exploited to gain the trust of unsuspecting users and systems. Proactive application management enforces continuous security reviews to determine whether applications are at risk. The goal is to prevent an incident from happening by hardening or complementing measures already in place.

    Benefits & Risks

    Benefits

    • Consistent Performance
    • Robustness
    • Operating Costs

    Users expect the same level of performance and experience from their applications in all scenarios. A proactive approach ensures the configurations meet the current needs of users and dependent technologies.

    Proactively managed applications are resilient to the latest security concerns and upcoming trends.

    Continuous improvements to the underlying architecture, codebase, and interfaces can minimize the cost to maintain and operate the application, such as the transition to a loosely coupled architecture and the standardization of REST APIs.

    Risks

    • Stakeholder Buy-In
    • Delayed Feature Releases
    • Team Capacity
    • Discipline

    Stakeholders may not see the association between the application's value and its technical quality.

    Updates and enhancements are system changes much like any application function. Depending
    on the priority of these changes, new functions may be pushed off to a future release cycle.

    Applications teams require dedicated capacity to proactively manage applications, but they are often occupied meeting other stakeholder demands.

    Overinvesting in certain application management activities (such as refactoring, re-architecture, and redesign) can create more challenges. Knowing how much to do is important.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Shift focus from maintenance to innovation.

    Work on the most pressing and critical requests first, with a prioritization framework reflecting cross-functional priorities.

    Maximizing the Return on Technology

    Improve the reliability of mission-critical applications.

    Regularly verify and validate applications are up to date with the latest patches and fixes and comply with industry good practices and regulations.

    Confidently Shifting to Digital

    Prepare applications to support digital tools and technologies.

    Focus enhancements on the key components required to support the integration, performance, and security needs of digital.

    Addressing Competing Priorities

    Rationalize the health of the applications.

    Use data-driven, compelling insights to justify the direction and prioritization of applications initiatives.

    Fostering a Collaborative Culture

    Include the technical perspective in the viability of future applications plans.

    Demonstrate how poorly maintained applications impede the team's ability to deliver confidently and quickly.

    Creating High-Throughput Teams

    Simplify applications to ease delivery and maintenance.

    Refactor away application complexities and align the application portfolio to a common quality standard to reduce the effort to deliver and test changes.

    Recommendations

    Reinforce your application maintenance practice

    Maintenance is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on maintenance when it becomes a problem.

    • Justify the necessity of streamlined maintenance.
    • Strengthen triaging and prioritization practices.
    • Establish and govern a repeatable process.

    Ensure product issues, incidents, defects, and change requests are promptly handled to minimize business and IT risks.

    Related Research:

    Build an application management practice

    Apply the appropriate management approaches to maintain business continuity and balance priorities and commitments among maintenance and new development requests.

    This practice serves as the foundation for creating exceptional customer experience by emphasizing cross-functional accountability for business value and product and service quality.

    Related Research:

    Recommendations

    Manage your technical debt

    Technical debt is a type of technical risk, which in turn is business risk. It's up to the business to decide whether to accept technical debt or mitigate it. Create a compelling argument to stakeholders as to why technical debt should be a business priority rather than just an IT one.

    • Define and identify your technical debt.
    • Conduct a business impact analysis.
    • Identify opportunities to better manage technical debt.

    Related Research:

    Gauge your application's health

    Application portfolio management is nearly impossible to perform without an honest and thorough understanding of your portfolio's alignment to business capabilities, business value, total cost of ownership, end-user reception and satisfaction, and technical health.

    Develop data-driven insights to help you decide which applications to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Related Research:

    Recommendations

    Adopt site reliability engineering (SRE) and DevOps practices

    Site reliability engineering (SRE) is an operational model for running online services more reliably by a team of dedicated reliability-focused engineers.

    DevOps, an operational philosophy promoting development and operations collaboration, can bring the critical insights to make application management practices through SRE more valuable.

    Related Research:

    CASE STUDY
    Government Agency

    Goal

    A government agency needed to implement a disciplined, sustainable application delivery, planning, and management process so their product delivery team could deliver features and changes faster with higher quality. The goal was to ensure change requests, fixes, and new features would relieve requester frustrations, reduce regression issues, and allow work to be done on agreeable and achievable priorities organization-wide. The new model needed to increase practice efficiency and visibility in order to better manage technical debt and focus on value-added solutions.

    Solution

    This organization recognized a number of key challenges that were inhibiting its team's ability to meet its goals:

    • The product backlog had become too long and unmanageable.
    • Delivery resources were not properly allocated to meet the skills and capabilities needed to successfully meet commitments.
    • Quality wasn't defined or enforced, which generated mounting technical debt.
    • There was a lack of clear metrics and defined roles and responsibilities.
    • The business had unrealistic and unachievable expectations.

    Source: Info-Tech Workshop

    Key practices implemented

    • Schedule quarterly business satisfaction surveys.
    • Structure and facilitate regular change advisory board meetings.
    • Define and enforce product quality standards.
    • Standardize a streamlined process with defined roles.
    • Configure management tools to better handle requests.

    Multisource Systems

    PRIORITY 4

    • Manage an Ecosystem Composed of In-House and Outsourced Systems

    Various market and company factors are motivating a review on resource and system sourcing strategies. The right sourcing model provides key skills, resources, and capabilities to meet innovation, time to market, financial, and quality goals of the business. However, organizations struggle with how best to support sourcing partners and to allocate the right number of resources to maximize success.

    Introduction

    A multisource system is an ecosystem of integrated internally and externally developed applications, data, and infrastructure. These technologies can be custom developed, heavily configured vendor solutions, or they may be commercial off-the-shelf (COTS) solutions. These systems can also be developed, supported, and managed by internal staff, in partnership with outsourced contractors, or be completely outsourced. Multisource systems should be configured and orchestrated in a way that maximizes the delivery of specific value drivers for the targeted audience.

    Successfully selecting a sourcing approach is not a simple RFP exercise to choose the lowest cost

    Defining and executing a sourcing approach can be a significant investment and risk because of the close interactions third-party services and partners will have with internal staff, enterprise applications and business capabilities. A careful selection and design is necessary.

    The selection of a sourcing partner is not simple. It involves the detailed inspection and examination of different candidates and matching their fit to the broader vision of the multisource system. In cases where control is critical, technology stack and resource sourcing consolidation to a few vendors and partners is preferred. In other cases, where worker productivity and system flexibility are highly prioritized, a plug-and-play best-of-breed approach is preferred.

    Typical factors involved in sourcing decisions.

    Sourcing needs to be driven by your department and system strategies

    How does the department want to be perceived?

    The image that your applications department and teams want to reflect is frequently dependent on the applications they deliver and support, the resources they are composed of, and the capabilities they provide.

    Therefore, choosing the right sourcing approach should be driven by understanding who the teams are and want to be (e.g. internal builder, an integrator, a plug-in player), what they can or want to do (e.g. custom-develop or implement), and what they can deliver or support (e.g. cloud or on-premises) must be established.

    What value is the system delivering?

    Well-integrated systems are the lifeblood of your organization. They provide the capabilities needed to deliver value to customers, employees, and stakeholders. However, underlying system components may not be sourced under a unified strategy, which can lead to duplicate vendor services and high operational costs.

    The right sourcing approach ensures your partners address key capabilities in your system's delivery and support, and that they are positioned to maximize the value of critical and high-impact components.

    Signals

    Business demand may outpace what vendors can support or offer

    Outsourcing and shifting to a buy-over-build applications strategy are common quick fixes to dealing with capacity and skills gaps. However, these quick fixes often become long-term implementations that are not accounted for in the sourcing selection process. Current application and resource sourcing strategies must be reviewed to ensure that vendor arrangements meet the current and upcoming demands and challenges of the business, customers, and enterprise technologies, such as:

    • Pressure from stakeholders to lower operating costs while maintaining or increasing quality and throughput.
    • Technology lock-in that addresses short-term needs but inhibits long-term growth and maturity.
    • Team capacity and talent acquisition not meeting the needs of the business.
    A circle graph is shown with 42% of the circle coloured in dark brown, with the number 42% in the centre.

    of respondents stated they outsourced software development fully or partly in the last 12 months (2021).

    Source: Coding Sans, 2021.

    A circle graph is shown with 65% of the circle coloured in dark brown, with the number 65% in the centre.

    of respondents stated they were at least somewhat satisfied with the result of outsourcing software development.

    Source: Coding Sans, 2021.

    Drivers

    Business-managed applications

    Employees are implementing and building applications without consulting, notifying, or heeding the advice of IT. IT is often ill-equipped and under-resourced to fight against shadow IT. Instead, organizations are shifting the mindset of "fight shadow IT" to "embrace business-managed applications," using good practices in managing multisource systems. A multisource approach strikes the right balance between user empowerment and centralized control with the solutions and architecture that can best enable it.

    Unique problems to solve

    Point solutions offer features to address unique use cases in uncommon technology environments. However, point solutions are often deployed in siloes with limited integration or overlap with other solutions. The right sourcing strategy accommodates the fragmented nature of point solutions into a broader enterprise system strategy, whether that be:

    • Multisource best of breed – integrate various technologies that provide subsets of the features needed for supporting business functions.
    • Multisource custom – integrate systems built in-house with technologies developed by external organizations.
    • Vendor add-ons and integrations – enhance an existing vendor's offering by using their system add-ons as upgrades, new add-ons, or integrations.

    Vendor services

    Some vendor services in a multisource environment may be redundant, conflicting, or incompatible. Given that multisource systems are regularly changing, it is difficult to identify what services are affected, what would be needed to fill the gap of the removed solution, or which redundant services should be removed.

    A multisource approach motivates the continuous rationalization of your vendor services and partners to determine the right mixture of in-house and outsourced resources, capabilities, and technologies.

    Benefits & Risks

    Benefits

    • Business-Focused Solution
    • Flexibility
    • Cost Optimization

    Multisource systems can be designed to support an employee's ability to select the tools they want and need.

    The environment is architected in a loosely coupled approach to allow applications to be easily added, removed, and modified with minimized impact to other integrated applications.

    Rather than investing in large solutions upfront, applications are adopted when they are needed and are removed when little value is gained. Disciplined application portfolio management is necessary to see the full value of this benefit.

    Risks

    • Manageable Sprawl
    • Policy Adherence
    • Integration & Compatibility

    The increased number and diversity of applications in multisource system environments can overwhelm system managers who do not have an effective application portfolio management practice.

    Fragmented application implementations risk inconsistent adherence to security and other quality policies, especially in situations where IT is not involved.

    Application integration can quickly become tangled, untraceable, and unmanageable because of varying team and vendor preferences for specific integration technologies and techniques.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enable business-managed applications.

    Create the integrations to enable the easy connection of desired tools to enterprise systems with the appropriate guardrails.

    Maximizing the Return on Technology

    Enhance the functionality of existing applications.

    Complement current application capability gaps with data, features, and services from third-party applications.

    Confidently Shifting to Digital

    Use best-of-breed tools to meet specific digital needs.

    Select the best tools to meet the unique and special functional needs of the digital vision.

    Addressing Competing Priorities

    Agree on a common philosophy on system composition.

    Establish an owner of the multisource system to guide how the system should mature as the organization grows.

    Fostering a Collaborative Culture

    Discuss how applications can work together better in an ecosystem.

    Build committees to discuss how applications can better support each other and drive more value.

    Creating High-Throughput Teams

    Alleviate delivery bottlenecks and issues.

    Leverage third-party sources to fill skills and capacity gaps until a long-term solution can be implemented.

    Recommendations

    Define the goals of your applications department and product vision

    Understanding the applications team's purpose and image is critical in determining how the system they are managing and the skills and capacities they need should be sourced.

    Changing and conflicting definitions of value and goals make it challenging to convey an agreeable strategy of the multisource system. An achievable vision and practical tactics ensure all parties in the multisource system are moving in the same direction.

    Related Research:

    Develop a sourcing partner strategy

    Almost half of all sourcing initiatives do not realize projected savings, and the biggest reason is the choice of partner (Zhang et al., 2018). Making the wrong choice means inferior products, higher costs and the loss of both clients and reputation.

    Choosing the right sourcing partner involves understanding current skills and capacities, finding the right matching partner based on a desired profile, and managing a good working relationship that sees short-term gains and supports long-term goals.

    Related Research:

    Recommendations

    Strengthen enterprise integration practices

    Integration strategies that are focused solely on technology are likely to complicate rather than simplify because little consideration is given on how other systems and processes will be impacted. Enterprise integration needs to bring together business process, applications, and data – in that order.

    Kick-start the process of identifying opportunities for improvement by mapping how applications and data are coordinated to support business activities.

    Related Research:

    Manage your solution architecture and application portfolio

    Haphazardly implementing and integrating applications can generate significant security, performance, and data risks. A well-thought-through solution architecture is essential in laying the architecture quality principles and roadmap on how the multisource system can grow and evolve in a sustainable and maintainable way.

    Good application portfolio management complements the solution architecture as it indicates when low-value and unused applications should be removed to reduce system complexity.

    Related Research:

    Recommendations

    Embrace business-managed applications

    Multisource systems bring a unique opportunity to support the business and end users' desire to implement and develop their own applications. However, traditional models of managing applications may not accommodate the specific IT governance and management practices required to operate business-managed applications:

    • A collaborative and trusting business-IT relationship is key.
    • The role of IT must be reimagined.
    • Business must be accountable for its decisions.

    Related Research:

    CASE STUDY
    Cognizant

    Situation

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Cognizant seeks to carefully consider client culture to create a one-team environment.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs. the more traditional order-taker development partner.
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Today's clients don't typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Clients do want to know where the work is being delivered from, how it's being done.

    Source: interview with Jay MacIsaac, Cognizant.

    Approach

    • Best relationship comes where teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Want to build a one-team culture with shared goals and deliver business value.
    • Seek a partner that will add to their thinking not echo it.

    Results

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Digital Organization as a Platform

    PRIORITY 5

    • Create a Common Digital Interface to Access All Products and Services

    A digital platform enables organizations to leverage a flexible, reliable, and scalable foundation to create a valuable DX, ease delivery and management efforts, maximize existing investments, and motivate the broader shift to digital. This approach provides a standard to architect, integrate, configure, and modernize the applications that compose the platform.

    Introduction

    What is digital organization as a platform (DOaaP)?

    Digital organization as a platform (DOaaP) is a collection of integrated digital services, products, applications, and infrastructure that is used as a vehicle to meet and exceed an organization's digital strategies. It often serves as an accessible "place for exchanges of information, goods, or services to occur between producers and consumers as well as the community that interacts
    with said platform" (Watts, 2020).

    DOaaP involves a strategy that paves the way for organizations to be digital. It helps organizations use their assets (e.g. data, processes, products, services) in the most effective ways and become more open to cooperative delivery, usage, and management. This opens opportunities for innovation and cross-department collaborations.

    How is DOaaP described?

    1. Open and Collaborative
      • Open organization: open data, open APIs, transparency, and user participation.
      • Collaboration, co-creation, crowdsourcing, and innovation
    2. Accessible and Connected
      • Digital inclusion
      • Channel ubiquity
      • Integrity and interoperability
      • Digital marketplace
    3. Digital and Programmable
      • Digital identity
      • Policies and processes as code
      • Digital products and services
      • Enabling digital platforms

    Digital organizations follow a common set of principles and practices

    Customer-centricity

    Digital organizations are driven by customer focus, meeting and exceeding customer expectations. It must design its services with a "digital first" principle, providing access through every expected channel and including seamless integration and interoperability with various departments, partners, and third-party services. It also means creating trust in its ability to provide secure services and to keep privacy and ethics as core pillars.

    Leadership, management, and strategies

    Digital leadership brings customer focus to the enterprise and its structures and organizes efficient networks and ecosystems. Accomplishing this means getting rid of silos and a siloed mentality and aligning on a digital vision to design policies and services that are efficient, cost-effective, and provide maximum benefit to the user. Asset sharing, co-creation, and being open and transparent become cornerstones of a digital organization.

    Infrastructure

    Providing digital services across demographics and geographies requires infrastructure, and that in turn requires long-term vision, smart investments, and partnerships with various source partners to create the necessary foundational infrastructure upon which to build digital services.

    Digitization and automation

    Automation and digitization of processes and services, as well as creating digital-first products, lead to increased efficiency and reach of the organization across demographics and geographies. Moreover, by taking a digital-first approach, digital organizations future-proof their services and demonstrate their commitment to stakeholders.

    Enabling platforms

    DOaaP embraces open standards, designing and developing organizational platforms and ecosystems with a cloud-first mindset and sound API strategies. Developer experience must also take center stage, providing the necessary tools and embracing Agile and DevOps practices and culture become prerequisites. Cybersecurity and privacy are central to the digital platform; hence they must be part of the design and development principles and practices.

    Signals

    The business expects support for digital products and services

    Digital transformation continues to be a high-priority initiative for many organizations, and they see DOaaP as an effective way to enable and exploit digital capabilities. However, DOaaP unleashes new strategies, opportunities, and challenges that are elusive or unfamiliar to business leaders. Barriers in current business operating models may limit DOaaP success, such as:

    • Department and functional silos
    • Dispersed, fragmented and poor-quality data
    • Ill-equipped and under-skilled resources to support DOaaP adoption
    • System fragmentation and redundancies
    • Inconsistent integration tactics employed across systems
    • Disjointed user experience leading to low engagement and adoption

    DOaaP is not just about technology, and it is not the sole responsibility of either IT or business. It is the collective responsibility of the organization.

    A circle graph is shown with 47% of the circle coloured in dark blue, with the number 47% in the centre.

    of organizations plan to unlock new value through digital. 50% of organizations are planning major transformation over the next three years.

    Source: Nash Squared, 2022.

    A circle graph is shown with 70% of the circle coloured in dark blue, with the number 70% in the centre.

    of organizations are undertaking digital expansion projects focused on scaling their business with technology. This result is up from 57% in 2021.

    Source: F5 Inc, 2022.

    Drivers

    Unified brand and experience

    Users should have the same experience and perception of a brand no matter what product or service they use. However, fragmented implementation of digital technologies and inconsistent application of design standards makes it difficult to meet this expectation. DOaaP embraces a single design and DX standard for all digital products and services, which creates a consistent perception of your organization's brand and reputation irrespective of what products and services are being used and how they are accessed.

    Accessibility

    Rapid advancement of end-user devices and changes to end-user behaviors and expectations often outpace an organization's ability to meet these requirements. This can make certain organization products and services difficult to find, access and leverage. DOaaP creates an intuitive and searchable interface to all products and services and enables the strategic combination of technologies to collectively deliver more value.

    Justification for modernization

    Many opportunities are left off the table when legacy systems are abstracted away rather than modernized. However, legacy systems may not justify the investment in modernization because their individual value is outweighed by the cost. A DOaaP initiative motivates decision makers to look at the entire system (i.e. modern and legacy) to determine which components need to be brought up to a minimum digital state. The conversation has now changed. Legacy systems should be modernized to increase the collective benefit of the entire DOaaP.

    Benefits & Risks

    Benefits

    • Look & Feel
    • User Adoption
    • Shift to Digital

    A single, modern, customizable interface enables a common look and feel no matter what and how the platform is being accessed.

    Organizations can motivate and encourage the adoption and use of all products and services through the platform and increase the adoption of underused technologies.

    DOaaP motivates and supports the modernization of data, processes, and systems to meet the goals and objectives outlined in the broader digital transformation strategy.

    Risks

    • Data Quality
    • System Stability
    • Ability to Modernize
    • Business Model Change

    Each system may have a different definition of commonly used entities (e.g. customer), which can cause data quality issues when information is shared among these systems.

    DOaaP can stress the performance of underlying systems due to the limitations of some systems to handle increased traffic.

    Some systems cannot be modernized due to cost constraints, business continuity risks, vendor lock-in, legacy and lore, or other blocking factors.

    Limited appetite to make the necessary changes to business operations in order to maximize the value of DOaaP technologies.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent Promote and showcase achievements and successes. Share the valuable and innovative work of your teams across the organization and with the public.
    Maximizing the Return on Technology Increase visibility of underused applications. Promote the adoption and use of all products and services through the platform and use the lessons learned to justify removal, updates or modernizations.
    Confidently Shifting to Digital Bring all applications up to a common digital standard. Define the baseline digital state all applications, data, and processes must be in to maximize the value of the platform.
    Addressing Competing Priorities Map to a holistic platform vision, goals and objectives. Work with relevant stakeholders, teams and end users to agree on a common directive considering all impacted perspectives.
    Fostering a Collaborative Culture Ensure the platform is configured to meet the individual needs of the users. Tailor the interface and capabilities of the platform to address users' functional and personal concerns.
    Creating High-Throughput Teams Abstract the enterprise system to expedite delivery. Use the platform to standardize application system access to simplify platform changes and quicken development and testing.

    Recommendations

    Define your platform vision

    Organizations realize that a digital model is the way to provide more effective services to their customers and end users in a cost-effective, innovative, and engaging fashion. DOaaP is a way to help support this transition.

    However, various platform stakeholders will have different interpretations of and preferences for what this platform is intended to solve, what benefits it is supposed to deliver, and what capabilities it will deliver. A grounded vision is imperative to steer the roadmap and initiatives.

    Related Research:

    Assess and modernize your applications

    Certain applications may not sufficiently support the compatibility, flexibility, and efficiency requirements of DOaaP. While workaround technologies and tactics can be employed to overcome these application challenges, the full value of the DOaaP may not be realized.

    Reviewing the current state of the application portfolio will indicate the functional and value limitations of what DOaaP can provide and an indication of the scope of investment needed to bring applications up to a minimum state.

    Related Research:

    Recommendations

    Understand and evaluate end-user needs

    Technology has reached a point where it's no longer difficult for teams to build functional and valuable digital platforms. Rather, the difficulty lies in creating an interface and platform that people want to use and use frequently.

    While it is important to increase the access and promotion of all products and services, orchestrating and configuring them in a way to deliver a satisfying experience is even more important. Applications teams must first learn about and empathize with the needs of end users.

    Related Research:

    Architect your platform

    Formalizing and constructing DOaaP just for the sake of doing so often results in an initiative that is lengthy and costly and ends up being considered a failure.

    The build and optimization of the platform must be predicated on a thorough understanding of the DOaaP's goals, objectives, and priorities and the business capabilities and process they are meant to support and enable. The appropriate architecture and delivery practices can then be defined and employed.

    Related Research:

    CASE STUDY
    e-Estonia

    Situation

    The digital strategy of Estonia resulted in e-Estonia, with the vision of "creating a society with more transparency, trust, and efficiency." Estonia has addressed the challenge by creating structures, organizations, and a culture of innovation, and then using the speed and efficiency of digital infrastructure, apps, and services. This strategy can reduce or eliminate bureaucracy through transparency and automation.

    Estonia embarked on its journey to making digital a priority in 1994-1996, focusing on a committed investment in infrastructure and digital literacy. With that infrastructure in place, they started providing digital services like an e-banking service (1996), e-tax and mobile parking (2002), and then went full steam ahead with a digital information interoperability platform in 2001, digital identity in 2002, e-health in 2008, and e-prescription in 2010. The government is now strategizing for AI.

    Results

    This image contains the results of the e-Estonia case study results

    Source: e-Estonia

    Practices employed

    The e-Estonia digital government model serves as a reference for governments across the world; this is acknowledged by the various awards it has received, like #2 in "internet freedom," awarded by Freedom House in 2019; #1 on the "digital health index," awarded by the Bertelsmann Foundation in 2019; and #1 on "start-up friendliness," awarded by Index Venture in 2018.

    References

    "15th State of Agile Report." Digital.ai, 2021. Web.
    "2022 HR Trends Report." McLean & Company, 2022.
    "2022: State of Application Strategy Report." F5 Inc, 2022.
    "Are Executives Wearing Rose-Colored Glasses Around Digital Transformation?" Cyara, 2021. Web.
    "Cost of a Data Breach Report 2022." IBM, 2022. Web.
    Dalal, Vishal, et al. "Tech Debt: Reclaiming Tech Equity." McKinsey Digital, Oct. 2020. Web.
    "Differentiating Between Intelligent Automation and Hyperautomation." IBM, 15 October 2021. Web.
    "Digital Leadership Report 2021." Harvey Nash Group, 2021.
    "Digital Leadership Report 2022: The State of Digital." Nash Squared, 2022. Web.
    Gupta, Sunil. "Driving Digital Strategy: A Guide to Reimagining Your Business." Harvard Business Review Press, 2018. Web.
    Haff, Gordon. "State of Application Modernization Report 2022." Konveyor, 2022. Web.
    "IEEE Standard for Software Maintenance: IEEE Std 1219-1998." IEEE Standard for Software Maintenance, 1998. Accessed Dec. 2015.
    "Intelligent Automation." Cognizant, n.d. Web.
    "Kofax 2022: Intelligent Automation Benchmark Study". Kofax, 2021. Web.
    McCann, Leah. "Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?" rAVe, 2 July 2020, Web.
    "Proactive Staffing and Patient Prioritization to Decompress ED and Reduce Length of Stay." University Hospitals, 2018. Web.
    "Secrets of Successful Modernization." looksoftware, 2013. Web.
    "State of Software Development." Coding Sans, 2021. Web.
    "The State of Low-Code/No-Code." Creatio, 2021. Web.
    "We Have Built a Digital Society and We Can Show You How." e-Estonia. n.d. Web.
    Zanna. "The 5 Types of Experience Series (1): Brand Experience Is Your Compass." Accelerate in Experience, 9 February 2020. Web.
    Zhang, Y. et al. "Effects of Risks on the Performance of Business Process Outsourcing Projects: The Moderating Roles of Knowledge Management Capabilities." International Journal of Project Management, 2018, vol. 36 no. 4, 627-639.

    Research Contributors and Experts

    This is a picture of Chris Harrington

    Chris Harrington
    Chief Technology Officer
    Carolinas Telco Federal Credit Union

    Chris Harrington is Chief Technology Officer (CTO) of Carolinas Telco Federal Credit Union. Harrington is a proven leader with over 20 years of experience developing and leading information technology and cybersecurity strategies and teams in the financial industry space.

    This is a picture of Benjamin Palacio

    Benjamin Palacio
    Senior Information Technology Analyst County of Placer

    Benjamin Palacio has been working in the application development space since 2007 with a strong focus on system integrations. He has seamlessly integrated applications data across multiple states into a single reporting solution for management teams to evaluate, and he has codeveloped applications to manage billions in federal funding. He is also a CSAC-credentialed IT Executive (CA, USA).

    This is a picture of Scott Rutherford

    Scott Rutherford
    Executive Vice President, Technology
    LGM Financial Services Inc.

    Scott heads the Technology division of LGM Financial Services Inc., a leading provider of warranty and financing products to automotive OEMs and dealerships in Canada. His responsibilities include strategy and execution of data and analytics, applications, and technology operations.

    This is a picture of Robert Willatts

    Robert Willatts
    IT Manager, Enterprise Business Solutions and Project Services
    Town of Newmarket

    Robert is passionate about technology, innovation, and Smart City Initiatives. He makes customer satisfaction as the top priority in every one of his responsibilities and accountabilities as an IT manager, such as developing business applications, implementing and maintaining enterprise applications, and implementing technical solutions. Robert encourages communication, collaboration, and engagement as he leads and guides IT in the Town of Newmarket.

    This is a picture of Randeep Grewal

    Randeep Grewal
    Vice President, Enterprise Applications
    Red Hat

    Randeep has over 25 years of experience in enterprise applications, advanced analytics, enterprise data management, and consulting services, having worked at numerous blue-chip companies. In his most recent role, he is the Vice President of Enterprise Applications at Red Hat. Reporting to the CIO, he is responsible for Red Hat's core business applications with a focus on enterprise transformation, application architecture, engineering, and operational excellence. He previously led the evolution of Red Hat into a data-led company by maturing the enterprise data and analytics function to include data lake, streaming data, data governance, and operationalization of analytics for decision support.

    Prior to Red Hat, Randeep was the director of global services strategy at Lenovo, where he led the strategy using market data to grow Lenovo's services business by over $400 million in three years. Prior to Lenovo, Randeep was the director of advanced analytics at Alliance One and helped build an enterprise data and analytics function. His earlier work includes seven years at SAS, helping SAS become a leader in business analytics, and at KPMG consulting, where he managed services engagements at Fortune 100 companies.

    Exit Plans: Escape from the black hole

    • Large vertical image:
    • member rating overall impact: Highly Valued
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    In early April, I already wrote about exit plans and how they are the latest burning platform.

    Now, nearing the end of May, we have both Microsoft and Google reassuring European clients about their sovereign cloud solutions. There are even air-gapped options for military applications. These messages come as a result of the trade war between the US and the rest of the world.

    There is also the other, more mundane example of over-reliance on a single vendor: the Bloomberg-terminal outage of May 21st, 2025. That global outage severely disrupted financial markets. It caused traders to lose access to real-time data, analytics, and pricing information for approximately 90 minutes. This widespread system failure delayed critical government bond auctions in the UK, Portugal, Sweden, and the EU.

    It serves as a reminder of the heavy reliance on the Bloomberg Terminal, which is considered an industry standard despite its high annual cost. While some Bloomberg services like instant messaging remained functional, allowing limited communication among traders, the core disruption led to significant frustration and slowed down trading activities.

    You want to think about this for a moment. Bloomberg is, just like Google and Microsoft are, cornerstones in their respective industries. MS, Google, and Amazon even in many more industries. 

    So the issue goes beyond the “panic of the day.” Every day, there will be some announcement that sends markets reeling and companies fearing. Granted, the period we go through today can have grave consequences, but at the same time, it may be over in the coming months or years.

    Contractual cover

    Let's take a step back and see if we can locate the larger issue at stake. I dare to say that the underlying issue is trust. We are losing trust in one another at a fast pace. Not between business partners, meaning companies who are, in a transaction or relationship, are more or less equal. Regardless of their geolocation, people are keen to do business together in a predictable, mutually beneficial way. And as long as that situation is stable, there is little need, beyond compliance and normal sound practices, to start to distrust each other.

    Trouble brews when other factors come into play. I want to focus on two of them in this article.

    1. Market power
    2. Government interference

    Market Power

    The past few years have seen a large increase in power of the cloud computing platforms. The pandemic of 2019 through to 2023 changed our way of working and gave a big boost to these platforms. Of course, they were already establishing their dominance in the early 2010s.

    Amazon launched SQS in 2004 with S3 (storage)  and EC2 (compute) in 2006. Azure launched in 2008 as a PaaS platform for .NET developers, and became really available in 2010. Since then, it grew into the IaaS (infrastructure as a service) platform we know today. Google's Cloud Platform (GCP) launched in 2008 and added components such as BigQuery, Compute Engine and Storage in the 2010s.

    Since the pandemic, we've seen another boost to their popularity. These platforms solidified their lead through several vectors:

    • Remote working
    • Business continuity and resilience promises
    • Acceleration of digital transformation
    • Scalability
    • Cost optimization 

    Companies made decisions on these premises. A prime example is the use of native cloud functions. These make life easier for developers. Native functions allow for serverless functionality to be made available to clients, and to do so in a non-infra-based way. It gives the impression of less complexity to the management. They are also easily scalable. 

    This comes at a cost, however. The cost is vendor lock-in. And with vendor lock-in, comes increased pricing power for the vendor.

    For a long time, it seems EU companies' attitude was: “It won't be such an issue, after all, there are multiple cloud vendors and if all else fails, we just go back.” The reality is much starker, I suspect that cloud providers with this level of market power will increase their pricing significantly.

     Government interference

    in come two elements:

    • EU laws
    • US laws and unpredictability
    EU laws

     The latest push to their market power came as an unintended consequence of EU Law: DORA. That EU law requires companies to have testable exit plans in place. But it goes well beyond this. The EU has increased the regulatory burden on companies significantly. BusinessEurope, a supranational organization, estimates that in the past five years, the Eu managed to release over 13,000 legislative acts. This is compared to 3,500 in the US.

    Coming back to DORA, this law requires EU companies to actually test their exit plans and show proof of it to the EU ESAs (European Supervisory Agency).  The reaction I have seen in industry representative organizations is complacency. 

    The cost of compliance is significant; hence, companies try to limit their exposure to the law as much as possible. They typically do this by limiting the applicability scope of the law to their business, based on the wording of the law. And herein lies the trap. This is not lost on the IT providers. They see that companies do the heavy lifting for them. What do I mean by that?  Several large providers are looked at by the EU as systemic providers. They fall under direct supervision by the ESAs. 

    For local EU providers, it is what it is, but for non-EU providers, they get to show their goodwill, using sovereign IT services.  I will come back to this in the next point, US unpredictability and laws. But the main point is: we are giving them more market power, and we have less contractual power. Why? Because we are showing them that we will go to great lengths to keep using their services.

    US laws and unpredictability

    US companies must comply with US law. So far, so good. Current US legislation also already requires US companies to share data on non-US citizens.

    • Foreign Intelligence Surveillance Act (FISA), particularly Section 702
    • The CLOUD (Clarifying Lawful Overseas Use of Data) Act of 2018
    • The USA PATRIOT Act (specifically relevant sections like 215 and 314(a)/314(b))
    • Executive Order 14117 and related DOJ Final Rule (Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern)

    This last one is of particular concern. Not so much because of its contents, but because it is an Executive Order.

    We know that the current (May 2025) US government mostly works through executive orders. Let's not forget that executive orders are a legitimate way to implement policy, This means that the US government could use access to cloud services as a lever to obtain more favorable trade rules.

    The EU responds to this (the laws and executive order) by implementing several sovereignty countermeasures like GDPR, DORA, Digital markets Act (DMA), Data Governance Act (DGA), Cybersecurity Act and the upcoming European Health Data Act (EHDS). This is called the “Brussels Effect.”

    EU Answers

    Europe is also investing in several strategic initiatives such as

    This points to a new dynamic between the EU and the US, EU-based companies simply cannot trust their US counterparts anymore to the degree they could before. The sad thing is, that there is no difference on the interpersonal level. It is just that companies must comply with their respective laws.

    Hence, Microsoft, Google, and AWS and any other US provider cannot legally provide sovereign cloud services. In a strict legal sense, Microsoft and Google cannot absolutely guarantee that they can completely insulate EU companies and citizens from all US law enforcement requests for data, despite their robust efforts and sovereign cloud offerings. This is because they are US companies, subject to US law and US jurisdiction. The CLOUD act and FISA section 702 compel US companies to comply. 

    Moreover, there is the nature of sovereign cloud offerings:

    • Increased Control, Not Absolute Immunity: Services like Microsoft's EU Data Boundary and Google's Cloud for Sovereignty are designed to provide customers with greater control over data residency, administrative access (e.g., limiting access to EU-based personnel), and encryption keys
    • Customer-Managed Keys (CMEK): If an EU customer controls their encryption keys, and the data remains encrypted at rest and in transit, it theoretically makes it harder for the cloud provider to provide plaintext data if compelled. However, metadata and other operational data might still be accessible, and the extent to which US authorities could compel a US company to decrypt data remains a point of contention and legal ambiguity.
    • Partnerships and Local Entities: Some “sovereign cloud” models involve partnerships with local EU entities (e.g., Google's partnership with S3NS in France, or Microsoft's with Capgemini and Orange). While this might create a legal buffer, if the core cloud infrastructure and controlling entity are still ultimately US-based, the risk of US legal reach persists.
    • “Limited Security Instances”: Even with the EU Data Boundary, Microsoft explicitly states, “in limited security instances that require a coordinated global response, essential data may be transferred with robust protections that safeguard customer data.” This phrasing acknowledges that some data may still leave the EU boundary under certain circumstances.

     And lastly, there are the legal challenges to the EU data privacy Framework (DPF)

    • Ongoing Scrutiny: The DPF is the current legal basis for EU-US data transfers, but it is under continuous scrutiny and is highly likely to face further legal challenges in the CJEU (a “Schrems III” case is widely anticipated). This uncertainty means that the current framework's longevity and robustness are not guaranteed.
    • Fundamental Conflict: The core legal conflict between the broad scope of US surveillance laws and the EU's fundamental right to privacy has not been fully resolved by the DPF, according to many EU legal experts and privacy advocates.

    This all means that while the cloud providers are doing everything they can, and I'm assuming they are acting in good faith. The fact that they are US entities means however that they are subject to all US legislation and executive orders.  And we cannot trust this last part. Again, this is why the EU is pursuing its digital sovereignty initiatives and why some highly sensitive EU public sector entities are gravitating towards truly EU-owned and operated cloud solutions.

    Bankruptcy

    If your provider goes bankrupt, you do not have a leg to stand on. Most jurisdictions, including the EU and US, have the following elements regarding bankruptcy:

    • Automatic Stay: Upon a bankruptcy filing (in most jurisdictions, including the US and EU), an “automatic stay” is immediately imposed. This is a court order that stops most collection activities against the debtor. For you as a customer, this can mean you might be prevented from:

      • Terminating the contract immediately, even if your contract allows it.
      • Initiating legal proceedings against the provider.
      • Trying to recover your data directly without court permission.
    • Debtor's Estate and Creditor Priority

      • Property of the Estate: All the bankrupt provider's assets become part of the “bankruptcy estate,” to be managed by a court-appointed trustee or receiver. The crucial question becomes: Is your data considered the property of the estate, or does ownership remain unequivocally with you? While most cloud contracts explicitly state that the customer owns their data, a bankruptcy court might still view the possession of that data by the provider as an asset of the estate, potentially subject to monetization to pay off creditors.
      • Secured vs. Unsecured Creditors: You, as a customer seeking to retrieve your data or continue services, are likely to be an “unsecured creditor.” Secured creditors (e.g., banks with liens on assets) get paid first. Your claim for data or service continuity will be far down the priority list, meaning you might recover little, if anything, in compensation.
    • Executory contracts and the Trustee's power
      • Assumption or Rejection: Bankruptcy law generally allows the trustee (or debtor in possession in a Chapter 11 case) to assume (continue) or reject (terminate) “executory contracts” – those where both parties still have significant performance obligations.
      • Trustee's Discretion: The trustee will make this decision based on what benefits the bankruptcy estate and the creditors. If your contract is loss-making for the provider, or if continuing it is not in the best interest of the creditors, the trustee can reject it, even if it has a termination clause unfavorable to them.
      • No Customer Right to Demand Continuation: You typically cannot compel the trustee to continue the service if they choose to reject the contract. Your recourse would then be a claim for damages, which, as noted, is usually a low-priority claim.
    • The practical challenges of data retrieval
        • Even if your contract has strong data return clauses, the practicalities of a bankrupt provider make enforcement difficult. The provider's staff might be laid off, systems might be shut down, and there might be no one left with the technical knowledge or resources to facilitate data export. Not to mention that the trustee may simply refuse to honor the agreement (which is completely within the legal rights of the trustee.)
        • The receiver's priority is liquidation and asset sale, not customer service. They may limit data export speeds or volumes, or prioritize the sale of the business, which might include your data, making retrieval a slow and arduous process.

    Conclusion

    So, while I understand the wait and see stance in regard to exit plans, given where we are, it is in my opinion the wrong thing to do. Companies must make actionable exit plans and prepare beforehand for the exit. That means that you have to:

    1. Design your architecture so that you can port your applications to somewhere else.
    2. Prioritize your data portability and data ownership.
    3. Develop and practice your exit strategy and plans.
    4. Maintain your in-house expertise, especially for all critical business services.
    5. Continuously monitor your vendors and update your risk assessments.

      If you want more detailed steps on how to get there, feel free to contact me.

    Document Your Cloud Strategy

    • Buy Link or Shortcode: {j2store}468|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $35,642 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

    • Inconsistent understanding of what the cloud means
    • Inability to come to a consensus on key decisions
    • Ungoverned decision-making
    • Unclear understanding of cloud roles and responsibilities

    Our Advice

    Critical Insight

    A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

    • Vision and alignment
    • People
    • Governance
    • Technology

    Impact and Result

    • A shared understanding of what is necessary to succeed in the cloud
    • An end to ad hoc deployments that solve small problems and create larger ones
    • A unified approach and set of principles that apply to governance, architecture, integration, skills, and roles (and much, much more).

    Document Your Cloud Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document Your Cloud Strategy – a phased guide to identifying, validating, and recording the steps you’ll take, the processes you’ll leverage, and the governance you’ll deploy to succeed in the cloud.

    This storyboard comprises four phases, covering mission and vision, people, governance, and technology, and how each of these areas requires forethought when migrating to the cloud.

    • Document Your Cloud Strategy – Phases 1-4

    2. Cloud Strategy Document Template – a template that allows you to record the results of the cloud strategy exercise in a clear, readable way.

    Each section of Document Your Cloud Strategy corresponds to a section in the document template. Once you’ve completed each exercise, you can record your results in the document template, leaving you with an artifact you can share with stakeholders.

    • Cloud Strategy Document Template
    [infographic]

    Workshop: Document Your Cloud Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Your Vision and Alignment

    The Purpose

    Understand and document your cloud vision and its alignment with your other strategic priorities.

    Key Benefits Achieved

    A complete understanding of your strategy, vision, alignment, and a list of success metrics that will help you find your way.

    Activities

    1.1 Record your cloud mission and vision.

    1.2 Document your cloud strategy’s alignment with other strategic plans.

    1.3 Record your cloud guiding principles.

    Outputs

    Documented strategy, vision, and alignment.

    Defined success metrics.

    2 Record Your People Strategy

    The Purpose

    Define how people, skills, and roles will contribute to the broader cloud strategy.

    Key Benefits Achieved

    Sections of the strategy that highlight skills, roles, culture, adoption, and the creation of a governance body.

    Activities

    2.1 Outline your skills and roles strategy.

    2.2 Document your approach to culture and adoption

    2.3 Create a cloud governing body.

    Outputs

    Documented people strategy.

    3 Document Governance Principles

    The Purpose

    This section facilitates governance in the cloud, developing principles that apply to architecture, integration, finance management, and more.

    Key Benefits Achieved

    Sections of the strategy that define governance principles.

    Activities

    3.1 Conduct discussion on architecture.

    3.2 Conduct discussion on integration and interoperability.

    3.3 Conduct discussion on operations management.

    3.4 Conduct discussion on cloud portfolio management.

    3.5 Conduct discussion on cloud vendor management.

    3.6 Conduct discussion on finance management.

    3.7 Conduct discussion on security.

    3.8 Conduct discussion on data controls.

    Outputs

    Documented cloud governance strategy.

    4 Formalize Your Technology Strategy

    The Purpose

    Creation of a formal cloud strategy relating to technology around provisioning, monitoring, and migration.

    Key Benefits Achieved

    Completed strategy sections of the document that cover technology areas.

    Activities

    4.1 Formalize organizational approach to monitoring.

    4.2 Document provisioning process.

    4.3 Outline migration processes and procedures.

    Outputs

    Documented cloud technology strategy.

    Further reading

    Document Your Cloud Strategy

    Get ready for the cloudy future with a consistent, proven strategy.

    Analyst perspective

    Any approach is better than no approach

    The image contains a picture of Jeremy Roberts

    Moving to the cloud is a big, scary transition, like moving from gas-powered to electric cars, or from cable to streaming, or even from the office to working from home. There are some undeniable benefits, but we must reorient our lives a bit to accommodate those changes, and the results aren’t always one-for-one. A strategy helps you make decisions about your future direction and how you should respond to changes and challenges. In Document Your Cloud Strategy we hope to help you accomplish just that: clarifying your overall mission and vision (as it relates to the cloud) and helping you develop an approach to changes in technology, people management, and, of course, governance. The cloud is not a panacea. Taken on its own, it will not solve your problems. But it can be an important tool in your IT toolkit, and you should aim to make the best use of it – whatever “best” happens to mean for you.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The cloud is multifaceted. It can be complicated. It can be expensive. Everyone has an opinion on the best way to proceed – and in many cases has already begun the process without bothering to get clearance from IT. The core challenge is creating a coherent strategy to facilitate your overall goals while making the best use of cloud technology, your financial resources, and your people.

    Common Obstacles

    Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:

    • Inconsistent understanding of what the cloud means
    • Inability to come to a consensus on key decisions
    • Ungoverned decision making
    • Unclear understanding of cloud roles and responsibilities

    Info-Tech’s Approach

    A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:

    1. Vision and alignment
    2. People
    3. Governance
    4. Technology

    The answers might be different, but the questions are the same

    Every organization will approach the cloud differently, but they all need to ask the same questions: When will we use the cloud? What forms will our cloud usage take? How will we manage governance? What will we do about people? How will we incorporate new technology into our environment? The answers to these questions are as numerous as there are people to answer them, but the questions must be asked.

    Your challenge

    This research is designed to help organizations that are facing these challenges or looking to:

    • Ensure that the cloud strategy is complete and accurately reflects organizational goals and priorities.
    • Develop a consistent and coherent approach to adopting cloud services.
    • Design an approach to mitigate risks and challenges associated with adopting cloud services.
    • Create a shared understanding of the expected benefits of cloud services and the steps required to realize those benefits.

    Grappling with a cloud strategy is a top initiative: 43% of respondents report progressing on a cloud-first strategy as a top cloud initiative.

    Source: Flexera, 2021.

    Definition: Cloud strategy

    A document providing a systematic overview of cloud services, their appropriate use, and the steps that an organization will take to maximize value and minimize risk.

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The cloud means different things to different people, and creating a strategy that is comprehensive enough to cover a multitude of use cases while also being written to be consumable by all stakeholders is difficult.
    • The incentives to adopt the cloud differ based on the expected benefit for the individual customer. User-led decision making and historically ungoverned deployments can make it difficult to reset expectation and align with a formal strategy.
    • Getting all the right people in a room together to agree on the key components of the strategy and the direction undertaken for each one is often difficult.

    Info-Tech’s approach

    Define Your Cloud Vision

    Vision and alignment

    • Mission and vision
    • Alignment to other strategic plans
    • Guiding principles
    • Measuring success

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Info-Tech’s approach

    Your cloud strategy will comprise the elements listed under “vision and alignment,” “technology,” “governance,” and “people.” The Info-Tech methodology involves breaking the strategy down into subcomponents and going through a three-step process for each one. Start by reviewing a standard set of questions and understanding the goal of the exercise: What do we need to know? What are some common considerations and best practices? Once you’ve had a chance to review, discuss your current state and any gaps: What has been done? What still needs to be done? Finally, outline how you plan to go forward: What are your next steps? Who needs to be involved?

    Review

    • What questions do we need to answer to complete the discussion of this strategy component? What does the decision look like?
    • What are some key terms and best practices we must understand before deciding?

    Discuss

    • What steps have we already taken to address this component?
    • Does anything still need to be done?
    • Is there anything we’re not sure about or need further guidance on?

    Go forward

    • What are the next steps?
    • Who needs to be involved?
    • What questions still need to be asked/answered?
    • What should the document’s wording look like?

    Info-Tech’s methodology for documenting your cloud strategy

    1. Document your vision and alignment

    2. Record your people strategy

    3. Document governance principles

    4. Formalize your technology strategy

    Phase Steps

    1. Record your cloud mission and vision
    2. Document your cloud strategy’s alignment with other strategic plans
    3. Record your cloud guiding principles
    4. Define success
    1. Outline your skills and roles strategy
    2. Document your approach to culture and adoption
    3. Create a cloud governing body

    Document official organizational positions in these governance areas:

    1. Architecture
    2. Integration and interoperability
    3. Operations management
    4. Cloud portfolio management
    5. Cloud vendor management
    6. Finance management
    7. Security
    8. Data controls
    1. Formalize organizational approach to monitoring
    2. Document provisioning process
    3. Outline migration processes and procedures

    Phase Outcomes

    Documented strategy: vision and alignment

    Documented people strategy

    Documented cloud governance strategy

    Documented cloud technology strategy

    Insight summary

    Separate strategy from tactics

    Separate strategy from tactics! A strategy requires building out the framework for ongoing decision making. It is meant to be high level and achieve a large goal. The outcome of a strategy is often a sense of commitment to the goal and better communication on the topic.

    The cloud does not exist in a vacuum

    Your cloud strategy flows from your cloud vision and should align with the broader IT strategy. It is also part of a pantheon of strategies and should exist harmoniously with other strategies – data, security, etc.

    People problems needn’t preponderate

    The cloud doesn’t have to be a great disruptor. If you handle the transition well, you can focus your people on doing more valuable work – and this is generally engaging.

    Governance is a means to an end

    Governing your deployment for its own sake will only frustrate your end users. Articulate the benefits users and the organization can expect to see and you’re more likely to receive the necessary buy-in.

    Technology isn’t a panacea

    Technology won’t solve all your problems. Technology is a force multiplier, but you will still have to design processes and train your people to fully leverage it.

    Key deliverable

    Cloud Strategy Document template

    Inconsistency and informality are the enemies of efficiency. Capture the results of the cloud strategy generation exercises in the Cloud Strategy Document template.

    The image contains a screenshot of the Cloud Strategy Document Template.
    • Record the results of the exercises undertaken as part of this blueprint in the Cloud Strategy Document template.
    • It is important to remember that not every cloud strategy will look exactly the same, but this template represents an amalgamation of best practices and cloud strategy creation honed over several years of advisory service in the space.
    • You know your audience better than anyone. If you would prefer a strategy delivered in a different way (e.g. presentation format) feel free to adapt the Cloud Vision Executive Presentation into a longer strategy presentation.
    • Emphasis is an area where you should exercise discretion as well. A cost-oriented cloud strategy, or one that prioritizes one type of cloud (e.g. SaaS) at the exclusion of others, may benefit from more focus on some areas than others, or the introduction of relevant subcategories. Include as many of these as you think will be relevant.
    • Parsimony is king – if you can distill a concept to its essence, start there. Include additional detail only as needed. You want your cloud strategy document to be read. If it’s too long or overly detailed, you’ll encounter readability issues.

    Blueprint benefits

    IT benefits

    Business benefits

    • A consistent, well-defined approach to the cloud
    • Consensus on key strategy components, including security, architecture, and integration
    • A clear path forward on skill development and talent acquisition/retention
    • A comprehensive resource for information about the organization’s approach to key strategy components
    • Predictable access to cloud services
    • A business-aligned approach to leveraging the resources available in the cloud
    • Efficient and secure consumption of cloud resources where appropriate to do so
    • Answers to questions about the cloud and how it will be leveraged in the environment

    Measure the value of this blueprint

    Don’t take our word for it:

    • Document Your Cloud Strategy has been available for several years in various forms as both a workshop and as an analyst-led guided implementation.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Those who have worked through Info-Tech’s cloud strategy material have given overwhelmingly positive feedback.
    • Additionally, members reported saving between 10 and 20 days and an average of $46,499.
    • Measure the value by calculating the time saved as a result of using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    8.8/10 Average reported satisfaction

    13 Days Average reported time savings

    $46,499 Average cost savings

    Executive Brief Case Study

    INDUSTRY: Pharmaceuticals

    SOURCE: Info-Tech workshop

    Pharmaceutical company

    The unnamed pharmaceutical company that is the subject of this case study was looking to make the transition to the cloud. In the absence of a coherent strategy, the organization had a few cloud deployments with no easily discernable overall approach. Representatives of several distinct functions (legal, infrastructure, data, etc.) all had opinions on the uses and abuses of cloud services, but it had been difficult to round everyone up and have the necessary conversations. As a result, the strategy exercise had not proceeded in a speedy or well-governed way. This lack of strategic readiness presented a roadblock to moving forward with the cloud strategy and to work with the cloud implementation partner, tasked with execution.

    Results

    The company engaged Info-Tech for a four-day workshop on cloud strategy documentation. Over the course of four days, participants drawn from across the organization discussed the strategic components and generated consensus statements and next steps. The team was able to formalize the cloud strategy and described the experience as saving 10 days.

    Example output: Document your cloud strategy workshop exercise

    The image contains an example of Document your cloud streatgy workshop exercise.

    Anything in green, the team was reasonably sure they had good alignment and next steps. Those yellow flags warranted more discussion and were not ready for documentation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Document your vision and alignment

    Record your people strategy

    Document governance principles

    Formalize your technology strategy

    Call #1: Review existing vision/strategy documentation.

    Call #2: Review progress on skills, roles, and governance bodies.

    Call #3: Work through integration, architecture, finance management, etc. based on reqs. (May be more than one call.)

    Call #4: Discuss challenges with monitoring, provisioning, and migration as-needed.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 4 to 6 calls over the course of 1 to 3 months

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Answer
    “so what?”

    Define the
    IT target state

    Assess the IT
    current state

    Bridge the gap and
    create the strategy

    Next steps and
    wrap-up (offsite)

    Activities

    1.1 Introduction

    1.2 Discuss cloud mission and vision

    1.3 Discuss alignment with other strategic plans

    1.4 Discuss guiding principles

    1.5 Define success metrics

    2.1 Discuss skills and roles

    2.2 Review culture and adoption

    2.3 Discuss a cloud governing body

    2.4 Review architecture position

    2.5 Discuss integration and interoperability

    3.1 Discuss cloud operations management

    3.2 Review cloud portfolio management

    3.3 Discuss cloud vendor management

    3.4 Discuss cloud finance management

    3.5 Discuss cloud security

    4.1 Review and formalize data controls

    4.2 Design a monitoring approach

    4.3 Document the workload provisioning process

    4.4 Outline migration processes and procedures

    5.1 Populate the Cloud Strategy Document

    Deliverables

    Formalized cloud mission and vision, along with alignment with strategic plans, guiding principles, and success metrics

    Position statement on skills and roles, culture and adoption, governing bodies, architecture, and integration/interoperability

    Position statements on cloud operations management, portfolio management, vendor management, finance management, and cloud security

    Position statements on data controls, monitoring, provisioning, and migration

    Completed Cloud Strategy Document

    Phase 1

    Document Your Vision and Alignment

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Document your mission and vision

    1.2 Document alignment to other strategic plans

    1.3 Document guiding principles

    1.4 Document success metrics

    2.1 Define approach to skills and roles

    2.2 Define approach to culture and adoption

    2.3 Define cloud governing bodies

    3.1 Define architecture direction

    3.2 Define integration approach

    3.3 Define operations management process

    3.4 Define portfolio management direction

    3.5 Define vendor management direction

    3.6 Document finance management tactics

    3.7 Define approach to cloud security

    3.8 Define data controls in the cloud

    4.1 Define cloud monitoring strategy

    4.2 Define cloud provisioning strategy

    4.3 Define cloud migration strategy

    This phase will walk you through the following activities:

    1. Record your cloud mission and vision
    2. Document your cloud strategy’s alignment with other strategic plans
    3. Record your cloud guiding principles
    4. Define success

    This phase has the following outcome:

    • Documented strategy: vision and alignment

    Record your mission and vision

    Build on the work you’ve already done

    Before formally documenting your cloud strategy, you should ensure that you have a good understanding of your overall cloud vision. How do you plan to leverage the cloud? What goals are you looking to accomplish? How will you distribute your workloads between different cloud service models (SaaS, PaaS, IaaS)? What will your preferred delivery model be (public, private, hybrid)? Will you support your cloud deployment internally or use the services of various consultants or managed service providers?

    The answers to these questions will inform the first section of your cloud strategy. If you haven’t put much thought into this or think you could use a deep dive on the fundamentals of your cloud vision and cloud archetypes, consider reviewing Define Your Cloud Vision, the companion blueprint to this one.

    Once you understand your cloud vision and what you’re trying to accomplish with your cloud strategy, this phase will walk you through aligning the strategy with other strategic initiatives. What decisions have others made that will impact the cloud strategy (or that the cloud strategy will impact)? Who must be involved/informed? What callouts must be involved at what point? Do users have access to the appropriate strategic documentation (and would they understand it if they did)?

    You must also capture some guiding principles. A strategy by its nature provides direction, helping readers understand the decisions they should make and why those decisions align with organizational interests. Creating some top-level principles is a useful exercise because those principles facilitate comprehension and ensure the strategy’s applicability.

    Finally, this phase will walk you through the process of measuring success. Once you know where you’d like to go, the principles that underpin your direction, and how your cloud strategy figures into the broader strategic pantheon, you should record what success actually means. If you’re looking to save money, overall cost should be a metric you track. If the cloud is all about productivity, generate appropriate productivity metrics. If you’re looking to expand into new technology or close a datacenter, you will need to track output specific to those overall goals.

    Review: mission and vision

    The overall organizational mission is a key foundational element of the cloud strategy. If you don’t understand where you’re going, how can you begin the journey to get there? This section of the strategy has four key parts that you should understand and incorporate into the beginning of the strategy document. If you haven’t already, review Define Your Cloud Vision for instructions on how to generate these elements.

    1. Cloud vision statement: This is a succinct encapsulation of your overall perspective on the suitability of cloud services for your environment – what you hope to accomplish. The ideal statement includes a scope (who/what does the strategy impact?), a goal (what will it accomplish?), and a key differentiator (what will make it happen?). This is an example: “[Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.” You might also consider reviewing your overall cloud archetype (next slide) and including the output of that exercise in the document

    2. Service model decision framework: Services can be provided as software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), or they can be colocated or remain on premises. Not all cloud service models serve the same purpose or provide equal value in all circumstances. Understanding how you plan to take advantage of these distinct service models is an important component of the cloud strategy. In this section of the strategy, a rubric that captures the characteristics of the ideal workload for each of the named service models, along with some justification for the selection, is essential. This is a core component of Define Your Cloud Vision, and if you would like to analyze individual workloads, you can use the Cloud Vision Workbook for that purpose.

    3. Delivery model decision framework: Just as there are different cloud service models that have unique value propositions, there are several unique cloud delivery models as well, distinguished by ownership, operation, and customer base. Public clouds are the purview of third-party providers who make them available to paying customers. Private clouds are built for the exclusive use of a designated organization or group of organizations with internal clients to serve. Hybrid clouds involve the use of multiple, interoperable delivery models (interoperability is the key term here), while multi-cloud deployment models incorporate multiple delivery and service models into a single coherent strategy. What will your preferred delivery model be? Why?

    4. Support model decision framework: Once you have a service model nailed down and understand how you will execute on the delivery, the question then becomes about how you will support your cloud deployment going forward. Broadly speaking, you can choose to manage your deployment in house using internal resources (e.g. staff), to use managed service providers for ongoing support, or to hire consultants to handle specific projects/tasks. Each approach has its strengths and weaknesses, and many cloud customers will deploy multiple support models across time and different workloads. A foundational perspective on the support model is a key component of the cloud vision and should appear early in the strategy.

    Understand key cloud concepts: Archetype

    Once you understand the value of the cloud, your workloads’ general suitability for the cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype. Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes. After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders. The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    The image contains an arrow facing vertically up. The pointed end of the arrow is labelled more cloud, and the bottom of the arrow is labelled less cloud.

    We can best support the organization’s goals by:

    Cloud-Focused

    Cloud-Centric

    Providing all workloads through cloud delivery.

    Cloud-First

    Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”

    Cloud-Opportunistic

    Hybrid

    Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.

    Integrated

    Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.

    Split

    Using the cloud for some workloads and traditional infrastructure resources for others.

    Cloud-Averse

    Cloud-Light

    Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.

    Anti-Cloud

    Using traditional infrastructure resources and avoiding the use of cloud wherever possible.

    Document Business Goals and Capabilities for Your IT Strategy

    • Buy Link or Shortcode: {j2store}77|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a strategic driver, IT needs to work with the business. Yet, traditionally IT has not worked hand-in-hand with the business. IT does not know what information it needs from the business to execute on its initiatives.
    • A faster time to new investment decisions mean that IT needs a repeatable and efficient process to understand what the business needs.
    • CIOs must execute strategic initiatives to create an IT function that can support the business. Most CIOs fail because of low business support.

    Our Advice

    Critical Insight

    • Understanding the business context is a must for all strategic IT initiatives. At its core, each strategic IT project requires answers to a specific set of questions regarding the business.
    • An effective CIO understands which part of the business context applies to which strategic IT project and, in turn, what questions to ask to uncover those insights.

    Impact and Result

    • Uncover what IT knows and needs to know about the business context. This is a necessary first step to begin each of Info-Tech’s strategic IT initiatives, which any CIO should complete.
    • Conduct efficient and repeatable business context discovery activities to uncover business context gaps.
    • Document the business context you have uncovered and streamline the process for executing on Info-Tech’s strategic CIO blueprints.

    Document Business Goals and Capabilities for Your IT Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should define the business context, review Info-Tech’s methodology, and understand how we can support you in completing key CIO strategic initiatives.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and document the business needs of the organization

    Define the business context needed to complete strategic IT initiatives.

    • Document Business Goals and Capabilities for Your IT Strategy – Storyboard
    • Business Context Discovery Tool
    • Business Context Discovery Record Template
    • PESTLE Analysis Template
    • Strategy Alignment Map Template
    [infographic]

    Workshop: Document Business Goals and Capabilities for Your IT Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Missing Business Context (pre-work)

    The Purpose

    Conduct analysis and facilitate discussions to uncover business needs for IT.

    Key Benefits Achieved

    A baseline understanding of what business needs mean for IT

    Activities

    1.1 Define the strategic CIO initiatives our organization will pursue.

    1.2 Complete the Business Context Discovery Tool.

    1.3 Schedule relevant interviews.

    1.4 Select relevant Info-Tech diagnostics to conduct.

    Outputs

    Business context scope

    Completed Business Context Discovery Tool

    Completed Info-Tech diagnostics

    2 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    2.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    3 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    3.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    4 Review Business Context and Next Steps

    The Purpose

    Review findings and implications for IT’s strategic initiative.

    Key Benefits Achieved

    A thorough understanding of business needs and how IT’s strategic initiatives addresses those needs

    Activities

    4.1 Review documented business context with IT team.

    4.2 Discuss next steps for strategic CIO initiative execution.

    Outputs

    Finalized version of the business context

    Enhance Your Solution Architecture Practices

    • Buy Link or Shortcode: {j2store}157|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $33,359 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices is critical for business value delivery.
    • A mature solution architecture practice is the basic necessity for a business to have technical agility.

    Our Advice

    Critical Insight

    Don’t architect for normal situations. That is a shallow approach and leads to decisions that may seem “right” but will not be able to stand up to system elasticity needs.

    Impact and Result

    • Understand the different parts of a continuous security architecture framework and how they may apply to your decisions.
    • Develop a solution architecture for upcoming work (or if there is a desire to reduce tech debt).

    Enhance Your Solution Architecture Practices Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Solution Architecture Practices Deck – A deck to help you develop an approach for or validate existing solution architecture capability.

    Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life. Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.

    • Enhance Your Solution Architecture Practices – Phases 1-3

    2. Solution Architecture Template – A template to record the results from the exercises to help you define, detail, and make real your digital product vision.

    Identify and detail the value maps that support the business, and discover the architectural quality attribute that is most important for the value maps. Brainstorm solutions for design decisions for data, security, scalability, and performance.

    • Solution Architecture Template
    [infographic]

    Workshop: Enhance Your Solution Architecture Practices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Vision and Value Maps

    The Purpose

    Document a vision statement for the solution architecture practice (in general) and/or a specific vision statement, if using a single project as an example.

    Document business architecture and capabilities.

    Decompose capabilities into use cases.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Develop a collaborative understanding of business capabilities.

    Develop a collaborative understanding of use cases and personas that are relevant for the business.

    Activities

    1.1 Develop vision statement.

    1.2 Document list of value stream maps and their associated use cases.

    1.3 Document architectural quality attributes needed for use cases using SRME.

    Outputs

    Solution Architecture Template with sections filled out for vision statement canvas and value maps

    2 Continue Vision and Value Maps, Begin Phase 2

    The Purpose

    Map value stream to required architectural attributes.

    Prioritize architecture decisions.

    Discuss and document data architecture.

    Key Benefits Achieved

    An understanding of architectural attributes needed for value streams.

    Conceptual understanding of data architecture.

    Activities

    2.1 Map value stream to required architectural attributes.

    2.2 Prioritize architecture decisions.

    2.3 Discuss and document data architecture.

    Outputs

    Solution Architecture Template with sections filled out for value stream and architecture attribute mapping; a prioritized list of architecture design decisions; and data architecture

    3 Continue Phase 2, Begin Phase 3

    The Purpose

    Discuss security and threat assessment.

    Discuss resolutions to threats via security architecture decisions.

    Discuss system’s scalability needs.

    Key Benefits Achieved

    Decisions for security architecture.

    Decisions for scalability architecture.

    Activities

    3.1 Discuss security and threat assessment.

    3.2 Discuss resolutions to threats via security architecture decisions.

    3.3 Discuss system’s scalability needs.

    Outputs

    Solution Architecture Template with sections filled out for security architecture and scalability design

    4 Continue Phase 3, Start and Finish Phase 4

    The Purpose

    Discuss performance architecture.

    Compile all the architectural decisions into a solutions architecture list.

    Key Benefits Achieved

    A complete solution architecture.

    A set of principles that will form the foundation of solution architecture practices.

    Activities

    4.1 Discuss performance architecture.

    4.2 Compile all the architectural decisions into a solutions architecture list.

    Outputs

    Solution Architecture Template with sections filled out for performance and a complete solution architecture

    Further reading

    Enhance Your Solution Architecture Practice

    Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

    Analyst Perspective

    Application architecture is a critical foundation for supporting the growth and evolution of application systems. However, the business is willing to exchange the extension of the architecture’s life with quality best practices for the quick delivery of new or enhanced application functionalities. This trade-off may generate immediate benefits to stakeholders, but it will come with high maintenance and upgrade costs in the future, rendering your system legacy early.

    Technical teams know the importance of implementing quality attributes into architecture but are unable to gain approval for the investments. Overcoming this challenge requires a focus of architectural enhancements on specific problem areas with significant business visibility. Then, demonstrate how quality solutions are vital enablers for supporting valuable application functionalities by tracing these solutions to stakeholder objectives and conducting business and technical risk and impact assessments through multiple business and technical perspectives.

    this is a picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Manager, Applications
    Info-Tech Research Group

    Enhance Your Solution Architecture

    Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    • Most organizations have some form of solution architecture; however, it may not accurately and sufficiently support the current and rapidly changing business and technical environments.
    • To enable quick delivery, applications are built and integrated haphazardly, typically omitting architecture quality practices.

    Common Obstacles

    • Failing to involve development and stakeholder perspectives in design can lead to short-lived architecture and critical development, testing, and deployment constraints and risks being omitted.
    • Architects are experiencing little traction implementing solutions to improve architecture quality due to the challenge of tracing these solutions back to the right stakeholder objectives.

    Info-Tech's Approach

    • Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life.
    • Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.
    • Regularly review and recalibrate your solution architecture so that it accurately reflects and supports current stakeholder needs and technical environments.

    Info-Tech Insight

    Well-received applications can have poor architectural qualities. Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right tradeoffs are made.

    A badly designed solution architecture is the root of all technical evils

    A well-thought-through and strategically designed solution architecture is essential for the long-term success of any software system, and by extension, the organization because:

    1. It will help achieve quality attribute requirements (security, scalability, performance, usability, resiliency, etc.) for a software system.
    2. It can define and refine architectural guiding principles. A solution architecture is not only important for today but also a vision for the future of the system’s ability to react positively to changing business needs.
    3. It can help build usable (and reusable) services. In a fast-moving environment, the convenience of having pre-made plug-and-play architectural objects reduces the risk incurred from knee-jerk reactions in response to unexpected demands.
    4. It can be used to create a roadmap to an IT future state. Architectural concerns support transition planning activities that can lead to the successful implementation of a strategic IT plan.

    Demand for quick delivery makes teams omit architectural best practices, increasing downstream risks

    In its need for speed, a business often doesn’t see the value in making sure architecture is maintainable, reusable, and scalable. This demand leads to an organizational desire for development practices and the procurement of vendors that favor time-to-market over long-term maintainability. Unfortunately, technical teams are pushed to omit design quality and validation best practices.

    What are the business impacts of omitting architecture design practices?

    Poor quality application architecture impedes business growth opportunities, exposes enterprise systems to risks, and consumes precious IT budgets in maintenance that could otherwise be used for innovation and new projects.

    Previous estimations indicate that roughly 50% of security problems are the result of software design. […] Flaws in the architecture of a software system can have a greater impact on various security concerns in the system, and as a result, give more space and flexibility for malicious users.(Source: IEEE Software)

    Errors in software requirements and software design documents are more frequent than errors in the source code itself according to Computer Finance Magazine. Defects introduced during the requirements and design phase are not only more probable but also more severe and more difficult to remove. (Source: iSixSigma)

    Design a solution architecture that can be successful within the constraints and complexities set before you

    APPLICATION ARCHITECTURE…

    … describes the dependencies, structures, constraints, standards, and development guidelines to successfully deliver functional and long-living applications. This artifact lays the foundation to discuss the enhancement of the use and operations of your systems considering existing complexities.

    Good architecture design practices can give you a number of benefits:

    Lowers maintenance costs by revealing key issues and risks early. The Systems Sciences Institute at IBM has reported that the cost to fix an error found after product release was 4 to 5 times as much as one uncovered during design.(iSixSigma)

    Supports the design and implementation activities by providing key insights for project scheduling, work allocation, cost analysis, risk management, and skills development.(IBM: developerWorks)

    Eliminates unnecessary creativity and activities on the part of designers and implementers, which is achieved by imposing the necessary constraints on what they can do and making it clear that deviation from constraints can break the architecture.(IBM: developerWorks)

    Use Info-Tech’s Continuous Solution Architecture (CSA) Framework for designing adaptable systems

    Solution architecture is not a one-size-fits-all conversation. There are many design considerations and trade-offs to keep in mind as a product or services solution is conceptualized, evaluated, tested, and confirmed. The following is a list of good practices that should inform most architecture design decisions.

    Principle 1: Design your solution to have at least two of everything.

    Principle 2: Include a “kill switch” in your fault-isolation design. You should be able to turn off everything you release.

    Principle 3: If it can be monitored, it should be. Use server and audit logs where possible.

    Principle 4: Asynchronous is better than synchronous. Asynchronous design is more complex but worth the processing efficiency it introduces.

    Principle 5: Stateless over stateful: State data should only be used if necessary.

    Principle 6: Go horizonal (scale out) over vertical (scale up).

    Principle 7: Good architecture comes in small packages.

    Principle 8: Practice just-in-time architecture. Delay finalizing an approach for as long as you can.

    Principle 9: X-ilities over features. Quality of an architecture is the foundation over which features exist. A weak foundation can never be obfuscated through shiny features.

    Principle 10: Architect for products not projects. A product is an ongoing concern, while a project is short lived and therefore only focused on what is. A product mindset forces architects to think about what can or should be.

    Principle 11: Design for rollback: When all else fails, you should be able to stand up the previous best state of the system.

    Principle 12: Test the solution architecture like you test your solution’s features.

    CSA should be used for every step in designing a solution’s architecture

    Solution architecture is a technical response to a business need, and like all complex evolutionary systems, must adapt its design for changing circumstances.

    The triggers for changes to existing solution architectures can come from, at least, three sources:

    1. Changing business goals
    2. Existing backlog of technical debt
    3. Solution architecture roadmap

    A solution’s architecture is cross-cutting and multi-dimensional and at the minimum includes:

    • Product Portfolio Strategy
    • Application Architecture
    • Data Architecture
    • Information Architecture
    • Operational Architecture

    along with several qualitative attributes (also called non-functional requirements).

    This image contains a chart which demonstrates the relationship between changing hanging business goals, Existing backlog of technical debt, Solution architecture roadmap, and Product Portfolio Strategy, Application Architecture, Data Architecture, Information Architecture and, Operational Architecture

    Related Research: Product Portfolio Strategy

    Integrate Portfolios to Create Exceptional Customer Value

    • Define an organizing principle that will structure your projects and applications in a way that matters to your stakeholders.
    • Bridge application and project portfolio data using the organizing principle that matters to communicate with stakeholders across the organization.
    • Create a dashboard that brings together the benefits of both project and application portfolio management to improve visibility and decision making.

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented ; define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Related Research: Data, Information & Integration Architecture

    Build a Data Architecture Roadmap

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
    • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit and determine the corresponding data architecture tiers that need to be addressed.
    • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
    • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Pipeline for Reporting and Analytics

    • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
    • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
    • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

    Related Research:Operational Architecture

    Optimize Application Release Management

    • Acquire release management ownership. Ensure there is appropriate accountability for the speed and quality of the releases passing through the entire pipeline.
    • A release manager has oversight over the entire release process and facilitates the necessary communication between business stakeholders and various IT roles.
    • Instill holistic thinking. Release management includes all steps required to push release and change requests to production along with the hand-off to Operations and Support. Increase the transparency and visibility of the entire pipeline to ensure local optimizations do not generate bottlenecks in other areas.
    • Standardize and lay a strong release management foundation. Optimize the key areas where you are experiencing the most pain and continually improve.

    Build Your Infrastructure Roadmap

    • Increased communication. More information being shared to more people who need it.
    • Better planning. More accurate information being shared.
    • Reduced lead times. Less due diligence or discovery work required as part of project implementations.
    • Faster delivery times. Less low-value work, freeing up more time for project work.

    Related Research:Security Architecture

    Identify Opportunities to Mature the Security Architecture

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors, and therefore, cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Key deliverable:

    Solution Architecture Template
    Record the results from the exercises to help you define, detail, and make real your digital product vision.

    Blueprint Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    This image contains screenshots of the deliverables which will be discussed later in this blueprint

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. some check-ins along the way would help keep us on track

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place

    Consulting

    Our team does not have the time or the knowledge to take this project on. we need assistance through the entirety of this project.

    Diagnostics and consistent frameworks are used throughout all four options

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Exercises
    1. Articulate an architectural vision
    2. Develop dynamic value stream maps
    1. Create a conceptual map between the value stream, use case, and required architectural attribute
    2. Create a prioritized list of architectural attributes
    3. Develop a data architecture that supports transactional and analytical needs
    1. Document security architecture risks and mitigations
    2. Document scalability architecture
    1. Document performance-enhancing architecture
    2. Bring it all together
    Outcomes
    1. Architecture vision
    2. Dynamic value stream maps (including user stories/personas)
    1. List of required architectural attributes
    2. Architectural attributes prioritized
    3. Data architecture design decisions
    1. Security threat and risk analysis
    2. Security design decisions
    3. Scalability design decisions
    1. Performance design decisions
    2. Finalized decisions

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    This GI is between 8 to 10 calls over the course of approximately four to six months.

    Phase 1 Phase 2 Phase 2
    Call #1:
    Articulate an architectural vision.
    Call #4:
    Continue discussion on value stream mapping and related use cases.
    Call #6:
    Document security design decisions.
    Call #2:
    Discuss value stream mapping and related use cases.
    Call #5:
    • Map the value streams to required architectural attribute.
    • Create a prioritized list of architectural attributes.
    Call #7:
    • Document scalability design decisions.
    • Document performance design decisions.
    Call #3:
    Continue discussion on value stream mapping and related use cases.
    Call #8:
    Bring it all together.

    Phase 1: Visions and Value Maps

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Determine a vision for architecture outcomes
    • Draw dynamic value stream maps
    • Derive architectural design decisions
    • Prioritize design decisions

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Let’s get this straight: You need an architectural vision

    If you start off by saying I want to architect a system, you’ve already lost. Remember what a vision is for!

    An architectural vision...

    … is your North Star

    Your product vision serves as the single fixed point for product development and delivery.

    … aligns stakeholders

    It gets everyone on the same page.

    … helps focus on meaningful work

    There is no pride in being a rudderless ship. It can also be very expensive.

    And eventually...

    … kick-starts your strategy

    We know where to go, we know who to bring along, and we know the steps to get there. Let’s plan this out.

    An architectural vision is multi-dimensional

    Who is the target customer (or customers)?

    What is the key benefit a customer can get from using our service or product?

    Why should they be engaged with you?

    What makes our service or product better than our competitors?

    (Adapted from Crossing the Chasm)

    Info-Tech Insight

    It doesn’t matter if you are delivering value to internal or external stakeholders, you need a product vision to ensure everyone understands the “why.”

    Use a canvas as the dashboard for your architecture

    The solution architecture canvas provides a single dashboard to quickly define and communicate the most important information about the vision. A canvas is an effective tool for aligning teams and providing an executive summary view.

    This image contains a sample canvas for you to use as the dashboard for your architecture. The sections are: Solution Name, Tracking Info, Vision, Business Goals, Metrics, Personas, and Stakeholders.

    Leverage the solution architecture canvas to state and inform your architecture vision

    This image contains the sample canvas from the previous section, with annotations explaining what to do for each of the headings.

    1.1 Craft a vision statement for your solution’s architecture

    1. Use the product canvas template provided for articulating your solution’s architecture.

    *If needed, remove or add additional data points to fit your purposes.

    There are different statement templates available to help form your product vision statements. Some include:

    • For [our target customer], who [customer’s need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators].
    • We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    • To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    • Our vision is to [verb: build, design, provide] the [goal, future state] to [verb: help, enable, make it easier to...] [persona].

    (Adapted from Crossing the Chasm)

    Download the Solution Architecture Template and document your vision statement.

    Input

    • Business Goals
    • Product Portfolio Vision

    Output

    • Solution Architecture Vision

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • IT Leadership
    • Business Leadership

    Solution Architecture Canvas: Refine your vision statement

    This image contains a screenshot of the canvas from earlier in the blueprint, with only the annotation for Solution Name: Vision, unique value proposition, elevator pitch, or positioning statement.

    Understand your value streams before determining your solution’s architecture

    Business Strategy

    Sets and communicates the direction of the entire organization.

    Value Stream

    Segments, groups, and creates a coherent narrative as to how an organization creates value.

    Business Capability Map

    Decomposes an organization into its component parts to establish a common language across the organization.

    Execution

    Implements the business strategy through capability building or improvement projects.

    Identify your organization’s goals and define the value streams that support them

    Goal

    Revenue Growth

    Value Streams

    Stream 1- Product Purchase
    Stream 2- Customer Acquisition
    stream 3- Product Financing

    There are many techniques that help with constructing value streams and their capabilities.

    Domain-driven design is a technique that can be used for hypothesizing the value maps, their capabilities, and associated solution architecture.

    Read more about domain-driven design here.

    Value streams can be external (deliver value to customers) or internal (support operations)

      External Perspective

    1. Core value streams are mostly externally facing: they deliver value to either an external/internal customer and they tie to the customer perspective of the strategy map.
    • E.g. customer acquisition, product purchase, product delivery

    Internal Perspective

  • Support value streams are internally facing: they provide the foundational support for an organization to operate.
    • E.g. employee recruitment to retirement

    Key Questions to Ask While Evaluating Value Streams

    • Who are your customers?
    • What benefits do we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?
    This image contains an example of value streams. The main headings are: Customer Acquisitions, Product Purchase, Product Delivery, Confirm Order, Product Financing, and Product Release.

    Value streams highlight the what, not the how

    Value chains set a high-level context, but architectural decisions still need to be made to deal with the dynamism of user interaction and their subsequent expectations. User stories (and/or use cases) and themes are great tools for developing such decisions.

    Product Delivery

    1. Order Confirmation
    2. Order Dispatching
    3. Warehouse Management
    4. Fill Order
    5. Ship Order
    6. Deliver Order

    Use Case and User Story Theme: Confirm Order

    This image shows the relationship between confirming the customer's order online, and the Online Buyer, the Online Catalog, the Integrated Payment, and the Inventory Lookup.

    The use case Confirming Customer’s Online Order has four actors:

    1. An Online Buyer who should be provided with a catalog of products to purchase from.
    2. An Online Catalog that is invoked to display its contents on demand.
    3. An Integrated Payment system for accepting an online form of payment (credit card, Bitcoins, etc.) in a secure transaction.
    4. An Inventory Lookup module that confirms there is stock available to satisfy the Online Buyer’s order.

    Info-Tech Insight

    Each use case theme links back to a feature(s) in the product backlog.

    Related Research

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Document Your Business Architecture

    • Recognize the opportunity for architecture work, analyze the current and target states of your business strategy, and identify and engage the right stakeholders.
    • Model the business in the form of architectural blueprints.
    • Apply business architecture techniques such as strategy maps, value streams, and business capability maps to design usable and accurate blueprints of the business.
    • Drive business architecture forward to promote real value to the organization.
    • Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and to prioritize projects.

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example for Phase 1.3

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    Value Stream Component Use Case Required Architectural Attribute
    Loan Application UC1: Submit Loan Application
    UC2: Review Loan Application
    UC3: Approve Loan Application
    UCn: ……..
    UC1: Resilience, Data Reliability
    UC2: Data Reliability
    UC3: Scalability, Security, Performance
    UCn: …..
    Disbursement of Funds UC1: Deposit Funds Into Applicant’s Bank Account
    UCn: ……..
    UC1: Performance, Scalability, Data Reliability
    Risk Management ….. …..
    Service Accounts ….. …..

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Prioritize architectural quality attributes to ensure a right-engineered solution

    Trade-offs are inherent in solution architecture. Scaling systems may impact performance and weaken security, while fault-tolerance and redundancy may improve availability but at higher than desired costs. In the end, the best solution is not always perfect, but balanced and right-engineered (versus over- or under-engineered).

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    1. Map architecture attributes against the value stream components.
    • Use individual use cases to determine which attributes are needed for a value stream component.
    This image contains a screenshot of the table showing the importance of scalability, resiliance, performance, security, and data reliability for loan application, disbursement of funds, risk management, and service accounts.

    In our example, the prioritized list of architectural attributes are:

    • Security (4 votes for Very Important)
    • Data Reliability (2 votes for Very Important)
    • Scalability (1 vote for Very Important and 1 vote for Fairly Important) and finally
    • Resilience (1 vote for Very Important, 0 votes for Fairly Important and 1 vote for Mildly Important)
    • Performance (0 votes for Very Important, 2 votes for Fairly Important)

    1.4 Create a prioritized list of architectural attributes (from 1.3)

    1. Using the tabular structure shown on the previous slide:
    • Map each value stream component against architectural quality attributes.
    • For each mapping, indicate its importance using the green, blue, and yellow color scheme.

    Download the Solution Architecture Template and document the list of architectural attributes by priority.

    Input

    • List of Architectural Attributes From 1.3

    Output

    • Prioritized List of Architectural Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    End of Phase 1

    At the end of this Phase, you should have completed the following activities:

    • Documented a set of dynamic value stream maps along with selected use cases.
    • Using the SRME framework, identified quality attributes for the system under investigation.
    • Prioritized quality attributes for system use cases.

    Phase 2: Multi-Purpose Data and Security Architecture

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Understand the scalability, performance, resilience, and security needs of the business.

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Fragmented data environments need something to sew them together

    • A full 93% of enterprises have a multi-cloud strategy, with 87% having a hybrid-cloud environment in place.
    • On average, companies have data stored in 2.2 public and 2.2 private clouds as well as in various on-premises data repositories.
    This image contains a breakdown of the cloud infrastructure, including single cloud versus multi-cloud.

    Source: Flexera

    In addition, companies are faced with:

    • Access and integration challenges (Who is sending the data? Who is getting it? Can we trust them?)
    • Data format challenges as data may differ for each consumer and sender of data
    • Infrastructure challenges as data repositories/processors are spread out over public and private clouds, are on premises, or in multi-cloud and hybrid ecosystems
    • Structured vs. unstructured data

    A robust and reliable integrated data architecture is essential for any organization that aspires to be relevant and impactful in its industry.

    Data’s context and influence on a solution’s architecture cannot be overestimated

    Data used to be the new oil. Now it’s the life force of any organization that has serious aspirations of providing profit-generating products and services to customers. Architectural decisions about managing data have a significant impact on the sustainability of a software system as well as on quality attributes such as security, scalability, performance, and availability.

    Storage and Processing go hand in hand and are the mainstay of any data architecture. Due to their central position of importance, an architecture decision for storage and processing must be well thought through or they become the bottleneck in an otherwise sound system.

    Ingestion refers to a system’s ability to accept data as an input from heterogenous sources, in different formats, and at different intervals.

    Dissemination is the set of architectural design decisions that make a system’s data accessible to external consumers. Major concerns involve security for the data in motion, authorization, data format, concurrent requests for data, etc.

    Orchestration takes care of ensuring data is current and reliable, especially for systems that are decentralized and distributed.

    Data architecture requires alignment with a hybrid data management plan

    Most companies have a combination of data. They have data they own using on-premises data sources and on the cloud. Hybrid data management also includes external data, such as social network feeds, financial data, and legal information amongst many others.

    Data integration architectures have typically been put in one of two major integration patterns:

    Application to Application Integration (or “speed matters”) Analytical Data Integrations (or “send it to me when its all done”)
    • This domain is concerned with ensuring communication between processes.
    • Examples include patterns such as Service-Oriented Architecture, REST, Event Hubs and Enterprise Service Buses.
    • This domain is focused on integrating data from transactional processes towards enterprise business intelligence. It supports activities that require well-managed data to generate evidence-based insights.
    • Examples of this pattern are ELT, enterprise data warehouses, and data marts.

    Sidebar

    Difference between real-time, batch, and streaming data movements

    Real-Time

    • Reacts to data in seconds or even quicker.
    • Real-time systems are hard to implement.

    Batch

    • Batch processing deals with a large volume of data all at once and data-related jobs are typically completed simultaneously in non-stop, sequential order.
    • Batch processing is an efficient and low-cost means of data processing.
    • Execution of batch processing jobs can be controlled manually, providing further control over how the system treats its data assets.
    • Batch processing is only useful if there are no requirements for data to be fresh and current. Real-time systems are suited to processing data that requires these attributes.

    Streaming

    • Stream processing allows almost instantaneous analysis of data as it streams from one device to another.
    • Since data is analyzed quickly, storage may not be a concern (since only computed data is stored while raw data can be dispersed).
    • Streaming requires the flow of data into the system to equal the flow of data computing, otherwise issues of data storage and performance can rise.

    Modern data ingestion and dissemination frameworks keep core data assets current and accessible

    Data ingestion and dissemination frameworks are critical for keeping enterprise data current and relevant.

    Data ingestion/dissemination frameworks capture/share data from/to multiple data sources.

    Factors to consider when designing a data ingestion/dissemination architecture

    What is the mode for data movement?

    • The mode for data movement is directly influenced by the size of data being moved and the downstream requirements for data currency.
    • Data can move in real-time, as a batch, or as a stream.

    What is the ingestion/dissemination architecture deployment strategy?

    • Outside of critical security concerns, hosting on the cloud vs. on premises leads to a lower total cost of ownership (TCO) and a higher return on investment (ROI).

    How many different and disparate data sources are sending/receiving data?

    • Stability comes if there is a good idea about the data sources/recipient and their requirements.

    What are the different formats flowing through?

    • Is the data in the form of data blocks? Is it structured, semi-unstructured, or unstructured?

    What are expected performance SLAs as data flow rate changes?

    • Data change rate is defined as the size of changes occurring every hour. It helps in selecting the appropriate tool for data movement.
    • Performance is a derivative of latency and throughput, and therefore, data on a cloud is going to have higher latency and lower throughput then if it is kept on premises.
    • What is the transfer data size? Are there any file compression and/or file splits applied on the data? What is the average and maximum size of a block object per ingestion/dissemination operation?

    What are the security requirements for the data being stored?

    • The ingestion/dissemination framework should be able to work through a secure tunnel to collect/share data if needed.

    Sensible storage and processing strategy can improve performance and scalability and be cost-effective

    The range of options for data storage is staggering...

    … but that’s a good thing because the range of data formats that organizations must deal with is also richer than in the past.

    Different strokes for different workloads.

    The data processing tool to use may depend upon the workloads the system has to manage.

    Expanding upon the Risk Management use case (as part of the Loan Provision Capability), one of the outputs for risk assessment is a report that conducts a statistical analysis of customer profiles and separates those that are possibly risky. The data for this report is spread out across different data systems and will need to be collected in a master data management storage location. The business and data architecture team have discussed three critical system needs, noted below:

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    Keep every core data source on the same page through orchestration

    Data orchestration, at its simplest, is the combination of data integration, data processing, and data concurrency management.

    Data pipeline orchestration is a cross-cutting process that manages the dependencies between your data integration tasks and scheduled data jobs.

    A task or application may periodically fail, and therefore, as a part of our data architecture strategy, there must be provisions for scheduling, rescheduling, replaying, monitoring, retrying, and debugging the entire data pipeline in a holistic way.

    Some of the functionality provided by orchestration frameworks are:

    • Job scheduling
    • Job parametrization
    • SLAs tracking, alerting, and notification
    • Dependency management
    • Error management and retries
    • History and audit
    • Data storage for metadata
    • Log aggregation
    Data Orchestration Has Three Stages
    Organize Transform Publicize
    Organizations may have legacy data that needs to be combined with new data. It’s important for the orchestration tool to understand the data it deals with. Transform the data from different sources into one standard type. Make transformed data easily accessible to stakeholders.

    2.1 Discuss and document data architecture decisions

    1. Using the value maps and associated use cases from Phase 1, determine the data system quality attributes.
    2. Use the sample tabular layout on the next slide or develop one of your own.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Value Maps and Use Cases

    Output

    • Initial Set of Data Design Decisions

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Data Architecture

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    There is no free lunch when making the most sensible security architecture decision; tradeoffs are a necessity

    Ensuring that any real system is secure is a complex process involving tradeoffs against other important quality attributes (such as performance and usability). When architecting a system, we must understand:

    • Its security needs.
    • Its security threat landscape.
    • Known mitigations for those threats to ensure that we create a system with sound security fundamentals.

    The first thing to do when determining security architecture is to conduct a threat and risk assessment (TRA).

    This image contains a sample threat and risk assessment. The steps are Understand: Until we thoroughly understand what we are building, we cannot secure it. Structure what you are building, including: System boundary, System structure, Databases, Deployment platform; Analyze: Use techniques like STRIDE and attack trees to analyze what can go wrong and what security problems this will cause; Mitigate: The security technologies to use, to mitigate your concerns, are discussed here. Decisions about using single sign-on (SSO) or role-based access control (RBAC), encryption, digital signatures, or JWT tokens are made. An important part of this step is to consider tradeoffs when implementing security mechanisms; validate: Validation can be done by experimenting with proposed mitigations, peer discussion, or expert interviews.

    Related Research

    Optimize Security Mitigation Effectiveness Using STRIDE

    • Have a clear picture of:
      • Critical data and data flows
      • Organizational threat exposure
      • Security countermeasure deployment and coverage
    • Understand which threats are appropriately mitigated and which are not.
    • Generate a list of initiatives to close security gaps.
    • Create a quantified risk and security model to reassess program and track improvement.
    • Develop measurable information to present to stakeholders.

    The 3A’s of strong security: authentication, authorization, and auditing

    Authentication

    Authentication mechanisms help systems verify that a user is who they claim to be.

    Examples of authentication mechanisms are:

    • Two-Factor Authentication
    • Single Sign-On
    • Multi-Factor Authentication
    • JWT Over OAUTH

    Authorization

    Authorization helps systems limit access to allowed features, once a user has been authenticated.

    Examples of authentication mechanisms are:

    • RBAC
    • Certificate Based
    • Token Based

    Auditing

    Securely recording security events through auditing proves that our security mechanisms are working as intended.

    Auditing is a function where security teams must collaborate with software engineers early and often to ensure the right kind of audit logs are being captured and recorded.

    Info-Tech Insight

    Defects in your application software can compromise privacy and integrity even if cryptographic controls are in place. A security architecture made after thorough TRA does not override security risk introduced due to irresponsible software design.

    Examples of threat and risk assessments using STRIDE and attack trees

    STRIDE is a threat modeling framework and is composed of:

    • Spoofing or impersonation of someone other than oneself
    • Tampering with data and destroying its integrity
    • Repudiation by bypassing system identity controls
    • Information disclosure to unauthorized persons
    • Denial of service that prevents system or parts of it from being used
    • Elevation of privilege so that attackers get rights they should not have
    Example of using STRIDE for a TRA on a solution using a payment system This image contains a sample attack tree.
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds.
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds.
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize.
    Disclosure PayPal Private service database has details leaked and made public.
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times.

    2.2 Document security architecture risks and mitigations

    1. Using STRIDE, attack tree, or any other framework of choice:
    • Conduct a TRA for use cases identified in Phase 1.2
  • For each threat identified through the TRA, think through the implications of using authentication, authorization, and auditing as a security mechanism.
  • Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Dynamic Value Stream Maps

    Output

    • Security Architecture Risks and Mitigations

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Security Team
    • Application Architect
    • Integration Architect

    Examples of threat and risk assessments using STRIDE

    Example of using STRIDE for a TRA on a solution using a payment system
    Threat System Component Description Quality Attribute Impacted Resolution
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds. Confidentiality Authorization
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds. Integrity Authorization
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize. Integrity Authentication and Logging
    Disclosure PayPal Private service database has details leaked and made public. Confidentiality Authorization
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests Availability N/A
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times. Confidentiality, Integrity, and Availability Authorization

    Phase 3: Upgrade Your System’s Availability

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Examine architecture for scalable and performant system designs
    • Integrate all design decisions made so far into a solution design decision log

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    In a cloud-inspired system architecture, scalability takes center stage as an architectural concern

    Scale and scope of workloads are more important now than they were, perhaps, a decade and half back. Architects realize that scalability is not an afterthought. Not dealing with it at the outset can have serious consequences should an application workload suddenly exceed expectations.

    Scalability is …

    … the ability of a system to handle varying workloads by either increasing or decreasing the computing resources of the system.

    An increased workload could include:

    • Higher transaction volumes
    • A greater number of users

    Architecting for scalability is …

    … not easy since organizations may not be able to accurately judge, outside of known circumstances, when and why workloads may unexpectedly increase.

    A scalable architecture should be planned at the:

    • Application Level
    • Infrastructure Level
    • Database Level

    The right amount and kind of scalability is …

    … balancing the demands of the system with the supply of attributes.

    If demand from system > supply from system:

    • Services and products are not useable and deny value to customers.

    If supply from system > demand from system:

    • Excess resources have been paid for that are not being used.

    When discussing the scalability needs of a system, investigate the following, at a minimum:

    • In case workloads increase due to higher transaction volumes, will the system be able to cope with the additional stress?
    • In situations where workloads increase, will the system be able to support the additional stress without any major modifications being made to the system?
    • Is the cost associated with handling the increased workloads reasonable for the benefit it provides to the business?
    • Assuming the system doesn’t scale, is there any mechanism for graceful degradation?

    Use evidence-based decision making to ensure a cost-effective yet appropriate scaling strategy

    The best input for an effective scaling strategy is previously gathered traffic data mapped to specific circumstances.

    In some cases, either due to lack of monitoring or the business not being sure of its needs, scalability requirements are hard to determine. In such cases, use stated tactical business objectives to design for scalability. For example, the business might state its desire to achieve a target revenue goal. To accommodate this, a certain number of transactions would need to be conducted, assuming a particular conversion rate.

    Scaling strategies can be based on Vertical or Horizontal expansion of resources.
    Pros Cons
    Vertical
    Scale up through use of more powerful but limited number of resources
    • May not require frequent upgrades.
    • Since data is managed through a limited number of resources, it is easier to share and keep current.
    • Costly upfront.
    • Application, database, and infrastructure may not be able to make optimal use of extra processing power.
    • As the new, more powerful resource is provisioned, systems may experience downtime.
    • Lacks redundancy due to limited points of failure.
    • Performance is constrained by the upper limits of the infrastructure involved.
    Horizontal
    Scale out through use of similarly powered but larger quantity of resources
    • Cost-effective upfront.
    • System downtime is minimal, when scaling is being performed.
    • More redundance and fault-tolerance is possible since there are many nodes involved, and therefore, can replace failed nodes.
    • Performance can scale out as more nodes are added.
    • Upgrades may occur more often than in vertical scaling.
    • Increases machine footprints and administrative costs over time.
    • Data may be partitioned on multiple nodes, leading to administrative and data currency challenges.

    Info-Tech Insight

    • Scalability is the one attribute that sparks a lot of trade-off discussions. Scalable solutions may have to compromise on performance, cost, and data reliability.
    • Horizontal scalability is mostly always preferable over vertical scalability.

    Sidebar

    The many flavors of horizontal scaling

    Traffic Shard-ing

    Through this mechanism, incoming traffic is partitioned around a characteristic of the workload flowing in. Examples of partitioning characteristics are user groups, geo-location, and transaction type.

    Beware of:

    • Lack of data currency across shards.

    Copy and Paste

    As the name suggests, clone the compute resources along with the underlying databases. The systems will use a load balancer as the first point of contact between itself and the workload flowing in.

    Beware of:

    • Though this is a highly scalable model, it does introduce risks related to data currency across all databases.
    • In case master database writes are frequent, it could become a bottleneck for the entire system.

    Productization Through Containers

    This involves breaking up the system into specific functions and services and bundling their business rules/databases into deployable containers.

    Beware of:

    • Too many containers introduce the need to orchestrate the distributed architecture that results from a service-oriented approach.

    Start a scalability overview with a look at the database(s)

    To know where to go, you must know where you are. Before introducing architectural changes to database designs, use the right metrics to get an insight into the root cause of the problem(s).

    In a nutshell, the purpose of scaling solutions is to have the technology stack do less work for the most requested services/features or be able to effectively distribute the additional workload across multiple resources.

    For databases, to ensure this happens, consider these techniques:

    • Reuse data through caching on the server and/or the client. This eliminates the need for looking up already accessed data. Examples of caching are:
      • In-memory caching of data
      • Caching database queries
    • Implement good data retrieval techniques like indexes.
    • Divide labor at the database level.
      • Through setting up primary-secondary distribution of data. In such a setup, the primary node is involved in writing data to itself and passes on requests to secondary nodes for fulfillment.
      • Through setting up database shards (either horizontally or vertically).
        • In a horizontal shard, a data table is broken into smaller pieces with the same data model but unique data in it. The sum total of the shared databases contains all the data in the primary data table.
        • In a vertical shard, a data table is broken into smaller pieces, but each piece may have a subset of the data columns. The data’s corresponding columns are put into the table where the column resides.

    Info-Tech Insight

    A non-scalable architecture has more than just technology-related ramifications. Hoping that load balancers or cloud services will manage scalability-related issues is bound to have economic impacts as well.

    Sidebar

    Caching Options

    CSA PRINCIPLE 5 applies to any decision that supports system scalability.
    “X-ilities Over Features”

    Database Caching
    Fetches and stores result of database queries in memory. Subsequent requests to the database for the same queries will investigate the cache before making a connection with the database.
    Tools like Memcached or Redis are used for database caching.

    Precompute Database Caching
    Unlike database caching, this style of caching precomputes results of queries that are popular and frequently used. For example, a database trigger could execute several predetermined queries and have them ready for consumption. The precomputed results may be stored in a database cache.

    Application Object Caching
    Stores computed results in a cache for later retrieval. For data sources, which are not changing frequently and are part of a computation output, application caching will remove the need to connect with a database.

    Proxy Caching
    Caches retrieved web pages on a proxy server and makes them available for the next time the page is requested.

    The intra- and inter-process communication of the systems middle tier can become a bottleneck

    To synchronize or not to synchronize?

    A synchronous request (doing one thing at a time) means that code execution will wait for the request to be responded to before continuing.

    • A synchronous request is a blocking event and until it is completed, all following requests will have to wait for getting their responses.
    • An increasing workload on a synchronous system may impact performance.
    • Synchronous interactions are less costly in terms of design, implementation, and maintenance.
    • Scaling options include:
    1. Vertical scale up
    2. Horizontal scale out of application servers behind a load balancer and a caching technique (to minimize data retrieval roundtrips)
    3. Horizonal scale out of database servers with data partitioning and/or data caching technique

    Use synchronous requests when…

    • Each request to a system sets the necessary precondition for a following request.
    • Data reliability is important, especially in real-time systems.
    • System flows are simple.
    • Tasks that are typically time consuming, such as I/O, data access, pre-loading of assets, are completed quickly.

    Asynchronous requests (doing many things at the same time) do not block the system they are targeting.

    • It is a “fire and forget” mechanism.
    • Execution on a server/processor is triggered by the request, however, additional technical components (callbacks) for checking the state of the execution must be designed and implemented.
    • Asynchronous interactions require additional time to be spent on implementation and testing.
    • With asynchronous interactions, there is no guarantee the request initiated any processing until the callbacks check the status of the executed thread.

    Use asynchronous requests when…

    • Tasks are independent in nature and don’t require inter-task communication.
    • Systems flows need to be efficient.
    • The system is using event-driven techniques for processing.
    • Many I/O tasks are involved.
    • The tasks are long running.

    Sidebar

    Other architectural tactics for inter-process communication

    STATELESS SERVICES VERSUS STATEFUL SERVICES
    • Does not require any additional data, apart from the bits sent through with the request.
    • Without implementing a caching solution, it is impossible to access the previous data trail for a transaction session.
    • In addition to the data sent through with the request, require previous data sent to complete processing.
    • Requires server memory to store the additional state data. With increasing workloads, this could start impacting the server’s performance.
    It is generally accepted that stateless services are better for system scalability, especially if vertical scaling is costly and there is expectation that workloads will increase.
    MICROSERVICES VERSUS SERVERLESS FUNCTIONS
    • Services are designed as small units of code with a single responsibility and are available on demand.
    • A microservices architecture is easily scaled horizontally by adding a load balancer and a caching mechanism.
    • Like microservices, these are small pieces of code designed to fulfill a single purpose.
    • Are provided only through cloud vendors, and therefore, there is no need to worry about provisioning of infrastructure as needs increase.
    • Stateless by design but the life cycle of a serverless function is vendor controlled.
    Serverless function is an evolving technology and tightly controlled by the vendor. As and when vendors make changes to their serverless products, your own systems may need to be modified to make the best use of these upgrades.

    A team that does not measure their system’s scalability is a team bound to get a 5xx HTTP response code

    A critical aspect of any system is its ability to monitor and report on its operational outcomes.

    • Using the principle of continuous testing, every time an architectural change is introduced, a thorough load and stress testing cycle should be executed.
    • Effective logging and use of insightful metrics helps system design teams make data-driven decisions.
    • Using principle of site reliability engineering and predictive analytics, teams can be prepared for any unplanned exaggerated stimulus on the system and proactively set up remedial steps.

    Any system, however well architected, will break one day. Strategically place kill-switches to counter any failures and thoroughly test their functioning before releasing to production.

    • Using Principles 2 and 9 of the CSA, (include kill-switches and architect for x-ilities over features), introduce tactics at the code and higher levels that can be used to put a system in its previous best state in case of failure.
    • Examples of such tactics are:
      • Feature flags for turning on/off code modules that impact x-ilities.
      • Implement design patterns like throttling, autoscaling, and circuit breaking.
      • Writing extensive log messages that bubble up as exceptions/error handling from the code base. *Logging can be a performance drag. Use with caution as even logging code is still code that needs CPU and data storage.

    Performance is a system’s ability to satisfy time-bound expectations

    Performance can also be defined as the ability for a system to achieve its timing requirements, using available resources, under expected full-peak load:

    (International Organization for Standardization, 2011)

    • Performance and scalability are two peas in a pod. They are related to each other but are distinct attributes. Where scalability refers to the ability of a system to initiate multiple simultaneous processes, performance is the system’s ability to complete the processes within a mandated average time period.
    • Degrading performance is one of the first red flags about a system’s ability to scale up to workload demands.
    • Mitigation tactics for performance are very similar to the tactics for scalability.

    System performance needs to be monitored and measured consistently.

    Measurement Category 1: System performance in terms of end-user experience during different load scenarios.

    • Response time/latency: Length of time it takes for an interaction with the system to complete.
    • Turnaround time: Time taken to complete a batch of tasks.
    • Throughput: Amount of workload a system is capable of handling in a unit time period.

    Measurement Category 2: System performance in terms of load managed by computational resources.

    • Resource utilization: The average usage of a resource (like CPU) over a period. Peaks and troughs indicate excess vs. normal load times.
    • Number of concurrent connections: Simultaneous user requests that a resource like a server can successfully deal with at once.
    • Queue time: The turnaround time for a specific interaction or category of interactions to complete.

    Architectural tactics for performance management are the same as those used for system scalability

    Application Layer

    • Using a balanced approach that combines CSA Principle 7 (Good architecture comes in small packages) and Principle 10 (Architect for products, not projects), a microservices architecture based on domain-driven design helps process performance. Microservices use lightweight HTTP protocols and have loose coupling, adding a degree of resilience to the system as well. *An overly-engineered microservices architecture can become an orchestration challenge.
    • The code design must follow standards that support performance. Example of standards is SOLID*.
    • Serverless architectures can run application code from anywhere – for example, from edge servers close to an end user – thereby reducing latency.

    Database Layer

    • Using the right database technologies for persistence. Relational databases have implicit performance bottlenecks (which get exaggerated as data size grows along with indexes), and document store database technologies (key-value or wide-column) can improve performance in high-read environments.
    • Data sources, especially those that are frequently accessed, should ideally be located close to the application servers. Hybrid infrastructures (cloud and on premises mixed) can lead to latency when a cloud-application is accessing on-premises data.
    • Using a data partitioning strategy, especially in a domain-driven design architecture, can improve the performance of a system.

    Performance modeling and continuous testing makes the SRE a happy engineer

    Performance modeling and testing helps architecture teams predict performance risks as the solution is being developed.
    (CSA Principle 12: Test the solution architecture like you test your solution’s features)

    Create a model for your system’s hypothetical performance testing by breaking an end-to-end process or use case into its components. *Use the SIPOC framework for decomposition.

    This image contains an example of modeled performance, showing the latency in the data flowing from different data sources to the processing of the data.

    In the hypothetical example of modeled performance above:

    • The longest period of latency is 15ms.
    • The processing of data takes 30ms, while the baseline was established at 25ms.
    • Average latency in sending back user responses is 21ms – 13ms slower than expected.

    The model helps architects:

    • Get evidence for their assumptions
    • Quantitatively isolate bottlenecks at a granular level

    Model the performance flow once but test it periodically

    Performance testing measures the performance of a software system under normal and abnormal loads.

    Performance testing process should be fully integrated with software development activities and as automated as possible. In a fast-moving Agile environment, teams should attempt to:

    • Shift-left performance testing activities.
    • Use performance testing to pinpoint performance bottlenecks.
    • Take corrective action, as quickly as possible.

    Performance testing techniques

    • Normal load testing: Verifies the system’s behavior under the expected normal load to ensure that its performance requirements are met. Load testing can be used to measure response time, responsiveness, turnaround time, and throughput.
    • Expected maximum load testing: Like the normal load testing process, ensures system meets its performance requirements under expected maximum load.
    • Stress testing: Evaluates system behavior when processing loads beyond the expected maximum.

    *In a real production scenario, a combination of these tests are executed on a regular basis to monitor the performance of the system over a given period.

    3.1-3.2 Discuss and document initial decisions made for architecture scalability and performance

    1. Use the outcomes from either or both Phases 1.3 and 1.4.
    • For each value stream component, list the architecture decisions taken to ensure scalability and performance at client-facing and/or business-rule layers.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4

    Output

    • Initial Set of Design Decisions Made for System Scalability and Performance

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Architecture decisions for scalability and performance

    Value Stream Component Design Decision for User Interface Layer Design Decisions for Middle Processing Layer
    Loan Application Scalability: N/A
    Resilience: Include circuit breaker design in both mobile app and responsive websites.
    Performance: Cache data client.
    Scalability: Scale vertically (up) since loan application processing is very compute intensive.
    Resilience: Set up fail-over replica.
    Performance: Keep servers in the same geo-area.
    Disbursement of Funds *Does not have a user interface Scalability: Scale horizontal when traffic reaches X requests/second.
    Resilience: Create microservices using domain-driven design; include circuit breakers.
    Performance: Set up application cache; synchronous communication since order of data input is important.
    …. …. ….

    3.3 Combine the different architecture design decisions into a unified solution architecture

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4
    • Output From Phase 2.1
    • Output From Phase 2.2
    • Output From 3.1 and 3.2

    Output

    • List of Design Decisions for the Solution

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Putting it all together is the bow that finally ties this gift

    This blueprint covered the domains tagged with the yellow star.

    This image contains a screenshot of the solution architecture framework found earlier in this blueprint, with stars next to Data Architecture, Security, Performance, and Stability.

    TRADEOFF ALERT

    The right design decision is never the same for all perspectives. Along with varying opinions, comes the “at odds with each other set” of needs (scalability vs. performance, or access vs. security).

    An evidence-based decision-making approach using a domain-driven design strategy is a good mix of techniques for creating the best (right?) solution architecture.

    This image contains a screenshot of a table that summarizes the themes discussed in this blueprint.

    Summary of accomplishment

    • Gained understanding and clarification of the stakeholder objectives placed on your application architecture.
    • Completed detailed use cases and persona-driven scenario analysis and their architectural needs through SRME.
    • Created a set of design decisions for data, security, scalability, and performance.
    • Merged the different architecture domains dealt with in this blueprint to create a holistic view.

    Bibliography

    Ambysoft Inc. “UML 2 Sequence Diagrams: An Agile Introduction.” Agile Modeling, n.d. Web.

    Bass, Len, Paul Clements, and Rick Kazman. Software Architecture in Practices: Third Edition. Pearson Education, Inc. 2003.

    Eeles, Peter. “The benefits of software architecting.” IBM: developerWorks, 15 May 2006. Web.

    Flexera 2020 State of the Cloud Report. Flexera, 2020. Web. 19 October 2021.

    Furdik, Karol, Gabriel Lukac, Tomas Sabol, and Peter Kostelnik. “The Network Architecture Designed for an Adaptable IoT-based Smart Office Solution.” International Journal of Computer Networks and Communications Security, November 2013. Web.

    Ganzinger, Matthias, and Petra Knaup. “Requirements for data integration platforms in biomedical research networks: a reference model.” PeerJ, 5 February 2015. (https://peerj.com/articles/755/).

    Garlan, David, and Mary Shaw. An Introduction to Software Architecture. CMU-CS-94-166, School of Computer Science Carnegie Mellon University, January 1994.

    Gupta, Arun. “Microservice Design Patterns.” Java Code Geeks, 14 April 2015. Web.

    How, Matt. The Modern Data Warehouse in Azure. O’Reilly, 2020.

    ISO/IEC 17788:2014: Information technology – Cloud computing, International Organization for Standardization, October 2014. Web.

    ISO/IEC 18384-1:2016: Information technology – Reference Architecture for Service Oriented Architecture (SOA RA), International Organization for Standardization, June 2016. Web.

    ISO/IEC 25010:2011(en) Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models. International Organization for Standardization, March 2011. Web.

    Kazman, R., M. Klein, and P. Clements. ATAM: Method for Architecture Evaluation. S Carnegie Mellon University, August 2000. Web.

    Microsoft Developer Network. “Chapter 16: Quality Attributes.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 2: Key Principles of Software Architecture.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 3: Architectural Patterns and Styles.” Microsoft Application Architecture Guide. 2nd Ed., 14 January 2010. Web.

    Microsoft Developer Network. “Chapter 5: Layered Application Guidelines.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Mirakhorli, Mehdi. “Common Architecture Weakness Enumeration (CAWE).” IEEE Software, 2016. Web.

    Moore, G. A. Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers (Collins Business Essentials) (3rd ed.). Harper Business, 2014.

    OASIS. “Oasis SOA Reference Model (SOA RM) TC.” OASIS Open, n.d. Web.

    Soni, Mukesh. “Defect Prevention: Reducing Costs and Enhancing Quality.” iSixSigma, n.d. Web.

    The Open Group. TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views. TOGAF, 2006. Web.

    The Open Group. Welcome to the TOGAF® Standard, Version 9.2, a standard of The Open Group. TOGAF, 2018. Web.

    Watts, S. “The importance of solid design principles.” BMC Blogs, 15 June 2020. 19 October 2021.

    Young, Charles. “Hexagonal Architecture–The Great Reconciler?” Geeks with Blogs, 20 Dec 2014. Web.

    APPENDIX A

    Techniques to enhance application architecture.

    Consider the numerous solutions to address architecture issues or how they will impact your application architecture

    Many solutions exist for improving the layers of the application stack that may address architecture issues or impact your current architecture. Solutions range from capability changes to full stack replacement.

    Method Description Potential Benefits Risks Related Blueprints
    Business Capabilities:
    Enablement and enhancement
    • Introduce new business capabilities by leveraging unused application functionalities or consolidate redundant business capabilities.
    • Increase value delivery to stakeholders.
    • Lower IT costs through elimination of applications.
    • Increased use of an application could overload current infrastructure.
    • IT cannot authorize business capability changes.
    Use Info-Tech’s Document Your Business Architecture blueprint to gain better understanding of business and IT alignment.
    Removal
    • Remove existing business capabilities that don’t contribute value to the business.
    • Lower operational costs through elimination of unused and irrelevant capabilities.
    • Business capabilities may be seen as relevant or critical by different stakeholder groups.
    • IT cannot authorize business capability changes.
    Use Info-Tech’s Build an Application Rationalization Framework to rationalize your application portfolio.
    Business Process:
    Process integration and consolidation
    • Combine multiple business processes into a single process.
    • Improved utilization of applications in each step of the process.
    • Reduce business costs through efficient business processes.
    • Minimize number of applications required to execute a single process.
    • Significant business disruption if an application goes down and is the primary support for business processes.
    • Organizational pushback if process integration involves multiple business groups.
    Business Process (continued):
    Process automation
    • Automate manual business processing tasks.
    • Reduce manual processing errors.
    • Improve speed of delivery.
    • Significant costs to implement automation.
    • Automation payoffs are not immediate.
    Lean business processes
    • Eliminate redundant steps.
    • Streamline existing processes by focusing on value-driven steps.
    • Improve efficiency of business process through removal of wasteful steps.
    • Increase value delivered at the end of the process.
    • Stakeholder pushback from consistently changing processes.
    • Investment from business is required to fit documentation to the process.
    Outsource the process
    • Outsource a portion of or the entire business process to a third party.
    • Leverage unavailable resources and skills to execute the business process.
    • Loss of control over process.
    • Can be costly to bring the process back into the business if desired in the future.
    Business Process (continued):
    Standardization
    • Implement standards for business processes to improve uniformity and reusability.
    • Consistently apply the same process across multiple business units.
    • Transparency of what is expected from the process.
    • Improve predictability of process execution.
    • Process bottlenecks may occur if a single group is required to sign off on deliverables.
    • Lack of enforcement and maintenance of standards can lead to chaos if left unchecked.
    User Interface:
    Improve user experience (UX)
    • Eliminate end-user emotional, mechanical, and functional friction by improving the experience of using the application.
    • UX encompasses both the interface and the user’s behavior.
    • Increase satisfaction and adoption rate from end users.
    • Increase brand awareness and user retention.
    • UX optimizations are only focused on a few user personas.
    • Current development processes do not accommodate UX assessments
    Code:
    Update coding language
    Translate legacy code into modern coding language.
    • Coding errors in modern languages can have lesser impact on the business processes they support.
    • Modern languages tend to have larger pools of coders to hire.
    • Increase availability of tools to support modern languages.
    • Coding language changes can create incompatibilities with existing infrastructure.
    • Existing coding translation tools do not offer 100% guarantee of legacy function retention.
    Code (continued):
    Open source code
    • Download pre-built code freely available in open source communities.
    • Code is rapidly evolving in the community to meet current business needs.
    • Avoid vendor lock-in from proprietary software
    • Community rules may require divulgence of work done with open source code.
    • Support is primarily provided through community, which may not address specific concerns.
    Update the development toolchain
    • Acquire new or optimize development tools with increased testing, build, and deployment capabilities.
    • Increase developer productivity.
    • Increase speed of delivery and test coverage with automation.
    • Drastic IT overhauls required to implement new tools such as code conversion, data migration, and development process revisions.
    Update source code management
    • Optimize source code management to improve coding governance, versioning, and development collaboration.
    • Ability to easily roll back to previous build versions and promote code to other environments.
    • Enable multi-user development capabilities.
    • Improve conflict management.
    • Some source code management tools cannot support legacy code.
    • Source code management tools may be incompatible with existing development toolchain.
    Data:
    Outsource extraction
    • Outsource your data analysis and extraction to a third party.
    • Lower costs to extract and mine data.
    • Leverage unavailable resources and skills to translate mined data to a usable form.
    • Data security risks associated with off-location storage.
    • Data access and control risks associated with a third party.
    Update data structure
    • Update your data elements, types (e.g. transactional, big data), and formats (e.g. table columns).
    • Standardize on a common data definition throughout the entire organization.
    • Ease data cleansing, mining, analysis, extraction, and management activities.
    • New data structures may be incompatible with other applications.
    • Implementing data management improvements may be costly and difficult to acquire stakeholder buy-in.
    Update data mining and data warehousing tools
    • Optimize how data is extracted and stored.
    • Increase the speed and reliability of the data mined.
    • Perform complex analysis with modern data mining and data warehousing tools.
    • Data warehouses are regularly updated with the latest data.
    • Updating data mining and warehousing tools may create incompatibilities with existing infrastructure and data sets.
    Integration:
    Move from point-to-point to enterprise service bus (ESB)
    • Change your application integration approach from point-to-point to an ESB.
    • Increase the scalability of enterprise services by exposing applications to a centralized middleware.
    • Reduce the number of integration tests to complete with an ESB.
    • Single point of failure can cripple the entire system.
    • Security threats arising from centralized communication node.
    Leverage API integration
    • Leverage application programming interfaces (APIs) to integrate applications.
    • Quicker and more frequent transfers of lightweight data compared to extract, load, transfer (ETL) practices.
    • Increase integration opportunities with other modern applications and infrastructure (including mobile devices).
    • APIs are not as efficient as ETL when handling large data sets.
    • Changing APIs can break compatibility between applications if not versioned properly.

    Select and Implement a Web Experience Management Solution

    • Buy Link or Shortcode: {j2store}556|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • A company’s web presence is its front face to the world. Ensuring you have the right suite of tools for web content management, experience design, and web analytics is critical to putting your best foot forward: failing to do so will result in customer attrition and lost revenue.
    • Web Experience Management (WEM) suites are a rapidly maturing and dynamic market, with a landscape full of vendors with cutting edge solutions and diverse offerings. As a result, finding a solution that is the best fit for your organization can be a complex process.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization are required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • Phase your WEM implementation: Start with core capabilities such as content management, then add additional capabilities for site analytics and dynamic experience.

    Impact and Result

    • Align marketing needs with identified functional requirements.
    • Implement a best-fit WEM that increases customer acquisition and retention, and provides in-depth capabilities for site analysis.
    • Optimize procurement and operations costs for the WEM platform.

    Select and Implement a Web Experience Management Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should select and implement a WEM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the WEM project and collect requirements

    Conduct a market overview, structure the project, and gather requirements.

    • Select and Implement a Web Experience Management Solution – Phase 1: Launch the WEM Project and Collect Requirements
    • WEM Project Charter Template
    • WEM Use-Case Fit Assessment Tool

    2. Select a WEM solution

    Analyze and shortlist vendors in the space and select a WEM solution.

    • Select and Implement a Web Experience Management Solution – Phase 2: Select a WEM Solution
    • WEM Vendor Shortlist & Detailed Feature Analysis Tool
    • WEM Vendor Demo Script Template
    • WEM RFP Template

    3. Plan the WEM implementation

    Plan the implementation and evaluate project metrics.

    • Select and Implement a Web Experience Management Solution – Phase 3: Plan the WEM Implementation
    • WEM Work Breakdown Structure Template
    [infographic]

    Workshop: Select and Implement a Web Experience Management Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch of the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements.

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution.

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Cyber Resilience Report 2018

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    "The cyber threat landscape today is highly complex and rapidly changing. Cyber security incidents can have several impacts on organizations and society, both on a physical and non-physical level. Through the use of a computer, criminals can indeed cause IT outages, supply chain disruptions and other physical security incidents"

    -- excerpt from the foreword of the BCI Cyber resilience report 2018 by David Thorp, Executive Director, BCI

    There are a number of things you can do to protect yourself. And they range, as usual, from the fairly simple to the more elaborate and esoteric. Most companies can, with some common sense, if not close the door on most of these issues, at least prepare themselves to limit the consequences.

    Register to read more …

    Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

    • Buy Link or Shortcode: {j2store}378|cart{/j2store}
    • member rating overall impact: 7.3/10 Overall Impact
    • member rating average dollars saved: $10,756 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The demand for qualified cybersecurity professionals far exceeds supply. As a result, organizations are struggling to protect their data against the evolving threat landscape.
    • It is a constant challenge to know what skills will be needed in the future, and when and how to acquire them.

    Our Advice

    Critical Insight

    • Plan for the inevitable. All industries are expected to be affected by the talent gap in the coming years. Plan ahead to address your organization’s future needs.
    • Base skills acquisition decisions on the five key factors to define skill needs. Create an impact scale for the five key factors (data criticality, durability, availability, urgency, and frequency) that reflects your organizational strategy, initiatives, and pressures.
    • A skills gap will always exist to some degree. The threat landscape is constantly changing, and your workforce’s skill sets must evolve as well.

    Impact and Result

    • Organizations must align their security initiatives to talent requirements such that business objectives are achieved and the business is cyber ready.
    • Identify if there are skill gaps in your current workforce.
    • Decide how you’ll acquire needed skills based on characteristics of need for each skill.

    Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a technical skills acquisition strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify skill needs for target state

    Identify what skills will be needed in your future state.

    • Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan – Phase 1: Identity Skill Needs for Target State
    • Security Initiative Skills Guide
    • Skills Gap Prioritization Tool

    2. Identify technical skill gaps

    Align role requirements with future initiative skill needs.

    • Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan – Phase 2: Identify Technical Skill Gaps
    • Current Workforce Skills Assessment
    • Technical Skills Workbook
    • Information Security Compliance Manager
    • IT Security Analyst
    • Chief Information Security Officer
    • Security Administrator
    • Security Architect

    3. Develop a sourcing plan for future work roles

    Acquire skills based on the impact of the five key factors.

    • Close the InfoSec Skills Gap: Develop a Skills Sourcing Plan for Future Work Roles – Phase 3: Develop a Sourcing Plan for Future Work Roles
    [infographic]

    Workshop: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Skill Needs for Target State

    The Purpose

    Determine the skills needed in your workforce and align them to your organization’s security roadmap.

    Key Benefits Achieved

    Insight on what skills your organization will need in the future.

    Activities

    1.1 Understand the importance of aligning security initiatives skill needs with workforce requirements.

    1.2 Identify needed skills for future initiatives.

    1.3 Prioritize the initiative skill gaps.

    Outputs

    Security Initiative Skills Guide

    Skills Gap Prioritization Tool

    2 Define Technical Skill Requirements

    The Purpose

    Identify and create technical skill requirements for key work roles that are needed to successfully execute future initiatives.

    Key Benefits Achieved

    Increased understanding of the NICE Cybersecurity Workforce Framework.

    Standardization of technical skill requirements of current and future work roles.

    Activities

    2.1 Assign work roles to the needs of your future environment.

    2.2 Discuss the NICE Cybersecurity Workforce Framework.

    2.3 Develop technical skill requirements for current and future work roles.

    Outputs

    Skills Gap Prioritization Tool

    Technical Skills Workbook

    Current Workforce Skills Assessment

    3 Acquire Technical Skills

    The Purpose

    Assess your current workforce against their role’s skill requirements.

    Discuss five key factors that aid acquiring skills.

    Key Benefits Achieved

    A method to acquire skills in future roles.

    Activities

    3.1 Continue developing technical skill requirements for current and future work roles.

    3.2 Conduct Current Workforce Skills Assessment.

    3.3 Discuss methods of acquiring skills.

    3.4 Develop a plan to acquire skills.

    Outputs

    Technical Skills Workbook

    Current Workforce Skills Assessment

    Current Workforce Skills Assessment

    Technical Skills Workbook

    Current Workforce Skills Assessment

    Technical Skills Workbook

    Current Workforce Skills Assessment

    4 Plan to Execute Action Plan

    The Purpose

    Assist with communicating the state of the skill gap in your organization.

    Key Benefits Achieved

    Strategy on how to acquire skills needs of the organization.

    Activities

    4.1 Review skills acquisition plan.

    4.2 Discuss training and certification opportunities for staff.

    4.3 Discuss next steps for closing the skills gap.

    4.4 Debrief.

    Outputs

    Technical Skills Workbook

    Transform Your Field Technical Support Services

    • Buy Link or Shortcode: {j2store}112|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    Our Advice

    Critical Insight

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Impact and Result

    • Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model.
    • Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team.
    • With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    Transform Your Field Technical Support Services Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transform Field Services Guide – A brief deck that outlines key migration steps to improve our remote client support services.

    This blueprint will help you:

    • Transform Your Field Technical Services Storyboard

    2. Transform Field Services Template – A template to create a transformation proposal.

    This template will help you to build your proposal to transform your field services.

    • Proposal to Transform Field Technical Services Template
    [infographic]

    Further reading

    Transform Your Field Technical Support Services

    Improve service and reduce costs through digital transformation.

    Analyst Perspective

    Improve staffing challenges through digital transformation.

    Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model. Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team. With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    The image contains a picture of Sandi Conrad.

    Sandi Conrad

    Principal Research Director

    Infrastructure & Operations Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    With remote work becoming a normal employee offering for many organizations, self-serve/self-solve becoming more prominent, and a common call out to improve customer service, there is a need to re-examine the way many organizations are supplying onsite support. For organizations with a small number of offices, a central desk with remote tools may be enough or can be combined with a concierge service or technical center, but for organizations with multiple offices it becomes difficult to provide a consistent level of service for all customers unless there is a team onsite for each location. This may not be financially possible if there isn’t enough work to keep a technical team busy full-time.

    Common Obstacles

    Where people have a choice between calling a central phone number or talking to the technician down the hall, the in-person experience often wins out. End users may resist changes to in-person support as work is rerouted to a centralized group by choosing to wait for their favorite technician to show up onsite rather than reporting issues centrally. This can make the job of the onsite technician more challenging as they need to schedule time in every visit for unplanned work. And where technicians need to support multiple locations, travel needs to be calculated into lost technician time and costs.

    Info-Tech’s Approach

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service-level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Info-Tech Insight

    Improving process will be helpful for smaller teams, but as teams expand or work gets more complicated, investment in appropriate tools to support field services technicians will enable them to be more efficient, reduce costs, and improve outcomes when visits are warranted.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    With many companies having new work arrangements for users, where remote work may be a permanent offering or if your digital transformation is well underway, this provides an opportunity to rethink how field support needs to be done.

    What is field services?

    Field services is in-person support delivered onsite at one or more locations. Management of field service technicians may include queue management, scheduling service and maintenance requests, triaging incidents, dispatching technicians, ordering parts, tracking job status, and billing.

    The image contains a diagram to demonstrate what may be supported by field services and what should be supported by field services.

    What challenges are you trying to solve within your field services offering?

    Focus on the reasons for the change to ensure the outcome can be met. Common goals include improved customer service, better technician utilization, and increased response time and stability.

    • Discuss specific challenges the team feels are contributing to less-than-ideal customer service.
    • Does the team have the skills, knowledge, and tools they need to be successful? Technicians may be solving issues with the customer looking over their shoulder. Having quick access to knowledge articles or to subject matter experts who can provide deeper expertise remotely may be the difference between a single visit to resolve or multiple or extended visits.
    • What percentage of tickets would benefit from triage and troubleshooting done remotely before sending a technician onsite? Where there are a high number of no-fault-found visits, this may be imperative to improving technician availability.
    • Review method for distribution of tickets, including batching criteria and dispatching of technicians. Are tickets being dispatched efficiently? By location and/or priority? Is there an attempt to solve more tickets centrally? Should there be? What SLA adjustment is reasonable for onsite visits?
    • Has the support value been defined?
    The image contains a graph to demonstrate Case Casuals in Field Services, where the highest at 55% is break/fix.

    Field services will see the biggest improvements through technology updates

    Customer Intake

    Provide tools for scheduling technicians, self-serve and self- or assisted-solve through ITSM or CRM-based portal and visual remote tools.

    The image contains a picture to demonstrate the different field services.

    Triage and Troubleshoot

    Upgrade remote tools to visual remote solutions to troubleshoot equipment as well as software. Eliminate no-fault-found visits and improve first-time fix rate by visually inspecting equipment before technician deployments.

    Improve Communications

    FSM GPS and SMS updates can be set to notify customers when a technician is close by and can be used for customer sign-off to immediately update service records and launch survey or customer billing where applicable.

    Schedule Technicians

    Field service management (FSM) ITSM modules will allow skills-based scheduling for remote technicians and determine best route for multi-site visits.

    Enable Work From Anywhere

    FSM mobile applications can provide technicians with daily schedules, turn-by-turn directions, access to inventory, knowledge articles, maintenance, and warranty and asset records. Visual remote captures service records and enables access to SMEs.

    Manage Expectations

    Know where technicians are for routing to emergency calls and managing workload using field service management solutions with GPS.

    Digital transformation can dramatically improve customer and technician experience

    The image contains an arrown that dips and rises dramatically to demonstrate how digital transformation can dramatically increase customer and technician experience.
    Sources: 1 - TechSee, 2019; 2 - Glartek; 3 - Geoforce; 4 - TechSee, 2020

    Improve technician utilization and scheduling with field services management software

    Field services management (FSM) software is designed to improve scheduling of technicians by skills and location while reducing travel time and mileage. When integrated with ITSM software, the service record is transferred to the field technician for continuity and to prepare for the job. FSM mobile apps will enable technicians to receive schedule updates through the day and through GPS update the dispatcher as technicians move from site to site.

    FSM solutions are designed to manage large teams of technicians, providing automated dispatch recommendations based on skills matching and proximity.

    Routes can be mapped to reduce travel time and mileage and adjusted to respond to emergency requests by technician skills or proximity. Automation will provide suggestions for work allocation.

    Spare parts management may be part of a field services solution, enabling technicians to easily identify parts needed and update real-time inventory as parts are deployed.

    Push notifications in real-time streamline communications from the field to the office, and enable technicians to close service records while in the field.

    Dispatchers can easily view availability, assign work orders, attach notes to work orders, and immediately receive updates if technicians acknowledge or reject a job.

    Maintenance work can be built into online checklists and forms to provide a technician with step-by-step instructions and to ensure a complete review.

    Skills and location-based routing allow dispatchers to be able to see closest tech for emergency deployments.

    Improve time to resolve while cutting costs by using visual remote support tools

    Visual remote support tools enable live video sessions to clearly see what the client or field service technician sees, enabling the experts to provide real-time assistance where the experts will provide guidance to the onsite person. Getting a view of the technology will reduce issues with getting the right parts, tools, and technicians onsite and dramatically reduce second visits.

    Visual remote tools can provide secure connections through any smartphone, with no need for the client to install an application.

    The technicians can take control of the camera to zoom in, turn on the flashlight for extra lighting, take photos, and save video directly to the tickets.

    Optical character recognition allows automatic text capture to streamline process to check warranty, recalls, and asset history.

    Visual, interactive workflows enhance break/fix and inspections, providing step-by-step guidance visual evidence and using AI and augmented reality to assess the images, and can provide next steps by connecting to a visual knowledgebase.

    Integration with field service management tools will allow information to easily be captured and uploaded immediately into the service record.

    Self-serve is available through many of these tools, providing step-by-step instructions using visual cues. These solutions are designed to work in low-bandwidth environments, using Wi-Fi or cellular service, and sessions can be started with a simple link sent through SMS.

    Spread Best Practices With an Agile Center of Excellence

    • Buy Link or Shortcode: {j2store}152|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $97,499 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is looking to create consistency across all Agile teams to drive greater business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support structures and facilitated through shared learning and capabilities.

    Our Advice

    Critical Insight

    • Social capital can be an enabler, but also a barrier. People can only manage a finite number of relationships; ensure that the connections the Center of Excellence (CoE) facilitates are purposeful.
    • Don’t over govern. Empowerment is critical to enable improvements; set boundaries and let teams work inside them with autonomy.
    • Legitimize through listening. A CoE will not be leveraged unless it aligns with the needs of its users. Invest the time to align with the functional expectations of your Agile teams.

    Impact and Result

    • Create a set of service offerings aligned with both corporate objectives and the functional expectations of its customers to ensure broad support and utility of the invested resources.
    • Understand some of the cultural and processual challenges you will face when forming a center of excellence, and address them using Info-Tech’s Agile adoption model.

    Spread Best Practices With an Agile Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an Agile Center of Excellence, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Strategically align the Center of Excellence

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    • Spread Best Practices With an Agile Center of Excellence – Phase 1: Strategically Align the Center of Excellence

    2. Standardize the Center of Excellence’s service offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization.

    • Spread Best Practices With an Agile Center of Excellence – Phase 2: Standardize the Center of Excellence’s Service Offerings

    3. Operate the Center of Excellence

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change.

    • Spread Best Practices With an Agile Center of Excellence – Phase 3: Operationalize Your Agile Center of Excellence
    • ACE Satisfaction Survey
    • CoE Maturity Diagnostic Tool
    • ACE Benefits Tracking Tool
    • ACE Communications Deck
    [infographic]

    Workshop: Spread Best Practices With an Agile Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Vision of CoE

    The Purpose

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    Understand how your key stakeholders will impact the longevity of your CoE.

    Determine your CoE structure and staff.

    Key Benefits Achieved

    Top-down alignment with strategic aims of the organization.

    A set of high-level use cases to form the CoE’s service offerings around.

    Visualization of key stakeholders, with their current and desired power and involvement documented.

    Activities

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your Agile Center of Excellence (ACE) and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Outputs

    Prioritized business objectives

    Business-aligned use cases to form CoE’s service offerings

    Stakeholder map of key influencers

    2 Define Service Offerings of CoE

    The Purpose

    Document the functional expectations of the Agile teams.

    Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.

    Create a capability map that visualizes and prioritizes your key service offerings.

    Key Benefits Achieved

    Understanding of some of the identified concerns, pain points, and potential opportunities from your stakeholders.

    Refined use cases that define the service offerings the CoE provides to its customers.

    Prioritization for the creation of service offerings with a capability map.

    Activities

    2.1 Classified pains and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Outputs

    Classified pains and opportunities

    Refined use cases based on pains and opportunities identified during ACE requirements gathering

    ACE Capability Map

    3 Define Engagement Plans

    The Purpose

    Align service offerings with an Agile adoption model so that teams have a structured way to build their skills.

    Standardize the way your organization will interact with the Center of Excellence to ensure consistency in best practices.

    Key Benefits Achieved

    Mechanisms put in place for continual improvement and personal development for your Agile teams.

    Interaction with the CoE is standardized via engagement plans to ensure consistency in best practices and predictability for resourcing purposes.

    Activities

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Outputs

    Adoption-aligned service offerings

    Role-based engagement plans

    4 Define Metrics and Plan Communications

    The Purpose

    Develop a set of metrics for the CoE to monitor business-aligned outcomes with.

    Key Benefits Achieved

    The foundations of continuous improvement are established with a robust set of Agile metrics.

    Activities

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Outputs

    Business objective-aligned metrics

    CoE performance metrics

    Agile adoption metrics

    Assessment of organizational design

    CoE communication plan

    Further reading

    Spread Best Practices With an Agile Center of Excellence

    Achieve ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    ANALYST PERSPECTIVE

    "Inconsistent processes and practices used across Agile teams is frequently cited as a challenge to adopting and scaling Agile within organizations. (VersionOne’s 13th Annual State of Agile Report [N=1,319]) Creating an Agile Center of Excellence (ACE) is a popular way to try to impose structure and improve performance. However, simply establishing an ACE does not guarantee you will be successful with Agile. When setting up an ACE you must: Define ACE services based on identified stakeholder needs. Staff the ACE with respected, “hands on” people, who deliver identifiable value to your Agile teams. Continuously evolve ACE service offerings to maximize stakeholder satisfaction and value delivered."

    Alex Ciraco, Research Director, Applications Practice Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • A CIO who is looking for a way to optimize their Agile capabilities and ensure ongoing alignment with business objectives.
    • An applications director who is looking for mechanisms to inject continuous improvement into organization-wide Agile practices.

    This Research Will Help You:

    • Align your Agile support structure with business objectives and the functional expectations of its users.
    • Standardize the ways in which Agile teams develop and learn to create consistency in purpose and execution.
    • Track and communicate successes to ensure the long-term viability of an Agile Center of Excellence (ACE).

    This Research Will Also Assist

    • Project managers who are tasked with managing Agile projects.
    • Application development managers who are struggling with establishing consistency, transparency, and collaboration across their teams.

    This Research Will Help Them:

    • Provide service offerings to their team members that will help them personally and collectively to develop desired skills.
    • Provide oversight and transparency into Agile projects and outcomes through ongoing monitoring.

    Executive summary

    Situation

    • Your organization has had some success with Agile, but needs to drive consistency across Agile teams for better business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support services and facilitated through shared learning and capabilities.

    Complication

    • Organizational constraints, culture clash, and lack of continuous top-down support are hampering your Agile growth and maturity.
    • Attempts to create consistency across Agile teams and processes fail to account for the expectations of users and stakeholders, leaving them detached from projects and creating resistance.

    Resolution

    • Align the service offerings of your ACE with both corporate objectives and the functional expectations of its stakeholders to ensure broad support and utilization of the invested resources.
    • Understand some of the culture and process challenges you will face when forming an ACE, and address them using Info-Tech’s Agile adoption journey model.
    • Track the progress of the ACE and your Agile teams. Use this data to find root causes for issues, and ideate to implement solutions for challenges as they arise over time.
    • Effectively define and propagate improvements to your Agile teams in order to drive business-valued results.
    • Communicate progress to interested stakeholders to ensure long-term viability of the Center of Excellence (CoE).

    Info-Tech Insight

    1. Define ACE services based on stakeholder needs.Don’t assume you know what your stakeholders need without talking to them.
    2. Staff the ACE strategically. Choose those who are thought leaders and proven change agents.
    3. Continuously improve based on metrics and feedback.Constantly monitor how your ACE is performing and adjust to feedback.

    Info-Tech’s Agile Journey related Blueprints

    1. Stabilize

    Implement Agile Practices That Work

    Begin your Agile transformation with a comprehensive readiness assessment and a pilot project to adopt Agile development practices and behaviors that fit.

    2. Sustain

    YOU ARE HERE

    Spread Best Practices with an Agile Center of Excellence

    Form an ACE to support Agile development at all levels of the organization with thought leadership, strategic development support & process innovation.

    3. Scale

    Enable Organization-Wide Collaboration by Scaling Agile

    Extend the benefits of your Agile pilot project into your organization by strategically scaling Agile initiatives that will meet stakeholders’ needs.

    4. Satisfy

    Transition to Product Delivery Introduce product-centric delivery practices to drive greater benefits and better delivery outcomes.

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    2.1 Define an adoption plan for Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives

    Supporting Capabilities and Practices

    Modernize Your SDLC

    Remodel the stages of your lifecycle to standardize your definition of a successful product.

    Build a Strong Foundation for Quality

    Instill quality assurance practices and principles in each stage of your software development lifecycle.

    Implement DevOps Practices That Work

    Fix, deploy, and support applications quicker though development and operations collaboration.

    What is an Agile Center of Excellence?

    NOTE: Organizational change is hard and prone to failure. Determine your organization’s level of readiness for Agile transformation (and recommended actions) by completing Info-Tech’s Agile Transformation Readiness Tool.

    An ACE amplifies good practices that have been successfully employed within your organization, effectively allowing you to extend the benefits obtained from your Agile pilot(s) to a wider audience.

    From the viewpoint of the business, members of the ACE provide expertise and insights to the entire organization in order to facilitate Agile transformation and ensure standard application of Agile good practices.

    From the viewpoint of your Agile teams, it provides a community of individuals that share experiences and lessons learned, propagate new ideas, and raise questions or concerns so that delivering business value is always top of mind.

    An ACE provides the following:

    1. A mechanism to gather thought leadership to maximize the accessibility and reach of your Agile investment.
    2. A mechanism to share innovations and ideas to facilitate knowledge transfer and ensure broadly applicable innovations do not go to waste.
    3. Strategic alignment to ensure that Agile practices are driving value towards business objectives.
    4. Purposeful good practices to ensure that the service offerings provided align with expectations of both your Agile practitioners and stakeholders.

    SIDEBAR: What is a Community of Practice? (And how does it differ from a CoE?)

    Some organizations prefer Communities of Practice (CoP) to Centers of Excellence (CoE). CoPs are different from CoEs:

    A CoP is an affiliation of people who share a common practice and who have a desire to further the practice itself … and of course to share knowledge, refine best practices, and introduce standards. CoPs are defined by their domain of interest, but the membership is a social structure comprised of volunteer practitioners

    – Wenger, E., R. A. McDermott, et al. (2002) Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    CoPs differ from a CoE mainly in that they tend to have no geographical boundaries, they hold no hierarchical power within a firm, and they definitely can never have structure determined by the company. However, one of the most obvious and telling differences lies in the stated motive of members – CoPs exist because they have active practitioner members who are passionate about a specific practice, and the goals of a CoP are to refine and improve their chosen domain of practice – and the members provide discretionary effort that is not paid for by the employer

    – Matthew Loxton (June 1, 2011) CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    What to know about CoPs:

    1. Less formal than a CoE
      • Loosely organized by volunteer practitioners who are interested in advancing the practice.
    2. Not the Authoritative Voice
      • Stakeholders engage the CoP voluntarily, and are not bound by them.
    3. Not funded by Organization
      • CoP members are typically volunteers who provide support in addition to their daily responsibilities.
    4. Not covered in this Blueprint
      • In depth analysis on CoPs is outside the scope of this Blueprint.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • Many organizations encounter challenges to scaling Agile

    Tackle the following barriers to Agile adoption with a business-aligned ACE.

    List based on reported impediments from VersionOne’s 13th Annual State of Agile Report (N=1,319)

    1. Organizational culture at odds with Agile values
    • The ACE identifies and measures the value of Agile to build support from senior business leaders for shifting the organizational culture and achieving tangible business benefits.
  • General organizational resistance to change
    • Resistance comes from a lack of trust. Optimized value delivery from Info-Tech’s Agile adoption model will build the necessary social capital to drive cultural change.
  • Inadequate management support and sponsorship
    • Establishing an ACE will require senior management support and sponsorship. Its formation sends a strong signal to the organizational leadership that Agile is here to stay.
  • Lack of skills/experience with Agile methods
    • The ACE provides a vehicle to absorb external training into an internal development program so that Agile capabilities can be grown organically within the organization.
  • Inconsistent processes and practices across teams
    • The ACE provides support to individual Agile teams and will guide them to adopt consistent processes and practices which have a proven track record in the organization.
  • Insufficient training and education
    • The ACE will assist teams with obtaining the Agile skills training they need to be effective in the organization, and support a culture of continuous learning.
  • Overcome your Agile scaling challenges with a business aligned ACE

    An ACE drives consistency and transparency without sacrificing the ability to innovate. It can build on the success of your Agile pilot(s) by encouraging practices known to work in your organization.

    Support Agile Teams

    Provide services designed to inject evolving good practices into workflows and remove impediments or roadblocks from your Agile team’s ability to deliver value.

    Maintain Business Alignment

    Maintain alignment with corporate objectives without impeding business agility in the long term. The ACE functions as an interface layer so that changing expectations can be adapted without negatively impacting Agile teams.

    Facilitate Learning Events

    Avoid the risk of innovation and subject-matter expertise being lost or siloed by facilitating knowledge transfer and fostering a continuous learning environment.

    Govern Improvements

    Set baselines, monitor metrics, and run retrospectives to help govern process improvements and ensure that Agile teams are delivering expected benefits.

    Shift Culture

    Instill Agile thinking and behavior into the organization. The ACE must encourage innovation and be an effective agent for change.

    Use your ACE to go from “doing” Agile to “being” Agile

    Organizations that do Agile without embracing the changes in behavior will not reap the benefits.

    Doing what was done before

    • Processes and Tools
    • Comprehensive Documentation
    • Contract Negotiation
    • Following a Plan

    Being Prescriptive

    Going through the motions

    • Uses SCRUM and tools such as Jira
    • Plans multiple sprints in detail
    • Talks to stakeholders once in a release
    • Works off a fixed scope BRD

    Doing Agile

    Living the principles

    • Individuals and Interactions
    • Working Software
    • Customer Collaboration
    • Responding to Change

    Being Agile

    “(‘Doing Agile’ is) just some rituals but without significant change to support the real Agile approach as end-to-end, business integration, value focus, and team empowerment.” - Arie van Bennekum

    Establishing a CoE does not guarantee success

    Simply establishing a Center of Excellence for any discipline does not guarantee its success:

    The 2019 State of DevOps Report found that organizations which had established DevOps CoEs underperformed compared to organizations which adopted other approaches for driving DevOps transformation. (Accelerate State of DevOps Report 2019 [N=~1,000])

    Still, Agile Centers of Excellence can and do successfully drive Agile adoption in organizations. So what sets the successful examples apart from the others? Here’s what some have to say:

    The ACE must be staffed with qualified people with delivery experience! … [It is] effectively a consulting practice, that can evolve and continuously improve its services … These services are collectively about ‘enablement’ as an output, more than pure training … and above all, the ability to empirically measure the progress” – Paul Blaney, TD Bank

    “When leaders haven’t themselves understood and adopted Agile approaches, they may try to scale up Agile the way they have attacked other change initiatives: through top-down plans and directives. The track record is better when they behave like an Agile team. That means viewing various parts of the organization as their customers.” – HBR, “Agile at Scale”

    “the Agile CoE… is truly meant to be measured by the success of all the other groups, not their own…[it] is meant to be serving the teams and helping them improve, not by telling them what to do, but rather by listening, understanding and helping them adapt.” - Bart Gerardi, PMI

    The CoE must also avoid becoming static, as it’s crucial the team can adjust as quickly as business and customer needs change, and evolve the technology as necessary to remain competitive.” – Forbes, “RPA CoE (what you need to know)”

    "The best CoEs are formed from thought leaders and change agents within the CoE domain. They are the process and team innovators who will influence your CoE roadmap and success. Select individuals who feel passionate about Agile." – Hans Eckman, InfoTech

    To be successful with your ACE, do the following…

    Info-Tech Insight

    Simply establishing an Agile Center of Excellence does not guarantee its success. When setting up your ACE, optimize its impact on the organization by doing the following 3 things:

    1. Define ACE services based on stakeholder needs. Be sure to broadly survey your stakeholders and identify the ACE functions and services which will best meet their needs. ACE services must clearly deliver business value to the organization and the Agile teams it supports.
    2. Staff the ACE strategically. Select ACE team members who have real world, hands-on delivery experience, and are well respected by the Agile teams they will serve. Where possible, select internal thought leaders in your organization who have the credibility needed to effect positive change.
    3. Continuously improve ACE services based on metrics and feedback. The value your ACE brings to the organization must be clear and measurable, and do not assume that your functions and services will remain static. You must regularly monitor both your metrics and feedback from your Agile teams, and adjust ACE behavior to improve/maximize these over time.

    Spread Best Practices With an Agile Center of Excellence

    This blueprint will walk you through the steps needed to build the foundations for operational excellence within an Agile Center of Excellence.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Info-Tech’s Practice Adoption Journey

    Use Info-Tech’s Practice Adoption Journey model to establish your ACE. Building social capital (stakeholders’ trust in your ability to deliver positive outcomes) incrementally is vital to ensure that everyone is aligned to new mindsets and culture as your Agile practices scale.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Continuously improve the ACE to ensure long-term viability

    Improvement involves the continuous evaluation of the performance of your teams, using well-defined metrics and reasonable benchmarks that are supplemented by analogies and root-cause analysis in retrospectives.

    Monitor

    Monitor your metrics to ensure desired benefits are being realized. The ACE is responsible for ensuring that expected Agile benefits are achievable and on track. Monitor against your defined baselines to create transparency and accountability for desired outcomes.

    Iterate

    Run retrospectives to drive improvements and fixes into Agile projects and processes. Metrics falling short of expectations must be diagnosed and their root causes found, and fixes need to be communicated and injected back into the larger organization.

    Define

    Define metrics and set targets that align with the goals of the ACE. These metrics represent the ACEs expected value to the organization and must be measured against on a regular basis to demonstrate value to your key stakeholders.

    Beware the common risks of implementing your ACE

    Culture clash between Agile teams and larger organization

    Agile leverages empowered teams, meritocracy, and broad collaboration for success, but typical organizations are siloed and hierarchical with top down decision making. There needs to be a plan to enable a smooth transition from the current state towards the Agile target state.

    Persistence of tribal knowledge

    Agile relies on easy and open knowledge sharing, but organizational knowledge can sit in siloes. Employees may also try to protect their expertise for job security. It is important to foster knowledge sharing to ensure that critical know-how is accessible and doesn’t leave the organization with the individual.

    Rigid management structures

    Rigidity in how managers operate (performance reviews, human resource management, etc.) can result in cultural rejection of Agile. People need to be assessed on how they enable their teams rather than as individual contributors. This can help ensure that they are given sufficient opportunities to succeed. More support and less strict governance is key.

    Breakdown due to distributed teams

    When face-to-face interactions are challenging, ensure that you invest in the right communication technologies and remove cultural and process impediments to facilitate organization-wide collaboration. Alternative approaches like using documentation or email will not provide the same experience and value as a face-to-face conversation.

    The State of Maine used an ACE to foster positive cultural change

    CASE STUDY

    Industry - Government

    Source - Cathy Novak, Agile Government Leadership

    The State of Maine’s Agile Center of Excellence

    “The Agile CoE in the State of Maine is completely focused on the discipline of the methodology. Every person who works with Agile, or wants to work with Agile, belongs to the CoE. Every member of the CoE tells the same story, approaches the methodology the same way, and uses the same tools. The CoE also functions as an Agile research lab, experimenting with different standards and tools.

    The usual tools of project management – mission, goals, roles, and a high-level definition of done – can be found in Maine’s Agile CoE. For story mapping, teams use sticky notes on a large wall or whiteboard. Demonstrating progress this way provides for positive team dynamics and a psychological bang. The State of Maine uses a project management framework that serves as its single source of truth. Everyone knows what’s going on at all times and understands the purpose of what they are doing. The Agile team is continually looking for components that can be reused across other agencies and programs.”

    Results:

    • Realized positive culture change, leading to more collaborative and supportive teams.
    • Increased visibility of Agile benefits across functional groups.
    • Standardized methodology across Agile teams and increased innovation and experimentation with new standards and tools.
    • Improved traceability of projects.
    • Increased visibility and ability to determine root causes of problems and right the course when outcomes are not meeting expectations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Spread Best Practices With an Agile Center of Excellence – project overview

    1. Strategically align the Center of Excellence 2. Standardize the CoEs service offerings 3. Operate the Center of Excellence
    Best-Practice Toolkit

    1.1 Determine the vision of your ACE.

    1.2 Define the service offerings of your ACE.

    2.1 Define an adoption plan for your Agile teams.

    2.2 Create an ACE engagement plan.

    2.3 Define metrics to measure success.

    3.1 Optimize the success of your ACE.

    3.2 Plan change to enhance your Agile initiatives.

    3.3 Conduct ongoing retrospectives of your ACE.

    Guided Implementations
    • Align your ACE with the business.
    • Align your ACE with its users.
    • Dissect the key attributes of Agile adoption.
    • Form engagement plans for your Agile teams.
    • Discuss effective ACE metrics.
    • Conduct a baseline assessment of your Agile environment.
    • Interface ACE with your change management function.
    • Build a communications deck for key stakeholders.
    Onsite Workshop Module 1: Strategically align the ACE Module 2: Standardize the offerings of the ACE Module 3: Prepare for organizational change
    Phase 1 Outcome: Create strategic alignment between the CoE and organizational goals.

    Phase 2 Outcome: Build engagement plans and key performance indicators based on a standardized Agile adoption plan.

    Phase 3 Outcome: Operate the CoEs monitoring function, identify improvements, and manage the change needed to continuously improve.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Module 1 Workshop Module 2 Workshop Module 3 Workshop Module 4
    Activities

    Determine vision of CoE

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your ACE and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Define service offerings of CoE

    2.1 Form a solution matrix to organize your pain points and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Define engagement plans

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Define metrics and plan communications

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Deliverables
    1. Prioritized business objectives
    2. Business-aligned use cases to form CoEs service offerings
    3. Prioritized list of stakeholders
    1. Classified pains and opportunities
    2. Refined use cases based on pains and opportunities identified during ACE requirements gathering
    3. ACE capability map
    1. Adoption-aligned service offerings
    2. Role-specific engagement plans
    1. Business objective-aligned metrics
    2. ACE performance metrics
    3. Agile adoption metrics
    4. Assessment of organization design
    5. ACE Communication Plan

    Phase 1

    Strategically Align the Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Begin by strategically aligning your Center of Excellence

    The first step to creating a high-functioning ACE is to create alignment and consensus amongst your key stakeholders regarding its purpose. Engage in a set of activities to drill down into the organization’s goals and objectives in order to create a set of high-level use cases that will evolve into the service offerings of the ACE.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Strategically align the ACE

    Proposed Time to Completion (in weeks): 1

    Step 1.1: Determine the vision of your ACE

    Start with an analyst kick off call:

    • Align your ACE with the business.

    Then complete these activities…

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Step 1.2: Define the service offerings of your ACE

    Start with an analyst kick off call:

    • Align your ACE with its users.

    Then complete these activities…

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Phase 1 Results & Insights:

    • Aligning your ACE with the functional expectations of its users is just as critical as aligning with the business. Invest the time to understand how the ACE fits at all levels of the organization to ensure its highest effectiveness.

    Phase 1, Step 1: Determine the vision of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Outcomes:

    • Gather your leadership to position the ACE and align it with business priorities.
    • Form a set of high-level use cases for services that will support the enablement of business priorities.
    • Map the stakeholders of the ACE to visualize expected influence and current support levels for your initiative.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • OPTIONAL: If you have an existing ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    1.1.1 Existing CoE Maturity Assessment

    Purpose

    If you already have established an ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline its current maturity level (this will act as a baseline for comparison after you complete this Blueprint). Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    The image is a screen capture of the CoE Maturity Diagnostic Tool

    Download the CoE Maturity Diagnostic Tool.

    Get your Agile leadership together and position the ACE

    Stakeholder Role Why they are essential players
    CIO/ Head of IT Program sponsor: Champion and set the tone for the Agile program. Critical in gaining and maintaining buy-in and momentum for the spread of Agile service offerings. The head of IT has insight and influence to drive buy-in from executive stakeholders and ensure the long-term viability of the ACE.
    Applications Director Program executor: Responsible for the formation of the CoE and will ensure the viability of the initial CoE objectives, use cases, and service offerings. Having a coordinator who is responsible for collating performance data, tracking results, and building data-driven action plans is essential to ensuring continuous success.
    Agile Subject-Matter Experts Program contributor: Provide information on the viability of Agile practices and help build capabilities on existing best practices. Agile’s success relies on adoption. Leverage the insights of people who have implemented and evangelized Agile within your organization to build on top of a working foundation.
    Functional Group Experts Program contributor: Provide information on the functional group’s typical processes and how Agile can achieve expected benefits. Agile’s primary function is to drive value to the business – it needs to align with the expected capabilities of existing functional groups in order to enhance them for the better.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Activity: Identify and prioritize organizational business objectives

    1.1.2 2 Hours

    Input

    • Organizational business objectives

    Output

    • Prioritized business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. List the primary high-level business objectives that your organization aims to achieve over the course of the following year (focusing on those that ACE can impact/support).
    2. Prioritize these business objectives while considering the following:
    • Criticality of completion: How critical is the initiative in enabling the business to achieve its goals?
    • Transformational impact: To what degree is the foundational structure of the business affected by the initiative (rationale: Agile can support impact on transformational issues)?
  • Document the hypothesized role of Agile in supporting these business objectives. Take the top three prioritized objectives forward for the establishment of your ACE. While in future years or iterations you can inject more offerings, it is important to target your service offerings to specific critical business objectives to gain buy-in for long-term viability of the CoE.
  • Sample Business Objectives:

    • Increase customer satisfaction.
    • Reduce time-to-market of product releases.
    • Foster a strong organizational culture.
    • Innovate new feature sets to differentiate product. Increase utilization rates of services.
    • Reduce product delivery costs.
    • Effectively integrate teams from a merger.
    • Offer more training programs for personal development.
    • Undergo a digital transformation.

    Understand potential hurdles when attempting to align with business objectives

    While there is tremendous pressure to align IT functions and the business due to the accelerating pace of change and technology innovation, you need to be aware that there are limitations in achieving this goal. Keep these challenges at the top of mind as you bring together your stakeholders to position the service offerings of your ACE. It is beneficial to make your stakeholders self-aware of these biases as well, so they come to the table with an open mind and are willing to find common ground.

    The search for total alignment

    There are a plethora of moving pieces within an organization and total alignment is not a plausible outcome.

    The aim of a group should not be to achieve total alignment, but rather reframe and consider ways to ensure that stakeholders are content with the ways they interact and that misalignment does not occur due to transparency or communication issues.

    “The business” implies unity

    While it may seem like the business is one unified body, the reality is that the business can include individuals or groups (CEO, CFO, IT, etc.) with conflicting priorities. While there are shared business goals, these entities may all have competing visions of how to achieve them. Alignment means compromise and agreement more than it means accommodating all competing views.

    Cost vs. reputation

    There is a political component to alignment, and sometimes individual aspirations can impede collective gain.

    While the business side may be concerned with cost, those on the IT side of things can be concerned with taking on career-defining projects to bolster their own credentials. This conflict can lead to serious breakdowns in alignment.

    Panera Bread used Agile to adapt to changing business needs

    CASE STUDY

    Industry Food Services

    Source Scott Ambler and Associates, Case Study

    Challenge

    Being in an industry with high competition, Panera Bread needed to improve its ability to quickly deliver desired features to end customers and adapt to changing business demands from high internal growth.

    Solution

    Panera Bread engaged in an Agile transformation through a mixture of Agile coaching and workshops, absorbing best practices from these engagements to drive Agile delivery frameworks across the enterprise.

    Results

    Adopting Agile delivery practices resulted in increased frequency of solution delivery, improving the relationship between IT and the business. Business satisfaction increased both with the development process and the outcomes from delivery.

    The transparency that was needed to achieve alignment to rapidly changing business needs resulted in improved communication and broad-scale reduced risk for the organization.

    "Agile delivery changed perception entirely by building a level of transparency and accountability into not just our software development projects, but also in our everyday working relationships with our business stakeholders. The credibility gains this has provided our IT team has been immeasurable and immediate."

    – Mike Nettles, VP IT Process and Architecture, Panera Bread

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    Functional Input

    • Application Development
    • Project Management
    • CIO
    • Enterprise Architecture
    • Data Management
    • Security
    • Infrastructure & Operations
    • Who else?

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Input arrows represent functional group needs, feedback from Agile teams, and collaboration with other CoEs and CoPs

    Output arrows represent the services the CoE delivers and the benefits realized across the organization.

    ACE Operating Model: Governance & Metrics

    Governance & Metrics involves enabling success through the management of the ACEs resources and services, and ensuring that organizational structures evolve in concert with Agile growth and maturity. Your focus should be on governing, measuring, implementing, and empowering improvements.

    Effective governance will function to ensure the long-term effectiveness and viability of your ACE. Changes and improvements will happen continuously and you need a way to decide which to adopt as best practices.

    "Organizations have lengthy policies and procedures (e.g. code deployment, systems design, how requirements are gathered in a traditional setting) that need to be addressed when starting to implement an Agile Center of Excellence. Legacy ideas that end up having legacy policy are the ones that are going to create bottlenecks, waste resources, and disrupt your progress." – Doug Birgfeld, Senior Partner, Agile Wave

    Governance & Metrics

    • Manage organizational Agile standards, policies, and procedures.
    • Define organizational boundaries based on regulatory, compliance, and cultural requirements.
    • Ensure ongoing alignment of service offerings with business objectives.
    • Adapt organizational change management policies to reflect Agile practices.
    • CoE governance functions include:
      • Policy Management
      • Change Management
      • Risk Management
      • Stakeholder Management
      • Metrics/Feedback Monitoring

    ACE Operating Model: Services

    Services refers to the ability to deliver resourcing, guidance, and assistance across all Agile teams. By creating a set of shared services, you enable broad access to specialized resources, knowledge, and insights that will effectively scale to more teams and departments as Agile matures in your organization.

    A Services model:

    • Supports the organization by standardizing and centralizing service offerings, ensuring consistency of service delivery and accessibility across functional groups.
    • Provides a mechanism for efficient knowledge transfer and on-demand support.
    • Helps to drive productivity and project efficiencies through the organization by disseminating best practices.

    Services

    • Provide reference, support, and re-assurance to implement and adapt organizational best practices.
    • Interface relevant parties and facilitate knowledge transfer through shared learning and communities of practice.
    • Enable agreed-upon service levels through standardized support structures.
    • Shared services functions include:
      • Engagement Planning
      • Knowledge Management
      • Subject-Matter Expertise
      • Agile Team Evaluation

    ACE Operating Model: Technology

    Technology refers to a broad range of supporting tools to enable employees to complete their day-to-day tasks and effectively report on their outcomes. The key to technological support is to strike the right balance between flexibility and control based on your organization's internal and external constraints (policy, equipment, people, regulatory, etc.).

    "We sometimes forget the obvious truth that technology provides no value of its own; it is the application of technology to business opportunities that produces return on investment." – Robert McDowell, Author, In Search of Business Value

    Technology

    • Provide common software tools to enable alignment to organizational best practices.
    • Enable access to locally desired tools while considering organizational, technical, and scaling constraints.
    • Enable communication with a technical subject matter expert (SME).
    • Enable reporting consistency through training and maintenance of reporting mechanisms.
    • Technology functions can include:
      • Vendor Management
      • Application Support
      • Tooling Standards
      • Tooling Use Cases

    ACE Operating Model: Staff

    Staff is all about empowerment. The ACE should support and facilitate the sharing of ideas and knowledge sharing. Create processes and spaces where people are encouraged to come together, learn from, and share with each other. This setting will bring up new ideas to enhance productivity and efficiency in day-to-day activities while maintaining alignment with business objectives.

    "An Agile CoE is legitimized by its ability to create a space where people can come together, share, and learn from one another. By empowering teams to grow by themselves and then re-connect with each other you allow the creativity of your employees to flow back into the CoE." – Anonymous, Founder, Agile consultancy group

    Staff

    • Develop and provide training and day-to-day coaching that are aligned with organizational engagement and growth plans.
    • Include workflow change management to assist traditional roles with accommodating Agile practices.
    • Support the facilitation of knowledge transfer from localized Agile teams into other areas of the organization.
    • Achieve team buy-in and engagement with ACE services and capabilities. Provide a forum for collaboration and innovation.
    • People functions can include:
      • Onboarding
      • Coaching
      • Learning Facilitation

    Form use cases to align your ACE with business objectives

    What is a use case?

    A use case tells a story about how a system will be used to achieve a goal from the perspective of a user of that system. The people or other systems that interact with the use case are called “actors.” Use cases describe what a system must be able to do, not how it will do it.

    How does a use case play a role in building your ACE?

    Use cases are used to guide design by allowing you to highlight the intended function of a service provided by the Center of Excellence while maintaining a business focus. Jumping too quickly to a solution without fully understanding user and business needs leads to the loss of stakeholder buy-in and the Centers of Excellence rejection by teams.

    Hypothesized ACE user needs →Use Case←Business objective

    Activity: Form use cases for the points of alignment between your ACE and business objectives

    1.1.3 2 Hours

    Input

    • Prioritized business objectives
    • ACE functions

    Output

    • ACE use cases

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives and the six functions of a CoE, create high-level use cases for each point of alignment that describe how the Center of Excellence will better facilitate the realization of that business objective.
    2. For each use case, define the following:
      • Name: Generalized title for the use case.
      • Description: A high-level description of the expected CoE action.
    AGILE CENTER OF EXCELLENCE FUNCTIONS:
    Guiding Learning Tooling Supporting Governing Monitoring
    BUSINESS OBJECTIVES Reduce time-to-market of product releases
    Reduce product delivery costs
    Effectively integrate teams from a merger

    Activity: Form use cases for the points of alignment between your ACE and business objectives (continued)

    1.1.3 2 Hours

    The image shows the Reduce time-to-market of product releases row from the table in the previous section, filled in with sample information.

    Your goal should be to keep these as high level and generally applicable as possible as they provide an initial framework to further develop your service offerings. Begin to talk about the ways in which the ACE can support the realization of your business objectives and what those interactions may look like to customers of the ACE.

    Involve all relevant stakeholders to discuss the organizational goals and objectives of your ACE

    Avoid the rifts in stakeholder representation by ensuring you involve the relevant parties. Without representation and buy-in from all interested parties, your ACE may omit and fail to meet long-term organizational goals.

    By ensuring every group receives representation, your service offerings will speak for the broad organization and in turn meet the needs of the organization as a whole.

    • Business Units: Any functional groups that will be expected to engage with the ACE in order to achieve their business objectives.
    • Team Leads: Representation from the internal Agile community who is aware of the backgrounds, capabilities, and environments of their respective Agile teams.
    • Executive Sponsors: Those expected to evangelize and set the tone and direction for the ACE within the executive ranks of the organization. These roles are critical in gaining buy-in and maintaining momentum for ACE initiatives.

    Organization

    • ACE
      • Executive Sponsors
      • Team Leads
      • Business Units

    Activity: Prioritize your ACE stakeholders

    1.1.4 1 Hour

    Input

    • Prioritized business objectives

    Output

    • Prioritized list of stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, brainstorm, as a group, the potential list of stakeholders (representatives from business units, team leads, and executive sponsors) that would need to be involved in setting the tone and direction of your ACE.
    2. Evaluate each stakeholder in terms of power, involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the CoE forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resister?
  • Map each stakeholder to an area on the power map on the next slide based on his or her level of power and involvement.
  • Vary the size of the circle to distinguish stakeholders that are highly impacted by the ACE from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
  • Prioritize your ACE stakeholders (continued)

    1.1.4 1 Hour

    The image shows a matrix on the left, and a legend on the right. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort.

    Should your ACE be Centralized or Decentralized?

    An ACE can be organized differently depending on your organization’s specific needs and culture.

    The SAFe Model:©

    “For smaller enterprises, a single centralized [ACE] can balance speed with economies of scale. However, in larger enterprises—typically those with more than 500 – 1,000 practitioners—it’s useful to consider employing either a decentralized model or a hub-and-spoke model.”

    The image shows 3 models: centralized, represented by a single large circle; decentralized, represented by 5 smaller circles; and hub-and-spoke, represented by a central circle, connected to 5 surrounding circles.

    © Scaled Agile, Inc.

    The Spotify Model:

    Spotify avoids using an ACE and instead spreads agile practices using Squads, Tribes, Chapters, Guilds, etc.

    It can be a challenging model to adopt because it is constantly changing, and must be fundamentally supported by your organization’s culture. (Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.)

    Detailed analysis of The Spotify Model is out of scope for this Blueprint.

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    Activity: Select a Centralized or Decentralized ACE Model

    1.1.5 30 minutes

    Input

    • Prioritized business objectives
    • Use Cases
    • Organization qualities

    Output

    • Centralized or decentralized ACE model

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, your ACE use cases, your organization size, structure, and culture, brainstorm the relative pros and cons of a centralized vs decentralized ACE model.
    2. Consider this: to improve understanding and acceptance, ask participants who prefer a centralized model to brainstorm the pros and cons of a decentralized model, and vice-versa.
    3. Collectively decide whether your ACE should be centralized, decentralized or hub-and-spoke and document it.
    Centralized ACE Decentralized ACE
    Pros Cons Pros Cons
    Centralize Vs De-centralize Considerations Prioritized Business Objectives
    • Neutral (objectives don’t favor either model)
    • Neutral (objectives don’t favor either model)
    ACE Use Cases
    • Neutral (use cases don’t favor either model)
    • Neutral (use cases don’t favor either model)
    Organization Size
    • Org. is small enough for centralized ACE
    • Overkill for a small org. like ours
    Organization Structure
    • All development done in one location
    • Not all locations do development
    Organization Culture
    • All development done in one location
    • Decentralized ACE may have yield more buy-in

    SELECTED MODEL: Centralized ACE

    Activity: Staff your ACE strategically

    1.1.6 1 Hour

    Input

    • List of potential ACE staff

    Output

    • Rated list of ACE staff

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Identify your list of potential ACE staff (this may be a combination of full time and contract staff).
    2. Add/modify/delete the rating criteria to meet your specific needs.
    3. Discuss and adjust the relative weightings of the rating criteria to best suit your organization’s needs.
    4. Rate each potential staff member and compare results to determine the best suited staff for your ACE.
    Candidate: Jane Doe
    Rating Criteria Criteria Weighting Candidate's Score (1-5)
    Candidate has strong theoretical knowledge of Agile. 8% 4
    Candidate has strong hands on experience with Agile. 18% 5
    Candidate has strong hands on experience with Agile. 10% 4
    Candidate is highly respected by the Agile teams. 18% 5
    Candidate is seen as a thought leader in the organization. 18% 5
    Candidate is seen as a change agent in the organization. 18% 5
    Candidate has strong desire to be member of ACE staff. 10% 3
    Total Weighted Score 4.6

    Phase 1, Step 2: Define the service offerings of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Outcomes:

    • Collect data regarding the functional expectations of the Agile teams.
    • Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.
    • Create a capability map that visualizes and prioritizes your key service offerings.

    Structure your ACE with representation from all of your key stakeholders

    Now that you have a prioritized list of stakeholders, use their influence to position the ACE to ensure maximum representation with minimal bottlenecks.

    By operating within a group of your key players, you can legitimize your Center of Excellence by propagating the needs and interests of those who interface and evangelize the CoE within the larger organization.

    The group of key stakeholders will extend the business alignment you achieved earlier by refining your service offerings to meet the needs of the ACEs customers. Multiple representations at the table will generate a wide arrangement of valuable insights and perspectives.

    Info-Tech Insight

    While holistic representation is necessary, ensure that the list is not too comprehensive and will not lead to progress roadblocks. The goal is to ensure that all factors relevant to the organization are represented; too many conflicting opinions may create an obstruction moving forward.

    ACE

    • Executive Sponsors
    • Team Leads
    • Business Units

    Determine how you will fund your ACE

    Choose the ACE funding model which is most aligned to your current system based on the scenarios provided below. Both models will offer the necessary support to ensure the success of your Agile program going forward.

    Funding Model Funding Scenario I Funding Scenario II
    Funded by the CIO Funded by the CIO office and a stated item within the general IT budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.
    Funded by the PMO Charged back to supported functional groups with all costs allocated to each functional group’s budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.

    Info-Tech Insight

    Your funding model may add additional key influencers into the mix. After you choose your funding model, ensure that you review your stakeholder map and add anyone who will have a direct impact in the viability and stability of your ACE.

    Determine how you will govern your ACE

    An Agile Center of Excellence is unique in the way you must govern the actions of its customers. Enable “flexible governance” to ensure that Agile teams have the ability to locally optimize and innovate while still operating within expected boundaries.

    ACE Governing Body

    ↑ Agile Team → ACE ← Agile Team ↑

    Who should take on the governance role?

    The governing body can be the existing executive or standing committees, or a newly formed committee involving your key ACE influencers and stakeholders.

    Flexible governance means that your ACE set boundaries based on your cultural, regulatory, and compliance requirements, and your governance group monitors your Agile teams’ adherence to these boundaries.

    Governing Body Responsibilities

    • Review and approve ACE strategy annually and ensure that it is aligned with current business strategy.
    • Provide detailed quality information for board members.
    • Ensure that the ACE is adequately resourced and that the organization has the capacity to deliver the service offerings.
    • Assure that the ACE is delivering benefits and achieving targets.
    • Assure that the record keeping and reporting systems are capable of providing the information needed to properly assess the quality of service.

    Modify your resourcing strategy based on organizational need

    Your Agile Center of Excellence can be organized either in a dedicated or a virtual configuration, depending on your company’s organizational structure and complexity.

    There is no right answer to how your Center of Excellence should be resourced. Consider your existing organizational structure and culture, the quality of relationships between functional groups, and the typical budgetary factors that would weigh on choosing between a virtual and dedicated CoE structure.

    COE Advantages Disadvantages
    Virtual
    • No change in organization structure required, just additional task delegation to your Agile manager or program manager.
    • Less effort and cost to implement.
    • Investment in quality is proportional to return.
    • Resources are shared between practice areas, and initiatives will take longer to implement.
    • Development and enhancement of best practices can become difficult without a centralized knowledge repository.
    Dedicated
    • Demonstrates a commitment to the ACEs long-term existence.
    • Allows for dedicated maintenance of best practices.
    • Clear lines of accountability for Agile processes.
    • Ability to develop highly skilled employees as their responsibilities are not shared.
    • Requires dedicated resources that can in turn be more costly.
    • Requires strong relationships with the functional groups that interface with the ACE.

    Staffing the ACE: Understand virtual versus dedicated ACE organizational models

    Virtual CoE

    The image shows an organizational chart titled Virtual CoE, with Head of IT at the top, then PMO and CoE Lead/Apps Director at the next level. The chart shows that there is crossover between the CoE Lead's reports, and the PMO's, indicated through dotted lines that connect them.

    • Responsibilities for CoE are split and distributed throughout departments on a part-time basis.
    • CoE members from the PMO report to apps director who also functions as the CoE lead on a part-time basis.

    The image shows a organizational chart titled Dedicated CoE, with all CoE members under the CoE.

    • Requires re-organization and dedicated full-time staff to run the CoE with clear lines of responsibility and accountability.
    • Hiring or developing highly skilled employees who have a sole function to facilitate and monitor quality best practices within the IT department may be necessary.

    Activity: Form the Center of Excellence

    1.2.1 1 Hour

    Input

    • N/A

    Output

    • ACE governance and resourcing plan

    Materials

    • Whiteboard

    Participants

    • Agile leadership group
    1. As a group, discuss if there is an existing body that would be able to govern the Center of Excellence. This body will monitor progress on an ongoing basis and assess any change requests that would impact the CoEs operation or goals.
    • List current governing bodies that are closely aligned with your current Agile environment and determine if the group could take on additional responsibilities.
    • Alternatively, identify individuals who could form a new ACE governing body.
  • Using the results of Exercise 1.1.6 in Step 1, select the individuals who will participate in the Center of Excellence. As a rough rule of thumb for sizing, an ACE staffed with 3-5 people can support 8-12 Agile Teams.
  • Document results in the ACE Communications Deck.

    Leverage your existing Agile practices and SMEs when establishing the ACE

    The synergy between Agile and CoE relies on its ability to build on existing best practices. Agile cannot grow without a solid foundation. ACE gives you the way to disseminate these practices and facilitate knowledge transfer from a centralized sharing environment. As part of defining your service offerings, engage with stakeholders across the organization to evaluate what is already documented so that it can be accommodated in the ACE.

    Documentation

    • Are there any existing templates that can be leveraged (e.g. resource planning, sprint planning)?
    • Are there any existing process documents that can be leveraged (e.g. SIPOC, program frameworks)?
    • Are there any existing standards documents the CoE can incorporate (e.g. policies, procedures, guidelines)?

    SMEs

    • Interview existing subject-matter experts that can give you an idea of your current pains and opportunities.
    • You already have feedback from those in your workshop group, so think about the rest of the organization:
      • Agile practitioners
      • Business stakeholders
      • Operations
      • Any other parties not represented in the workshop group

    Metrics

    • What are the current metrics being used to measure the success of Agile teams?
    • What metrics are currently being used to measure the completion of business objectives?
    • What tools or mediums are currently used for recording and communicating metrics?

    Info-Tech Insight

    When considering existing practices, it is important to evaluate the level of adherence to these practices. If they have been efficiently utilized, injecting them into ACE becomes an obvious decision. If they have been underutilized, however, it is important to understand why this occurred and discuss how you can drive higher adherence.

    Examples of existing documents to leverage

    People

    • Agile onboarding planning documents
    • Agile training documents
    • Organizational Agile manifesto
    • Team performance metrics dashboard
    • Stakeholder engagement and communication plan
    • Development team engagement plan
    • Organizational design and structure
    • Roles and responsibilities chart (i.e. RACI)
    • Compensation plan Resourcing plan

    Process

    • Tailored Scrum process
    • Requirements gathering process
    • Quality stage-gate checklist (including definitions of ready and done)
    • Business requirements document
    • Use case document
    • Business process diagrams
    • Entity relationship diagrams
    • Data flow diagrams
    • Solution or system architecture
    • Application documentation for deployment
    • Organizational and user change management plan
    • Disaster recovery and rollback process
    • Test case templates

    Technology

    • Code review policies and procedures
    • Systems design policies
    • Build, test, deploy, and rollback scripts
    • Coding guidelines
    • Data governance and management policies
    • Data definition and glossary
    • Request for proposals (RFPs)
    • Development tool standards and licensing agreements
    • Permission to development, testing, staging, and production environments
    • Application, system, and data integration policies

    Build upon the lessons learned from your Agile pilots

    The success of your Center of Excellence relies on the ability to build sound best practices within your organization’s context. Use your previous lessons learned and growing pains as shared knowledge of past Agile implementations within the ACE.

    Implement Agile Practices That Work

    Draw on the experiences of your initial pilot where you learned how to adapt the Agile manifesto and practices to your specific context. These lessons will help onboard new teams to Agile since they will likely experience some of the same challenges.

    Download

    Documents for review include:

    • Tailored Scrum Process
    • Agile Pilot Metrics
    • Info-Tech’s Agile Pilot Playbook

    Enable Organization-Wide Collaboration by Scaling Agile

    Draw on previous scaling Agile experiences to help understand how to interface, facilitate, and orchestrate cross-functional teams and stakeholders for large and complex projects. These lessons will help your ACE teams develop collaboration and problem-solving techniques involving roles with different priorities and lines of thinking.

    Download

    Documents for review include:

    • Agile Program Framework
    • Agile Pilot Program Metrics
    • Scaled Agile Development Process
    • Info-Tech’s Scaling Agile Playbook

    Activity: Gather and document your existing Agile practices for the CoE

    1.2.2 Variable time commitment based on current documentation state

    Input

    • Existing practices

    Output

    • Practices categorized within operating model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Compile a list of existing practices that will be shared by the Center of Excellence. Consider any documents, templates, or tools that are used regularly by Agile teams.
    2. Evaluate the level of adherence to use of the practices (whether the practice is complied with regularly or not) with a high, medium, or low. Low compliance will need a root-cause analysis to understand why and how to remedy the situation.
    3. Determine the best fit for each practice under the ACE operational model.
    Name Type Adherence Level CoE Best Fit Source
    1 Tailored Scrum process Process High Shared Services Internal Wiki
    2
    3

    Activity: Interview stakeholders to understand the ACE functional expectations

    1.2.3 30-60 Minutes per interview

    Interview Stakeholders (from both Agile teams and functional areas) on their needs from the ACE. Ensure you capture both pain points and opportunities. Capture these as either Common Agile needs or Functional needs. Document using the tables below:

    Common Agile Needs
    Common Agile Needs
    • Each Agile Team interprets Agile differently
    • Need common approach to Agile with a proven track record within the organization
    • Making sure all Team members have a good understanding of Agile
    • Common set of tool(s) with a proven track record, along with a strong understanding of how to use the tool(s) efficiently and effectively
    • Help troubleshooting process related questions
    • Assistance with addressing the individual short comings of each Agile Team
    • Determining what sort of help each Agile Team needs most
    • Better understanding of the role played by Scrum Master and associated good practices
    • When and how do security/privacy/regulatory requirements get incorporated into Agile projects
    Functional Needs Ent Arch Needs
    • How do we ensure Ent Arch has insight and influence on Agile software design
    • Better understanding of Agile process
    • How to measure compliance with reference architectures

    PMO Needs

    • Better understanding of Agile process
    • Understanding role of PM in Agile
    • Project status reports that determine current level of project risk
    • How does project governance apply on Agile projects
    • What deliverables/artifacts are produced by Agile projects and when are they completed

    Operations Needs

    • Alignment on approaches for doing releases
    • Impact of Agile on change management and support desk processes
    • How and when will installation and operation instructions be available in Agile

    Activity: Form a solution matrix to organize your pain points and opportunities

    1.2.4 Half day

    Input

    • Identified requirements

    Output

    • Classified pains and opportunities

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the listed pain points from the data gathering process. Sort the pain points on sticky notes into technology, governance, people, and shared services.
    2. Consider opportunities under each defining element based on the identified business requirements.
    3. Document your findings.
    4. Discuss the results with the project team and prioritize the opportunities.
      • Where do the most pains occur?
      • What opportunities exist to alleviate pains?
    Governance Shared Services Technology People
    Pain Points
    Opportunities

    Document results in the ACE Communications Deck.

    Activity: Refine your use cases to identify your ACE functions and services

    1.2.5 1 Hour

    Input

    • Use cases from activity 1.1.2

    Output

    • Refined use cases based on data collection

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Refine your initial use cases for the points of alignment between your ACE and business objectives using your classified pain points and opportunities.
    2. Add use cases to address newly realized pain points.
    3. Determine the functions and services the CoE can offer to address the identified requirements.
    4. Evaluate the outputs in the form of realized benefits and extracted inefficiencies.

    Possible ACE use cases:

    • Policy Management
    • Change Management
    • Risk Management
    • Stakeholder Management
    • Engagement Planning
    • Knowledge Management
    • Subject-Matter Expertise
    • Agile Team Evaluation
    • Operations Support
    • Onboarding
    • Coaching
    • Learning Facilitation
    • Communications Training
    • Vendor Management
    • Application Support
    • Tooling Standards

    Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map

    1.2.6 1 Hour

    Input

    • Use cases from activity 1.2.4

    Output

    • ACE capability map

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the refined and categorized list of service offerings.
    2. Determine how these new capabilities will add, remove, or enhance your existing service and capabilities.
    3. Categorize the capabilities into the following groups:
    • Governance and Metrics
    • Services
    • Staff
    • Technology
  • Label the estimated impact of the service offering based on your business priorities for the year. This will guide your strategy for implementing your Agile Center of Excellence moving forward.
  • Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map (continued)

    Governance

    Policy Management (Medium Potential)

    Change Management (High Potential)

    Risk Management (High Potential)

    Stakeholder Management (High Potential)

    Metrics/Feedback Monitoring (High Potential)

    Shared Services

    Engagement Planning (High Potential)

    Knowledge Management (High Potential)

    Subject-Matter Expertise (High Potential)

    Agile Team Evaluation (High Potential)

    Operations Support (High Potential)

    People

    Onboarding (Medium Potential)

    Coaching (High Potential)

    Learning Facilitation (High Potential)

    Internal Certification Program (Low Potential)

    Communications Training (Medium Potential)

    Technology

    Vendor Management (Medium Potential)

    Application Support (Low Potential)

    Tooling Standards (High Potential)

    Checkpoint: Are you ready to standardize your CoEs service offerings?

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Self-Auditing Guidelines

    • Have you identified and prioritized the key business objectives for the upcoming year that the ACE will align with?
    • Do you have a high-level set of use cases for points of alignment between your ACE and business objectives?
    • Have you mapped your stakeholders and identified the key players that will have an influence over the future success of your ACE?
    • Have you identified how your organization will fund, resource, and govern the ACE?
    • Have you collected data to understand the functional expectations of the users the ACE is intended to serve?
    • Have you refined your use cases to align with both business objectives and functional expectations?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Identify and prioritize organizational business objectives

    Our analyst team will help you organize and prioritize your business objectives for the year in order to ensure that the service offerings the ACE offers are delivering consistent business value.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives

    Our analyst team will help you turn your prioritized business objectives into a set of high-level use cases that will provide the foundation for defining user-aligned services.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.4 Prioritize your ACE stakeholders

    Our analysts will walk you through an exercise of mapping and prioritizing your Centers of Excellence stakeholders based on impact and power within so you can ensure appropriate presentation of interests within the organization.

    1.2.4 Form a solution matrix to organize your pain points and opportunities

    Our analyst team will help you solidify the direction of your Center of Excellence by overlaying your identified needs, pain points, and potential opportunities in a matrix guided by Info-Tech’s CoE operating model.

    1.2.5 Refine your use cases to identify your ACE functions and services

    Our analyst team will help you further refine your business-aligned use cases with the functional expectations from your Agile teams and stakeholders, ensuring the ACEs long-term utility.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.6 Visualize your ACE functions and service offerings with a capability map

    Our analysts will walk you through creating your Agile Centers of Excellence capability map and help you to prioritize which service offerings are critical to the success of your Agile teams in meeting their objectives.

    Phase 2

    Standardize the Centers of Excellence Service Offerings

    Spread Best Practices With an Agile Center of Excellence

    The ACE needs to ensure consistency in service delivery

    Now that you have aligned the CoE to the business and functional expectations, you need to ensure its service offerings are consistently accessible. To effectively ensure accessibility and delegation of shared services in an efficient way, the CoE needs to have a consistent framework to deliver its services.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Standardize the CoEs Service Offerings

    Proposed Time to Completion (in weeks): 2

    Step 2.1: Define an adoption plan for your Agile teams

    Start with an analyst kick off call:

    • Dissect the key attributes of Agile adoption.

    Then complete these activities…

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Step 2.2: Create an ACE engagement plan

    Start with an analyst kick off call:

    • Form engagement plans for your Agile teams.

    Then complete these activities…

    2.2.1 Create an engagement plan for each level of adoption.

    Step 2.3: Define metrics to measure success

    Finalize phase deliverable:

    • Discuss effective ACE metrics.

    Then complete these activities…

    2.3.1 Collect existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Phase 2 Results & Insights:

    • Standardizing your service offerings allows you to have direct influence on the dissemination of best practices.

    Phase 2, Step 1: Define an adoption plan for your Agile teams

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Outcomes:

    • Refine your previously determined use cases within the Agile adoption model to ensure that teams can be assisted at any level of Agile adoption.
    • Understand the key attributes of Agile adoption and how they impact success.

    Understand the implementation challenges that the ACE may face

    Culture clash between ACE and larger organization

    It is important to carefully consider the compatibility between the current organizational culture and Agile moving forward. Agile compels empowered teams, meritocracy, and broad collaboration for success; while typical organizational structures are siloed and hierarchical and decisions are delegated from the top down.

    This is not to say that the culture of the ACE has to match the larger organizational culture; part of the overarching aim of the ACE is to evolve the current organizational culture for the better. The point is to ensure you enable a smooth transition with sufficient management support and a team of Agile champions.

    The changing role of middle management

    Very similar to the culture clash challenge, cultural rigidity in how middle managers operate (performance review, human resource management, etc.) can cause cultural rejection. They need to become enablers for high performance and give their teams the sufficient tools, skills, and opportunities to succeed and excel.

    What impedes Agile adoption?

    Based on a global survey of Agile practitioners (N=1,319)*:

    52% Organizational culture at odds with agile values

    44% Inadequate management support and sponsorship

    48% General organization resistance to change

    *Respondents were able to make multiple selections

    (13th Annual State of Agile Report, VersionOne, 2019)

    Build competency and trust through a structured Agile adoption plan

    The reality of cultural incompatibility between Agile and traditional organization structures necessitates a structured adoption plan. Systematically build competency so teams can consistently achieve project success and solidify trust in your teams’ ability to meet business needs with Agile.

    By incrementally gaining the trust of management as you build up your Agile capabilities, you enable a smooth cultural transition to an environment where teams are empowered, adapt quickly to changing needs, and are trusted to innovate and make successes out of their failures.

    Optimized value delivery occurs when there is a direct relationship between competency and trust. There will be unrealized value when competency or trust outweigh the other. That value loss increases as either dimension of adoption continues to grow faster than the other.

    The image shows a graph with Competency on the x-axis and Trust on the y-axis. There are 3 sections: Level 1, Level 2, and Level 3, in subsequently larger arches in the background of the graph. The graph shows two diagonal arrows, the bottom one labelled Current Value Delivery and the top one labelled Optimized Value Delivery. The space between the two arrows is labelled Value Loss.

    Use Info-Tech’s Practice Adoption Optimization Model to systematically increase your teams’ ability to deliver

    Using Info-Tech’s Practice adoption optimization model will ensure you incrementally build competency and trust to optimize your value delivery.

    Agile adoption at its core, is about building social capital. Your level of trust with key influencers increases as you continuously enhance your capabilities, enabling the necessary cultural changes away from traditional organizational structures.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Review these key attributes of Agile adoption

    Agile adoption is unique to every organization. Consider these key attributes within your own organizational context when thinking about levels of Agile adoption.

    Adoption Attributes

    Team Organization

    Considers the degree to which teams are able to self-organize based on internal organizational structures (hierarchy vs. meritocracy) and inter-team capabilities.

    Team Coordination

    Considers the degree to which teams can coordinate, both within and across functions.

    Business Alignment

    Considers the degree to which teams can understand and/or map to business objectives.

    Coaching

    Considers what kind of coaching/training is offered and how accessible the training is.

    Empowerment

    Considers the degree to which teams are able and capable to address project, process, and technical challenges without significant burden from process controls and bureaucracy.

    Failure Tolerance

    Considers the degree to which stakeholders are risk tolerant and if teams are capable of turning failures into learning outcomes.

    Why are these important?

    These key attributes function as qualities or characteristics that, when improved, will successively increase the degree to which the business trusts your Agile teams’ ability to meet their objectives.

    Systematically improving these attributes as you graduate levels of the adoption model allows the business to acclimatize to the increased capability the Agile team is offering, and the risk of culture clash with the larger organization decreases.

    Start to consider at what level of adoption each of your service offerings become useful. This will allow you to standardize the way your Agile teams interact with the CoE.

    Activity: Further categorize your use cases within the Agile adoption model

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather the list of your categorized use cases.
    2. Based on Info-Tech’s Agile adoption model, categorize which use cases would be useful to help the Agile team graduate to the next level of adoption.
      • Conceptualize: Begin to document your workflow or value chain, implement a tracking system for KPIs, and gather metrics and report them transparently to the appropriate stakeholders.
      • Iterate: Use collected metrics to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.
      • Collaborate: Use information to drive changes and adopt appropriate Agile practices to make incremental improvements to the existing environment.
      • Empower: Drive behavioral and cultural changes that will empower teams to be accountable for their own successes given the appropriate resources.
      • Innovate: Use your built-up trust to begin to make calculated risks and innovate more, driving new best practices into the CoE.

    The same service offering could be offered at different levels of adoption. In these cases, you will need to re-visit the use case and differentiate how the service (if at all) will be delivered at different levels of adoption.

    1. Use this opportunity to brainstorm alternative or new use cases for any gaps identified. It is the CoEs goal to assist teams at every level of adoption to meet their business objectives. Use a different colored sticky note for these so you can re-visit and map out their inputs, outputs, metrics, etc.

    Activity: Further categorize your use cases within the Agile adoption model (continued)

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team

    Example:

    Service Offerings
    Level 5: Innovate
    Level 4: Empower
    Level 3: Collaborate Coaching -- Communications Training
    Level 2: Iterate Tooling Standards
    Level 1: Conceptualize

    Learning Facilitation

    Draw on the service offerings identified in activity 1.2.4

    Phase 2, Step 2: Create an ACE engagement plan

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.2.1 Create an engagement plan for each level of adoption.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Enable Agile teams to interface with ACE service offerings to meet their business objectives

    A Center of Excellence aligned with your service offerings is only valuable if your CoEs customers can effectively access those services. At this stage, you have invested in ensuring that your CoE aligns to your business objectives and that your service offerings align to its customers. Now you need to ensure that these services are accessible in the day-to-day operation of your Agile teams.

    Engagement Process → Service Offering

    Use backwards induction from your delivery method to the service offering. This is an effective method to determine the optimal engagement action for the CoE, as it considers the end customer as the driver for best action for every possible situation.

    Info-Tech Insight

    Your engagement process should be largely informed by your ACE users. Teams have constraints as well as in-the-trenches concerns and issues. If your service offerings don’t account for these, it can lead to rejection of the culture you are trying to inspire.

    Show the way, do not dictate

    Do not fix problems for your Agile teams, give them the tools and knowledge to fix the problems themselves.

    Facilitate learning to drive success

    A primary function of your ACE is to transfer knowledge to Agile teams to increase their capability to achieve desired outcomes.

    While this can take the form of coaching, training sessions, libraries, and wikis, a critical component of ACE is creating interactions where individuals from Agile teams can come together and share their knowledge.

    Ideas come from different experiences. By creating communities of practice (CoP) around topics that the ACE is tasked with supporting (e.g. Agile business analysts), you foster social learning and decrease the likelihood that change will result in some sort of cultural rejection.

    Consider whether creating CoPs would be beneficial in your organization’s context.

    "Communities of practice are a practical way to frame the task of managing knowledge. They provide a concrete organizational infrastructure for realizing the dream of a learning organization." – Etienne Wenger, Digital Habitats: Stewarding technology for communities

    A lack of top-down support will result in your ACE being underutilized

    Top-down support is critical to validate the CoE to its customers and ensure they feel compelled to engage with its services. Relevancy is a real concern for the long-term viability of a CoE and championing its use from a position of authority will legitimize its function and deter its fading from relevancy of day-to-day use for Agile teams.

    Although you are aligning your engagement processes to the customers of your Agile Center of Excellence, you still need your key influencers to champion its lasting organizational relevancy. Don’t let your employees think the ACE is just a coordinating body or a committee that is convenient but non-essential – make sure they know that it drives their own personal growth and makes everyone better as a collective.

    "Even if a CoE is positioned to meet a real organizational need, without some measure of top-down support, it faces an uphill battle to remain relevant and avoid becoming simply one more committee in the eyes of the wider organization. Support from the highest levels of the organization help fight the tendency of the larger organization to view the CoE as a committee with no teeth and tip the scales toward relevancy for the CoE." – Joe Shepley, VP and Practice Lead, Doculabs

    Info-Tech Insight

    Stimulate top-down support with internal certifications. This allows your employees to gain accreditation while at the same time encouraging top-down support and creating a compliance check for the continual delivery and acknowledgement of your evolving best practices.

    Ensure that best practices and lessons learned are injected back into the ACE

    For your employees to continuously improve, so must the Center of Excellence. Ensure the ACE has the appropriate mechanisms to absorb and disseminate best practices that emerge from knowledge transfer facilitation events.

    Facilitated Learning Session →Was the localized adaption well received by others in similar roles? →Document Localized Adaptation →Is there broad applicability and benefit to the proposed innovation? →CoE Absorbs as Best Practice

    Continuous improvement starts with the CoE

    While facilitating knowledge transfer is key, it is even more important that the Center of Excellence can take localized adaptations from Agile teams and standardize them as best practices when well received. If an individual were to leave without sharing their knowledge, the CoE and the larger organization will lose that knowledge and potential innovation opportunities.

    Experience matters

    To organically grow your ACE and be cost effective, you want your teams to continuously improve and to share that knowledge. As individual team members develop and climb the adoption model, they should participate as coaches and champions for less experienced groups so that their knowledge is reaching the widest audience possible.

    Case study: Agile learning at Spotify

    CASE STUDY

    Industry Digital Media

    Source Henrik Kniberg & Anders Ivarsson, 2012

    Methods of Agile learning at Spotify

    Spotify has continuously introduced innovative techniques to facilitate learning and ensure that that knowledge gets injected back into the organization. Some examples are the following:

    • Hack days: Self-organizing teams, referred to as squads, come together, try new ideas, and share them with their co-workers. This facilitates a way to stay up to date with new tools and techniques and land new product innovations.
    • Coaching: Every squad has access to an Agile coach to help inject best practices into their workflow – coaches run retrospectives, sprint planning meetings, facilitate one-on-one coaching, etc.
    • Tribes: Collections of squads that hold regular gatherings to show the rest of the tribe what they’ve been working on so others can learn from what they are doing.
    • Chapters: People with similar skills within a tribe come together to discuss their area of expertise and their specific challenges.
    • Guilds: A wide-reaching community of interest where members from different tribes can come together to share knowledge, tools, and codes, and practice (e.g. a tester guild, an Agile coaching guild).

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    "As an example of guild work, we recently had a ‘Web Guild Unconference,’ an open space event where all web developers at Spotify gathered up in Stockholm to discuss challenges and solutions within their field."

    Activity: Create an engagement plan for each level of adoption

    2.2.1 30 Minutes per role

    Input

    • Categorized use cases

    Output

    • Role-based engagement plans

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. On the top bar, define the role you are developing the engagement plan for. This will give you the ability to standardize service delivery across all individuals in similar roles.
    2. Import your categorized service offerings for each level of adoption that you think are applicable to the given role.
    3. Using backwards induction, determine the engagement processes that will ensure that those service offerings are accessible and fit the day-to-day operations of the role.
    4. Fill in the template available on the next slide with each role’s engagement plan.

    Document results in the ACE Communications Deck.

    Example engagement plan: Developer

    2.2.1 30 Minutes per role

    Role: Developer
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    3. Learning Facilitation
    1. Tooling Standards
    2. Learning Facilitation
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Knowledge Management
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    2. Based on service request or need identified by dev. manager.
    3. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 2, receive standard Agile tooling standards training.
    2. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 3, receive standard Agile communications training.
    2. Weekly mandatory community of practice meetings
    1. Peer-based training on how to effectively self-organize.
    2. Based on service request or need identified by dev. manager.
    1. Review captured key learnings from last and have CoE review KPIs related to any area changed.

    Example engagement plan: Tester

    2.2.1 30 Minutes per role

    Role: Tester
    Level 1Level 2Level 3Level 4Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Product Training
    2. Communications Training
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Tooling Standards
    2. Training
    3. Coaching
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    1. Weekly mandatory community of practice meetings.
    2. Provide training on effective methods for communicating with development teams based on organizational best practices.
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices. Weekly mandatory community of practice meetings.
    1. Peer-to-peer training with level 5 certified coach.
    2. Based on service request or need identified by dev. manager. .
    1. Periodic updates of organizational tooling standards based on community of practice results.
    2. Automation training.
    3. Provide coaching to level 1 developers on a rotating basis to develop facilitation skills.

    Example engagement plan: Product Owner

    2.2.1 30 Minutes per role

    Role: Product Owner
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Communications Training
    3. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    Engagement Process
    1. Provide onboarding materials for Agile product owners.
    2. Provide bi-weekly reviews and subsequent guidance at the end of retrospective processes.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices.
    2. Bi-weekly mandatory community of practice meetings.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. Provide quarterly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings

    Phase 2, Step 3: Define metrics to measure success

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.3.1 Define existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate your metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Craft metrics that will measure the success of your Agile teams

    Quantify measures that demonstrate the effectiveness of your ACE by establishing distinct metrics for each of your service offerings. This will ensure that you have full transparency over the outputs of your CoE and that your service offerings maintain relevance and are utilized.

    Questions to Ask

    1. What are leading indicators of improvements that directly affect the mandate of the CoE?
    2. How do you measure process efficiency and effectiveness?

    Creating meaningful metrics

    Specific

    Measureable

    Achievable

    Realistic

    Time-bound

    Follow the SMART framework when developing metrics for each service offering.

    Adhering to this methodology is a key component of the lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    "It’s not about telling people what they are doing wrong. It’s about constantly steering everyone on the team in the direction of success, and never letting any individual compromise the progress of the team toward success." – Mary Poppendieck, qtd. in “Questioning Servant Leadership”

    For important advice on how to avoid the many risks associated with metrics, refer to Info-Tech’s Select and Use SDLC Metrics Effectively.

    Ensure your metrics are addressing criteria from different levels of stakeholders and enterprise context

    There will be a degree of overlap between the metrics from your business objectives, service offerings, and existing Agile teams. This is a positive thing. If a metric can speak to multiple benefits it is that much more powerful in commuting successes to your key stakeholders.

    Existing metrics

    Business objective metrics

    Service offering metrics

    Agile adoption metrics

    Finding points of overlap means that you have multiple stakeholders with a vested interest in the positive trend of a specific metric. These consolidated metrics will be fundamental for your CoE as they will help build consensus through communicating the success of the ACE in a common language for a diverse audience.

    Activity: Define existing team-level metrics

    2.3.1 1 Hour

    Input

    • Current metrics

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather any metrics related documentation that you collected during your requirements gathering in Phase 1.
    2. Collect team-level metrics for your existing Agile teams:
      • Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
      • Look at historical trends and figures when available. Be careful of frequent anomalies as these may indicate a root cause that needs to be addressed.
      • Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    Team Objective Expected Benefits Metrics
    Improve productivity
    • Improve transparency with business decisions
    • Team burndown and velocity
    • Number of releases per milestone
    Increase team morale and motivation
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Team satisfaction with Agile environment
    • Degree of engagement in ceremonies
    Improve transparency with business decisions
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Stakeholder satisfaction with completed product
    • Number of revisions to products in demonstrations

    Activity: Define metrics that align with your Agile business objectives

    2.3.2 1 Hour

    Input

    • Organizational business objectives from Phase 1

    Output

    • Metrics aligned to organizational business objectives

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. List the business objectives that you determined in 1.1.2.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of completing those business objectives, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your business objectives. While engaging in this process, ensure to document the collection method for each metrics.
    Business Objectives Expected Benefits Metrics
    Decrease time-to-market of product releases
    • Faster feedback from customers.
    • Increased customer satisfaction.
    • Competitive advantage.
    Decrease time-to-market of product releases
    • Alignment to organizational best practices.
    • Improved team productivity.
    • Greater collaboration across functional teams.
    • Policy and practice adherence and acknowledgement
    • Number of requests for ACE services
    • Number of suggestions to improve Agile best practices and ACE operations

    Activity: Define target ACE performance metrics

    2.3.3 1 Hour

    Input

    • Service offerings
    • Satisfaction surveys
    • Usage rates

    Output

    • CoE performance metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. Compare these to your team performance metrics.
    Service Offering Expected Benefits Metrics
    Knowledge management
    • Comprehensive knowledgebase that accommodates various company products and office locations.
    • Easily accessible resources.
    • Number of practices extracted from ACE and utilized
    • Frequency of updates to knowledgebase
    Tooling standards
    • Tools adhere to company policies, security guidelines, and regulations.
    • Improved support of tools and technologies.
    • Tools integrate and function well with enterprise systems.
    • Number of teams and functional groups using standardized tools
    • Number of supported standardized tools
    • Number of new tools added to the standards list
    • Number of tools removed from standards list

    Activity: Define Agile adoption metrics

    2.3.4 1 Hour

    Input

    • Agile adoption model

    Output

    • Agile adoption metrics
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. It is possible that you will need to adjust these metrics after baselines are established when you begin to operate the ACE. Keep this in mind moving forward.
    Adoption attributes Expected Benefits Metrics
    Team organization
    • Acquisition of the appropriate roles and skills to successfully deliver products.
    • Degree of flexibility to adjust team compositions on a per project basis
    Team coordination
    • Ability to successfully undertake large and complex projects involving multiple functional groups.
    • Number of ceremonies involving teams across functional groups
    Business alignment
    • Increased delivery of business value from process optimizations.
    • Number of business-objective metrics surpassing targets
    Coaching
    • Teams are regularly trained with new and better best practices.
    • Number of coaching and training requests
    Empowerment
    • Teams can easily and quickly modify processes to improve productivity without following a formal, rigorous process.
    • Number of implemented changes from team retrospectives
    Failure tolerance
    • Stakeholders trust teams will adjust when failures occur during a project.
    • Degree of stakeholder trust to address project issues quickly and effectively

    Activity: Consolidate your metrics for stakeholder impact

    2.3.5 30 Minutes

    Input

    • New and existing Agile metrics

    Output

    • Consolidated Agile metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Take all the metrics defined from the previous activities and compare them as a group.
    2. If there are overlapping metrics that are measuring similar outcomes or providing similar benefits, see if there is a way to merge them together so that a single metric can report outcomes to multiple stakeholders. This reduces the amount of resources invested in metrics gathering and helps to show consensus or alignment between multiple stakeholder interests.
    3. Compare these to your existing Agile metrics, and explore ways to consolidate existing metrics that are established with some of your new metrics. Established metrics are trusted and if they can be continued it can be viewed as beneficial from a consensus and consistency perspective to your stakeholders.

    Activity: Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value

    2.3.6 1 Hour

    Purpose

    The CoE governance team can use this tool to take ownership of the project’s benefits, track progress, and act on any necessary changes to address gaps. In the long term, it can be used to identify whether the team is ahead, on track, or lagging in terms of benefits realization.

    Steps

    1. Enter your identified metrics from the following activities into the ACE Benefits Tracking Tool.
    2. Input your baselines from your data collection (Phase 3) and a goal value for each metric.
    3. Document the results at key intervals as defined by the tool.
    4. Use the summary report to identify metrics that are not tracking well for root cause analysis and communicate with key stakeholders the outcomes of your Agile Center of Excellence based on your communication schedule from Phase 3, Step 3.

    INFO-TECH DELIVERABLE

    Download the ACE Benefits Tracking Tool.

    Checkpoint: Are you ready to operate your ACE?

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Self Auditing Guidelines

    • Have you categorized your ACE service offerings within Info-Tech’s Agile adoption model?
    • Have you formalized engagement plans to standardize the access to your service offerings?
    • Do you understand the function of learning events and their criticality to the function of the ACE?
    • Do you understand the key attributes of Agile adoption and how social capital leads to optimized value delivery?
    • Have you defined metrics for different goals (adoption, effective service offerings, business objectives) of the ACE?
    • Do your defined metrics align to the SMART framework?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Further categorize your use cases within the Agile adoption model

    Our analyst team will help you categorize the Centers of Excellence service offerings within Info-Tech’s Agile adoption model to help standardize the way your organization engages with the Center of Excellence.

    2.2.1 Create an engagement plan for each level of adoption

    Our analyst team will help you structure engagement plans for each role within your Agile environment to provide a standardized pathway to personal development and consistency in practice.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2 Define metrics that align with your Agile business objectives

    Our analysts will walk you through defining a set of metrics that align with your Agile business objectives identified in Phase 1 of the blueprint so the CoEs monitoring function can ensure ongoing alignment during operation.

    2.3.3 Define target ACE performance metrics

    Our analysts will walk you through defining a set of metrics that monitors how successful the ACE has been at providing its services so that business and IT stakeholders can ensure the effectiveness of the ACE.

    2.3.4 Define Agile adoption metrics

    Our analyst team will help you through defining a set of metrics that aligns with your organization’s fit of the Agile adoption model in order to provide a mechanism to track the progress of Agile teams maturing in capability and organizational trust.

    Phase 3

    Operationalize Your Agile Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Operate your ACE to drive optimized value from your Agile teams

    The final step is to engage in monitoring of your metrics program to identify areas for improvement. Using metrics as a driver for operating your ACE will allow you to identify and effectively manage needed change, as well as provide you with the data necessary to promote outcomes to your stakeholders to ensure the long-term viability of the ACE within your organization.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Operate the CoE

    Proposed Time to Completion (in weeks): Variable depending on communication plan

    Step 3.1: Optimize the success of your ACE

    Start with an analyst kick off call:

    • Conduct a baseline assessment of your Agile environment.

    Then complete these activities…

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Step 3.2: Plan change to enhance your Agile initiatives

    Start with an analyst kick off call:

    • Interface with the ACE with your change management function.

    Then complete these activities…

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues.

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Step 3.3: Conduct ongoing retrospectives of your ACE

    Finalize phase deliverable:

    • Build a communications deck for key stakeholders.

    Then complete these activities…

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Review the effectiveness of your service offerings.

    3.3.4 Evaluate your ACE Maturity.

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Phase 3 Results & Insights:

    Inject improvements into your Agile environment with operational excellence. Plan changes and communicate them effectively, monitor outcomes on a regular basis, and keep stakeholders in the loop to ensure that their interests are being looked after to ensure long-term viability of the CoE.

    Phase 3, Step 1: Optimize the success of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Tools:

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Outcomes:

    • Conduct a baseline assessment of your ACE to measure against using a variety of data sources, including interviews, satisfaction surveys, and historical data.
    • Use the Benefits Tracking Tool to start monitoring the outcomes of the ACE and to keep track of trends.

    Ensure the CoE is able to collect the necessary data to measure success

    Establish your collection process to ensure that the CoE has the necessary resources to collect metrics and monitor progress, that there is alignment on what data sources are to be used when collecting data, and that you know which stakeholder is interested in the outcomes of that metric.

    Responsibility

    • Does the CoE have enough manpower to collect the metrics and monitor them?
    • If automated through technology, is it clear who is responsible for its function?

    Source of metric

    • Is the method of data collection standardized so that multiple people could collect the data in the same way?

    Impacted stakeholder

    • Do you know which stakeholder is interested in this metric?
    • How often should the interested stakeholder be informed of progress?

    Intended function

    • What is the expected benefit of increasing this metric?
    • What does the metric intend to communicate to the stakeholder?

    Conduct a baseline assessment of your ACE to measure success

    Establishing the baseline performance of the ACE allows you to have a reasonable understanding of the impact it is having on meeting business objectives. Use user satisfaction surveys, stakeholder interviews, and any current metrics to establish a concept of how you are performing now. Setting new metrics can be a difficult task so it is important to collect as much current data as possible. After the metrics have been established and monitored for a period of time, you can revisit the targets you have set to ensure they are realistic and usable.

    Without a baseline, you cannot effectively:

    • Establish reasonable target metrics that reflect the performance of your Center of Excellence.
    • Identify, diagnose, and resolve any data that deviates from expected outcomes.
    • Measure ongoing business satisfaction given the level of service.

    Info-Tech Insight

    Invest the needed time to baseline your activities. These data points are critical to diagnose successes and failures of the CoE moving forward, and you will need them to be able to refine your service offerings as business conditions or user expectations change. While it may seem like something you can breeze past, the investment is critical.

    Use a variety of sources to get the best picture of your current state; a combination of methods provides the richest insight

    Interviews

    What to do:

    • Conduct interviews (or focus groups) with key influencers and Agile team members.

    Benefits:

    • Data comes from key business decision makers.
    • Identify what is top of mind for your top-level stakeholders.
    • Ask follow-up questions for detail.

    Challenges:

    • This will only provide a very high-level view.
    • Interviewer biases may skew the results.

    Surveys

    What to do:

    • Distribute an Agile-specific stakeholder satisfaction survey. The survey should be specific to identify factors of your current environment.

    Benefits:

    • Every end user/business stakeholder will be able to provide feedback.
    • The survey will be simple to develop and distribute.

    Challenges:

    • Response rates can be low if stakeholders do not understand the value in their opinions.

    Historical Data

    What to do:

    • Collect and analyze existing Agile data such as past retrospectives, Agile team metrics, etc.

    Benefits:

    • Get a full overview of current service offerings, past issues, and current service delivery.
    • Allows you to get an objective view of what is really going on within your Agile teams.

    Challenges:

    • Requires a significant time investment and analytical skills to analyze the data and generate insights on business satisfaction and needs.

    Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline

    3.1.1 Baseline satisfaction survey

    Purpose

    Conduct a user satisfaction survey prior to setting your baseline for your ACE. This will include high-level questions addressing your overall Agile environment and questions addressing teams’ current satisfaction with their processes and technology.

    Steps

    1. Modify the satisfaction survey template to suit your organization and the service offerings you have defined for the Agile Center of Excellence.
    2. Distribute the satisfaction survey to any users who are expected to interface with the ACE.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your current state.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE

    3.1.2 CoE maturity assessment

    Purpose

    Assessing your ACEs maturity lets you know where they currently are and what to track to get them to the next step. This will help ensure your ACE is following good practices and has the appropriate mechanisms in place to serve your stakeholders.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your maturity score.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your ACE maturity level.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Activity: Prioritize ACE actions by monitoring your metrics

    3.1.3 Variable time commitment

    Input

    • Metrics from ACE Benefits Tracking Tool

    Output

    • Prioritized actions for the ACE

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE team
    1. Review your ACE Benefits Tracking Tool periodically (at the end of sprint cycles, quarterly, etc.) and document metrics that are trending or actively falling short of goals or expectations.
    2. Take the documented list and have the ACE staff consider what actions or decisions can be prioritized to help mend the identified gaps. Look for any trends that could potentially speak to a larger problem or a specific aspect of the ACE or the organizational Agile environment that is not functioning as expected.
    3. Take the opportunity to review metrics that are also tracking above expected value to see if there are any lessons learned that can be extended to other ACE service offerings (e.g. effective engagement or communication strategies) so that the organization can start to learn what is effective and what is not based on their internal struggles and challenges. Spreading successes is just as important as identifying challenges in a CoE model.

    Phase 3, Step 2: Plan change to enhance your Agile initiatives

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Outcomes:

    • Understand how your existing change management process interfaces with the Center of Excellence.
    • Identify issues and ideate solutions to metrics falling short of expectations.
    • Create a communication plan to prepare groups for any necessary change.

    Manage the adaptation of teams as they adopt Agile capabilities

    As Agile spreads, be cognizant of your cultural tolerance to change and its ability to deliver on such change. Change will happen more frequently and continuously, and there may be conceptual (change tolerance) or capability (delivery tolerance) roadblocks along the way that will need to be addressed.

    The Agile adoption model will help to graduate both the tolerance to change and tolerance to deliver over time. As your level of competency to deliver change increases, organizational tolerance to change, especially amongst management, will increase as well. Remember that optimized value delivery comes from this careful balance of aptitude and trust.

    Tolerance to change

    Tolerance to change refers to the conceptual capacity of your people to consume and adopt change. Change tolerance may become a barrier to success because teams might be too engrained with current structures and processes and find any changes too disruptive and uncomfortable.

    Tolerance to deliver

    Tolerance to deliver refers to the capability to deliver on expected change. While teams may be tolerant, they may not have the necessary capacity, skills, or resources to deliver the necessary changes successfully. The ACE can help solve this problem with training and coaching, or possibly by obtaining outside help where necessary.

    Understand how the ACE interfaces with your current change management process

    As the ACE absorbs best practices and identifies areas for improvement, a change management process should be established to address the implementation and sustainability of change without introducing significant disruptions and costs.

    To manage a continuously changing environment, your ACE will need to align and coordinate with organizational change management processes. This process should be capable of evaluating and incorporating multiple change initiatives continuously.

    Desired changes will need to be validated, and localized adaptations will need to be disseminated to the larger organization, and current state policy and procedures will need to be amended as the adoption of Agile spreads and capabilities increase.

    The goal here is to have the ACE governance group identify and interface with parties relevant to successfully implementing any specific change.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Optimize Change Management

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Where should your Agile change requests come from?

    Changes to the services, structure, or engagement model of your ACE can be triggered from various sources in your organization. You will see that proposed changes may be requested with the best intentions; however, the potential impacts they may have to other areas of the organization can be significant. Consult all sources of ACE change requests to obtain a consensus that your change requests will not deteriorate the ACEs performance and use.

    ACE Governance

    • Sources of ACE Change Requests
      • ACE Policies/Stakeholders
        • Triggers for Change:
          • Changes in business and functional group objectives.
          • Dependencies and legacy policies and procedures.
      • ACE Customers
        • Triggers for Change:
          • Retrospectives and post-mortems.
          • Poor fit of best practices to projects.
      • Metrics
        • Triggers for Change:
          • Performance falling short of expectations.
          • Lack of alignment with changing objectives.
      • Tools and Technologies
        • Triggers for Change:
          • New or enhanced tools and technologies.
          • Changes in development and technology standards.

    Note: Each source of ACE change requests may require a different change management process to evaluate and implement the change.

    Activity: Assess the interaction and communication points of your Agile teams

    3.2.1 1.5 Hours

    Input

    • Understanding of team and organization structure

    Output

    • Current assessment of organizational design

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Identify everyone who is directly or indirectly involved in projects completed by Agile teams. This can include those that are:
    • Informed of a project’s progress.
    • Expected to interface with the Agile team for solution delivery (e.g. DevOps).
    • Impacted by the success of the delivered solutions.
    • Responsible for the removal of impediments faced by the Agile team.
  • Indicate how each role interacts with the others and how frequently these interactions occur for a typical project. Do this by drawing a diagram on a whiteboard using labelled arrows to indicate types and frequency of interactions.
  • Identify the possible communication, collaboration, and alignment challenges the team will face when working with other groups.
  • Agile Team n
    Group Type of Interaction Potential challenges
    Operations
    • Release management
    • Past challenges transitioning to DevOps.
    • Communication barrier as an impediment.
    PMO
    • Planning
    • Product owner not located with team in organization.
    • PMO still primarily waterfall; need Agile training/coaching

    Activity: Determine the root cause of each metric falling short of expectations

    3.2.2 30 Minutes per metric

    Input

    • Metrics from Benefits Tracking Tool

    Output

    • Root causes to issues

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE team
    1. Take each metric from the ACE Benefits Tracking Tool that is lagging behind or has missed expectations and conduct an analysis of why it is performing that way.
    2. Conduct individual webbing sessions to clarify the issues. The goal is to drive out the reasons why these issues are present or why scaling Agile may introduce additional challenges.
    3. Share and discuss these findings with the entire team.

    Example:

    • Lack of best-practice documentation
      • Why?
        • Knowledge siloed within teams
        • No centralized repository for best practices
          • Why?
            • No mechanisms to share between teams
              • Why? Root causes
                • Teams are not sharing localized adaptations
                • CoE is not effectively monitoring team communications
            • Access issues at team level to wiki
              • Why? Root causes
                • Administration issues with best-practice wiki
                • Lack of ACE visibility into wiki access

    Activity: Brainstorm solutions to identified issues

    3.2.3 30 Minutes per metric

    Input

    • Root causes of issues

    Output

    • Fixes and solutions to scaling Agile issues

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Using the results from your root-cause analysis, brainstorm potential solutions to the identified problems. Frame your brainstorming within the following perspectives: people, process, and technology. Map these solutions using the matrix below.
    2. Synthesize your ideas to create a consolidated list of initiatives.
      1. Highlight the solutions that can address multiple issues.
      2. Collaborate on how solutions can be consolidated into a single initiative.
    3. Write your synthesized solutions on sticky notes.
    SOLUTION CATEGORY
    People Process Technology
    ISSUES Poor face-to-face communication
    Lack of best-practice documentation

    Engage those teams affected by change early to ensure they are prepared

    Strategically managing change is an essential component to ensure that the ACE achieves its desired function. If the change that comes with adopting Agile best practices is going to impact other functions and change their expected workflows, ensure they are well prepared and the benefits for said changes are clearly communicated to them.

    Necessary change may be identified proactively (dependency assessments, system integrity, SME indicates need, etc.) or reactively (through retrospectives, discussions, completing root-cause analyses, etc.), but both types need to be handled the same way – through proper planning and communication with the affected parties.

    Plan any necessary change

    Understand the points where other groups will be affected by the adoption of Agile practices and recognize the potential challenges they may face. Plan changes to accommodate interactions between these groups without roadblocks or impediments.

    Communicate the change

    Structure a communication plan based on your identified challenges and proposed changes so that groups are well prepared to make the necessary adjustments to accommodate Agile workflows.

    Review and modify your metrics and baselines to ensure they are achievable in changing environments

    Consider the possible limitations that will exist from environmental complexities when measuring your Agile teams. Dependencies and legacy policies and procedures that pose a bottleneck to desired outcomes will need to be changed before teams can be measured justifiably. Take the time to ensure the metrics you crafted earlier are plausible in your current environment and there is not a need for transitional metrics.

    Are your metrics achievable?

    Specific

    Measureable

    Achievable

    • Adopting Agile is a journey, not just a destination. Ensure that the metrics a team is measured against reflect expectations for the team’s current level of Agile adoption and consider external dependencies that may limit their ability to achieve intended results.

    Realistic

    Time-bound

    Info-Tech Insight

    Use metrics as diagnostics, not as motivation. Teams will find ways to meet metrics they are measured by making sacrifices and taking unneeded risk to do so. To avoid dysfunction in your monitoring, use metrics as analytical tools to inform decision making, not as a yardstick for judgement.

    Activity: Review your metrics program

    3.2.4 Variable time commitment

    Input

    • Identified gaps
    • Agile team interaction points

    Output

    • ACE baselines
    • Past measurements

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE
    1. Now that you have identified gaps in your current state, see if those will have any impact on the achievability of your current metrics program.
    2. Review your root-cause analyses and brainstormed solutions, and hypothesize whether or not they will have any downstream impact to goal attainment. It is possible that there is no impact, but as cross-functional collaboration increases, the likelihood that groups will act as bottlenecks or impediments to expected performance will increase.
    3. Consider how any changes will impact the interaction points between teams based on the results from activity 3.2.1: Assess the interaction and communication points of your Agile teams. If there are too many negative impacts it may be a sign to re-consider the hypothesized solution to the problem and consider alternatives.
    4. In any cases where a metric has been altered, adjust its goal measurement to reflect its changes in the ACE Benefits Tracking Tool.

    Case study: Agile change at the GSA

    CASE STUDY

    Industry Government

    Source Navin Vembar, Agile Government Leadership

    Challenge

    The GSA is tasked with completed management of the Integrated Award Environment (IAE).

    • The IAE manages ten federal information technology systems that enable registering, searching, and applying for federal awards, as well as tracking them.
    • The IAE also manages the Federal Service Desk.

    The IAE staff had to find a way to break down the problem of modernization into manageable chunks that would demonstrate progress, but also had to be sure to capture a wide variety of user needs with the ability to respond to those needs throughout development.

    Had to work out the logistics of executing Agile change within the GSA, an agency that relies heavily on telework. In the case of modernization, they had a product owner in Florida while the development team was spread across the metro Washington, DC area.

    Solution

    Agile provided the ability to build incremental successes that allowed teams successful releases and built enthusiasm around the potential of adopting Agile practices offered.

    • GSA put in place an organization framework that allowed for planning of change at the portfolio level to enable the change necessary to allow for teams to execute tasks at the project level.
    • A four-year plan with incremental integration points allowed for larger changes on a quarterly basis while maintaining a bi-weekly sprint cycle.
    • They adopted IBM’s RTC tool for a Scrum board and on Adobe Connect for daily Scrum sessions to ensure transparency and effectiveness of outcomes across their collocated teams.

    Create a clear, concise communication plan

    Communication is key to avoid surprises and lost productivity created by the implementation of changes.

    User groups and the business need to be given sufficient notice of an impending change. Be concise, be comprehensive, and ensure that the message is reaching the right audience so that no one is blindsided and unable to deliver what is needed. This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.

    Key Aspects of a Communication Plan

    • The method of communication (email, meetings, workshops, etc.).
    • The delivery strategy (who will deliver the message?).
    • The communication responsibility structure.
    • The communication frequency.
    • A feedback mechanism that allows you to review the effectiveness of your plan.
    • The message that you need to present.

    Communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    (Cornelius & Associates, The Qualities of Leadership: Leading Change)

    Apply the following principles to enhance the clarity of your message

    1. Be Consistent
    • "This is important because..."
      • The core message must be consistent regardless of audience, channel, or medium.
      • Test your communication and obtain feedback before delivering your message.
      • A lack of consistency can be perceived as deception.
  • Be Clear
    • "This means..."
      • Say what you mean and mean what you say.
      • Choice of language is important.
      • Don’t use jargon.
  • Be Relevant
    • "This affects you because..."
      • Talk about what matters to the audience.
      • Talk about what matters to the change initiative.
      • Tailor the details of the message to each audience’s specific concerns.
      • Communicate truthfully; do not make false promises or hide bad news.
  • Be Concise
    • "In summary..."
      • Keep communication short and to the point so key messages are not lost in the noise.
  • Activity: Create a communication plan for change

    3.2.5 1.5 Hours

    Input

    • Desired messages
    • Stakeholder list

    Output

    • Communication plan

    Materials

    • Whiteboard
    • Markers

    Participants

    • CoE
    1. Define the audience(s) for your communications. Consider who needs to be the audience of your different communication events and how it will impact them.
    2. Identify who the messenger will be to deliver the message.
    3. Identify your communication methods. Decide on the methods you will use to deliver each communication event. Your delivery method may vary depending on the audience it is targeting.
    4. Establish a timeline for communication releases. Set dates for your communication events. This can be recurring (weekly, monthly, etc.) or one-time events.
    5. Determine what the content of the message must include. Use the guidelines on the following slide to ensure the message is concise and impactful.

    Note: It is important to establish a feedback mechanism to ensure that the communication has been effective in communicating the change to the intended audiences. This can be incorporated into your ACE satisfaction surveys.

    Audience Messenger Format Timing Message
    Operations Development team Email
    • Monthly (major release)
    • Ad hoc (minor release and fixes)
    Build ready for release
    Key stakeholders CIO Meeting
    • Monthly unless dictated otherwise
    Updates on outcomes from past two sprint cycles

    Phase 3, Step 3: Conduct ongoing retrospectives of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities/Tools:

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline.

    3.3.4 Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Outcomes:

    • Conduct a retrospective of your ACE to enable the continuous improvement of your Agile program.
    • Structure a communications deck to communicate with stakeholders the outcomes from introducing the ACE to the organization.

    Reflect on your ACEs performance to lead the way to enterprise agility

    After functioning for a period of time, it is imperative to review the function of your ACE to ensure its continual alignment and see in what ways it can improve.

    At the end of the year, take the time to deliberately review and discuss:

    1. The effectiveness and use of your ACEs service offerings.
    2. What went well or wrong during the ACEs operation.
    3. What can be done differently to improve reach, usability, and effectiveness.
    4. Bring together Agile teams and discuss the processes they follow and inquire about suggestions for improvement.

    What is involved?

    • Use your metrics program to diagnose areas of issue and success. The diagnostic value of your metrics can help lead conversations with your Agile teams when attempting to inquire about suggestions for improvement.
    • Leverage your satisfaction surveys from the creation of your ACE and compare them against satisfaction surveys run after a year of operation. What are the lessons learned between then and now?
    • While it is primarily conducted by the ACE team, keep in mind it is a collaborative function and should involve all members, including Agile teams, product owners, Scrum masters, etc.

    Communicating with your key influencers is vital to ensure long-term operation of the ACE

    To ensure the long-term viability of your ACE and that your key influencers will continue funding, you need to demonstrate the ROI the Center of Excellence has provided.

    The overlying purpose of your ACE is to effectively align your Agile teams with corporate objectives. This means that there have to be communicable benefits that point to the effort and resources invested being valuable to the organization. Re-visit your prioritized stakeholder list and get ready to show them the impact the ACE has had on business outcomes.

    Communication with stakeholders is the primary method of building and developing a lasting relationship. Correct messaging can build bridges and tear down barriers, as well as soften opposition and bolster support.

    This section will help you to prepare an effective communication piece that summarizes the metrics stakeholders are interested in, as well as some success stories or benefits that are not communicable through metrics to provide extra context to ongoing successes of the ACE.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Manage Stakeholder Relations

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Involve key stakeholders in your retrospectives to justify the funding for your ACE

    Those who fund the ACE have a large influence on the long-term success of your ACE. If you have not yet involved your stakeholders, you need to re-visit your organizational funding model for the ACE and ensure that your key stakeholders include the key decision makers for your funding. While they may have varying levels of interest and desires for granularity of data reporting, they need to at least be informed on a high level and kept as champions of the ACE so that there are no roadblocks to the long-term viability of this program.

    Keep this in mind as the ACE begins to demonstrate success, as it is not uncommon to have additional members added to your funding model as your service scales, especially in the chargeback models.

    As new key influencers are included, the ACEs governing group must ensure that collective interests may align and that more priorities don’t lead to derailment.

    The image shows a matrix. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort. In the matric, there are several roles shown, with roles such as CFO, Apps Director, Funding Group, and CIO highlighted in the Key players section.

    Use the outputs from your metrics tracking tool to communicate progress

    3.3.1 1 Hour

    Use the ACE Benefits Tracking Tool to track the progress of your Agile environment to monitor whether or not the ACE is having a positive impact on the business’ ability to meet its objectives. The outputs will allow you to communicate incremental benefits that have been realized and point towards positive trends that will ensure the long-term buy-in of your key influencers.

    For communication purposes, use this tool to:

    • Re-visit who the impacted or interested stakeholders are so you can tailor your communications to be as impactful as possible for each key influencer of the ACE.

    The image shows a screen capture of the Agile CoE Metrics Tracking sheet.

    • Collate the benefits of the current projects undertaken by the Center of Excellence to give an overall recap of the ACEs impact.

    The image is a screen capture of the Summary Report sheet.

    Communicate where the ACE fell short

    Part of communicating the effectiveness of your ACE is to demonstrate that it is able to remedy projects and processes when they fall short of expectations and brainstorm solutions that effectively address these challenges. Take the opportunity to summarize where results were not as expected, and the ways in which the ACE used its influence or services to drive a positive outcome from a problem diagnosis. Stakeholders do not want a sugar-coated story – they want to see tangible results based on real scenarios.

    Summarizing failures will demonstrate to key influencers that:

    • You are not cherry-picking positive metrics to report and that the ACE faced challenges that it was able to overcome to drive positive business outcomes.
    • You are being transparent with the successes and challenges faced by the ACE, fostering increased trust within your stakeholders regarding the capabilities of Agile.
    • Resolution mechanisms are working as intended, successfully building failure tolerance and trust in change management policies and procedures.

    Activity: Summarize adjustments in areas where the ACE fell short

    3.3.2 15 Minutes per metric

    Input

    • Diagnosed problems from tracking tool
    • Root-cause analyses

    Output

    • Summary of change management successes

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE
    1. Create a list of items from the ACE Benefits Tracking Tool that fell short of expectations or set goals.
    2. For each point, create a brief synopsis of the root-cause analysis completed and summarize the brainstormed solution and its success in remedying the issue. If this process is not complete, create a to-date summary of any progress.
    3. Choose two to three pointed success stories from this list that will communicate broad success to your set of stakeholders.
    Name of metric that fell short
    Baseline measurement 65% of users satisfied with ACE services.
    Goal measurement 80% of users satisfied with ACE services.
    Actual measurement 70% of users satisfied with ACE services.
    Results of root-cause analysis Onboarding was not extensive enough; teams were unaware of some of the services offered, rendering them unsatisfied.
    Proposed solution Revamp onboarding process to include capability map of service offered.
    Summary of success TBD

    Re-conduct surveys with the ACE Satisfaction Survey to review the effectiveness of your service offerings

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline

    Purpose

    This satisfaction survey will give you a template to follow to monitor the effectiveness of your ACEs defined service offerings. The goal is to understand what worked, and what did not, so you can add, retract, or modify service offerings where necessary.

    Steps

    1. Re-use the satisfaction survey to measure the effectiveness of the service offerings. Add questions regarding specific service offerings where necessary.
    2. Cross-analyze your satisfaction survey with metrics tied to your service offerings to help understand the root cause of the issues.
    3. Use the root-cause analysis exercises from step 3.2 to find the root causes of issues.
    4. Create a set of recommendations to add, amend, or improve any existing service offerings.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.4 ACE Maturity Assessment

    Purpose

    Assess your ACEs maturity by using Info-Tech’s CoE Maturity Diagnostic Tool. Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements. Note that your optimal Maturity Level will depend on organizational specifics (e.g. a small organization with a handful of Agile Teams can be less mature than a large organization with hundreds of Agile Teams).

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders

    3.3.5 Structure communications to each of your key stakeholders

    Purpose

    The ACE Communications Deck will give you a template to follow to effectively communicate with your stakeholders and ensure the long-term viability of your Agile Center of Excellence. Fill in the slides as instructed and provide each stakeholder with a targeted view of the successes of the ACE.

    Steps

    1. Determine who your target audience is for the Communications Deck – you may desire to create one for each of your key stakeholders as they may have different sets of interests.
    2. Fill out the ACE Communications Deck with the suggested inputs from the exercises you have completed during this research set.
    3. Review communications with members of the ACE to ensure that there are no communicable benefits that have been missed or omitted in the deck.

    INFO-TECH DELIVERABLE

    Download the ACE Communications Deck.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of social capital as the key driver for organizational Agile success, and how it optimizes the value delivery of your Agile teams.
    • Importance of flexible governance to balance the benefits of localized adaptation and centralized control.
    • Alignment of service offerings with both business objectives and functional expectations as critical to ensuring long-term engagement with service offerings.

    Processes Optimized

    • Knowledge management and transfer of Agile best practices to new or existing Agile teams.
    • Optimization of service offerings for Agile teams based on organizational culture and objectives.
    • Change request optimization via interfacing ACE functions with existing change management processes.
    • Communication planning to ensure transparency during cross-functional collaboration.

    Deliverables Completed

    • A set of service offerings offered by the Center of Excellence that are aligned with the business, Agile teams, and related stakeholders.
    • Engagement plans for Agile team members based on a standardized adoption model to access the ACEs service offerings.
    • A suite of Agile metrics to measure effectiveness of Agile teams, the ACE itself, and its ability to deliver positive outcomes.
    • A communications plan to help create cross-functional transparency over pending changes as Agile spreads.
    • A communications deck to communicate Agile goals, actions, and outcomes to key stakeholders to ensure long-term viability of the CoE.

    Research contributors and experts

    Paul Blaney, Technology Delivery Executive, Thought Leader and passionate Agile Advocate

    Paul has been an Agile practitioner since the manifesto emerged some 20 years ago, applying and refining his views through real life experience at several organizations from startups to large enterprises. He has recently completed the successful build out of the inaugural Agile Delivery Centre of Excellence at TD bank in Toronto.

    John Munro, President Scrum Masters Inc.

    John Munro is the President of Scrum Masters Inc., a software optimization professional services firm using Agile, Scrum, and Lean to help North American firms “up skill” their software delivery people and processes. Scrum Masters’ unique, highly collaborative “Master Mind” consulting model leverages Agile/Lean experts on a biweekly basis to solve clients’ technical and process challenges.

    Doug Birgfeld, Senior Partner Agile Wave

    Doug has been a leader in building great teams, Agile project management, and business process innovation for over 20 years. As Senior Partner and Chief Evangelist at Agile Wave, his mission is to educate and to learn from all those who care about effective government delivery, nationally.

    Related Info-Tech research

    Implement Agile Practices That Work

    Agile is a cultural shift. Don't just do Agile, be Agile.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Implement DevOps Practices That Work

    Accelerate software deployment through Dev and Ops collaboration.

    Related Info-Tech research (continued)

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.

    Optimize the Change Management Process

    Right-size your change management process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Bibliography

    Ambler, Scott. “Agile Requirements Change Management.” Agile Modeling. Scott Amber + Associates, 2014. Web. 12 Apr. 2016.

    Ambler, Scott. “Center of Excellence (CoEs).” Disciplined Agile 2.0: A Process Decision Framework for Enterprise I.T. Scott Amber + Associates. Web. 01 Apr. 2016.

    Ambler, Scott. “Transforming From Traditional to Disciplined Agile Delivery.” Case Study: Disciplined Agile Delivery Adoption. Scott Amber + Associates, 2013. Web.

    Beers, Rick. “IT – Business Alignment Why We Stumble and the Path Forward.” Oracle Corporation, July 2013. Web.

    Cornelius & Associates. “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.

    Craig, William et al. “Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report.” Carnegie Mellon University Research Showcase @ CMU – Software Engineering Institute. Dec. 2009. Web. 20 Apr. 2016.

    Forsgren, Dr. Nicole et al (2019), Accelerate: State of DevOps 2019, Google, https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

    Gerardi, Bart (2017), Agile Centers of Excellence, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/405819/Agile-Centers-of-Excellence

    Gerardi, Bart (2017), Champions of Agile Adoption, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/418151/Champions-of-Agile-Adoption

    Gerardi, Bart (2017), The Roles of an Agile COE, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/413346/The-Roles-of-an-Agile-COE

    Hohl, P. et al. “Back to the future: origins and directions of the ‘Agile Manifesto’ – views of the originators.” Journal of Software Engineering Research and Development, vol. 6, no. 15, 2018. https://link.springer.com/article/10.1186/s40411-0...

    Kaltenecker, Sigi and Hundermark, Peter. “What Are Self-Organising Teams?” InfoQ. 18 July 2014. Web. 14 Apr. 2016.

    Kniberg, Henrik and Anderson Ivarsson. “Scaling Agile @ Spotify with Tribes, Squads, Chapters & Guilds.” Oct. 2012. Web. 30 Apr. 2016.

    Kumar, Alok et al. “Enterprise Agile Adoption: Challenges and Considerations.” Scrum Alliance. 30 Oct. 2014. Web. 30 May 2016.

    Levison, Mark. “Questioning Servant Leadership.” InfoQ, 4 Sept. 2008. Web. https://www.infoq.com/news/2008/09/servant_leadership/

    Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.

    Loxton, Matthew (June 1, 2011), CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    McDowell, Robert, and Bill Simon. In Search of Business Value: Ensuring a Return on Your Technology Investment. SelectBooks, 2010

    Novak, Cathy. “Case Study: Agile Government and the State of Maine.” Agile Government Leadership, n.d. Web.

    Pal, Nirmal and Daniel Pantaleo. “Services are the Language and Building Blocks of an Agile Enterprise.” The Agile Enterprise: Reinventing your Organization for Success in an On-Demand World. 6 Dec. 2015. Springer Science & Business Media.

    Rigby, Darrell K. et al (2018), Agile at Scale, Harvard Business Review, https://hbr.org/2018/05/agile-at-scale

    Scaledagileframework.com, Create a Lean-Agile Center of Excellence, Scaled Agile, Inc, https://www.scaledagileframework.com/lace/

    Shepley, Joe. “8 reasons COEs fail (Part 2).” Agile Ramblings, 22 Feb. 2010. https://joeshepley.com/2010/02/22/8-reasons-coes-fail-part-2/

    Stafford, Jan. “How upper management misconceptions foster Agile failures.” TechTarget. Web. 07 Mar. 2016.

    Taulli, Tom (2020), RPA Center Of Excellence (CoE): What You Need To Know For Success, Forbes.com, https://www.forbes.com/sites/tomtaulli/2020/01/25/rpa-center-of-excellence-coe-what-you-need-to-know-for-success/#24364620287a

    Telang, Mukta. “The CMMI Agile Adoption Model.” ScrumAlliance. 29 May 2015. Web. 15 Apr. 2016.

    VersionOne. “13th Annual State of Agile Report.” VersionOne. 2019. Web.

    Vembar, Navin. “Case Study: Agile Government and the General Services Administration (Integrated Award Environment).” Agile Government Leadership, n.d. Web.

    Wenger, E., R. A. McDermott, et al. (2002), Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    Wenger, E., White, N., Smith, J.D. Digital Habitats; Stewarding Technology for Communities. Cpsquare (2009).

    Create a Right-Sized Enterprise Architecture Governance Framework

    • Buy Link or Shortcode: {j2store}582|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • EA governance is perceived as an unnecessary layer of bureaucracy because business benefits are poorly communicated.
    • The organization doesn’t have a formalized EA practice.
    • Where an EA practice exists, employees are unsure of EA’s roles and responsibilities.

    Our Advice

    Critical Insight

    • Enterprise architecture is not a technical function – it should be business-value driven and forward looking, positioning organizational assets in favor of long-term strategy rather than short-term tactics.

    Impact and Result

    • Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
    • Right-sized. Re-use existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
    • Defined and measured process. Define metrics to measure EA’s performance and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
    • Strike the right balance. Adopt architecture principles that strikes the right balance between business and technology.

    Create a Right-Sized Enterprise Architecture Governance Framework Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to find out how implementing a successful enterprise architecture governance framework can benefit your organization.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Current State of EA Governance

    Identify the organization’s standing in terms of the enterprise architecture practice, and know the gaps and what the EA practice needs to fulfill to create a good governance framework.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 1: Current State of EA Governance
    • EA Capability – Risk and Complexity Assessment Tool
    • EA Governance Assessment Tool

    2. EA Fundamentals

    Understand the EA fundamentals and then refresh them to better align the EA practice with the organization and create business benefit.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 2: EA Fundamentals
    • EA Vision and Mission Template
    • EA Goals and Measures Template
    • EA Principles Template

    3. Engagement Model

    Analyze the IT operating model and identify EA’s role at each stage; refine it to promote effective EA engagement upfront in the early stages of the IT operating model.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 3: Engagement Model
    • EA Engagement Model Template

    4. EA Governing Bodies

    Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies, and creating an architecture review process.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 4: EA Governing Bodies
    • Architecture Board Charter Template
    • Architecture Review Process Template

    5. EA Policy

    Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 5: EA Policy
    • EA Policy Template
    • EA Assessment Checklist Template
    • EA Compliance Waiver Process Template
    • EA Compliance Waiver Form Template

    6. Architectural Standards

    Define architecture standards to facilitate information exchange, improve collaboration, and provide stability. Develop a process to update the architectural standards to ensure relevancy and promote process transparency.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 6: Architectural Standards
    • Architecture Standards Update Process Template

    7. Communication Plan

    Craft a plan to engage the relevant stakeholders, ascertain the benefits of the initiative, and identify the various communication methods in order to maximize the chances of success.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 7: Communication Plan
    • EA Governance Communication Plan Template
    • EA Governance Framework Template
    [infographic]

    Workshop: Create a Right-Sized Enterprise Architecture Governance Framework

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Current State of EA governance (Pre-workshop)

    The Purpose

    Conduct stakeholder interviews to understand current state of EA practice and prioritize gaps for EA governance based on organizational complexity.

    Key Benefits Achieved

    Prioritized list of actions to arrive at the target state based on the complexity of the organization

    Activities

    1.1 Determine organizational complexity.

    1.2 Conduct an assessment of the EA governance components.

    1.3 Identify and prioritize gaps.

    1.4 Conduct senior management interviews.

    Outputs

    Organizational complexity score

    EA governance current state and prioritized list of EA governance component gaps

    Stakeholder perception of the EA practice

    2 EA Fundamentals and Engagement Model

    The Purpose

    Refine EA fundamentals to align the EA practice with the organization and identify EA touchpoints to provide guidance for projects.

    Key Benefits Achieved

    Alignment of EA goals and objectives with the goals and objectives of the organization

    Early involvement of EA in the IT operating model

    Activities

    2.1 Review the output of the organizational complexity and EA assessment tools.

    2.2 Craft the EA vision and mission.

    2.3 Develop the EA principles.

    2.4 Identify the EA goals.

    2.5 Identify EA engagement touchpoints within the IT operating model.

    Outputs

    EA vision and mission statement

    EA principles

    EA goals and measures

    Identified EA engagement touchpoints and EA level of involvement

    3 EA Governing Bodies

    The Purpose

    Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies and creating an architecture review process.

    Key Benefits Achieved

    Business benefits are maximized and solution design is within the options set forth by the architectural reference models while no additional layers of bureaucracy are introduced

    Activities

    3.1 Identify the number of governing bodies.

    3.2 Define the game plan to initialize the governing bodies.

    3.3 Define the architecture review process.

    Outputs

    Architecture board structure and coverage

    Identified architecture review template

    4 EA Policy

    The Purpose

    Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.

    Key Benefits Achieved

    Improved architecture compliance, which ties investments to business value and provides guidance to architecture practitioners

    Activities

    4.1 Define the scope.

    4.2 Identify the target audience.

    4.3 Determine the inclusion and exclusion criteria.

    4.4 Craft an assessment checklist.

    Outputs

    Defined scope

    Inclusion and exclusion criteria for project review

    Architecture assessment checklist

    5 Architectural Standards and Communication Plan

    The Purpose

    Define architecture standards to facilitate information exchange, improve collaboration, and provide stability.

    Craft a communication plan to implement the new EA governance framework in order to maximize the chances of success.

    Key Benefits Achieved

    Consistent development of architecture, increased information exchange between stakeholders

    Improved process transparency

    Improved stakeholder engagement

    Activities

    5.1 Identify and standardize EA work products.

    5.2 Classifying the architectural standards.

    5.3 Identifying the custodian of standards.

    5.4 Update the standards.

    5.5 List the changes identified in the EA governance initiative

    5.6 Create a communication plan.

    Outputs

    Identified set of EA work products to standardize

    Architecture information taxonomy

    Identified set of custodian of standards

    Standard update process

    List of EA governance initiatives

    Communication plan for EA governance initiatives

    Further reading

    Create a Right-Sized Enterprise Architecture Governance Framework

    Focus on process standardization, repeatability, and sustainability.

    ANALYST PERSPECTIVE

    "Enterprise architecture is not a technology concept, rather it is the foundation on which businesses orient themselves to create and capture value in the marketplace. Designing architecture is not a simple task and creating organizations for the future requires forward thinking and rigorous planning.

    Architecture processes that are supposed to help facilitate discussions and drive option analysis are often seen as an unnecessary overhead. The negative perception is due to enterprise architecture groups being overly prescriptive rather than providing a set of options that guide and constrain solutions at the same time.

    EA groups should do away with the direct and control mindset and change to a collaborate and mentor mindset. As part of the architecture governance, EA teams should provide an option set that constrains design choices, and also be open to changes to standards or best practices. "

    Gopi Bheemavarapu, Sr. Manager, CIO Advisory Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    This Research Will Help You:

    • Understand the importance of enterprise architecture (EA) governance and how to apply it to guide architectural decisions.
    • Enhance your understanding of the organization’s current EA governance and identify areas for improvement.
    • Optimize your EA engagement model to maximize value creation.
    • Learn how to set up the optimal number of governance bodies in order to avoid bureaucratizing the organization.

    This Research Will Also Assist:

    • Business Relationship Managers
    • Business Analysts
    • IT Managers
    • Project Managers
    • IT Analysts
    • Quality Assurance Leads
    • Software Developers

    This Research Will Help Them:

    • Give an overview of enterprise architecture governance
    • Clarity on the role of enterprise architecture team

    Executive summary

    Situation

    • Deployed solutions do not meet business objectives resulting in expensive and extensive rework.
    • Each department acts independently without any regular EA touchpoints.
    • Organizations practice project-level architecture as opposed to enterprise architecture.

    Complication

    • EA governance is perceived as an unnecessary layer of bureaucracy because business benefits are poorly communicated.
    • The organization doesn’t have a formalized EA practice.
    • Where an EA practice exists, employees are unsure of EA’s roles and responsibilities.

    Resolution

    • Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
    • Right-sized. Re-use existing process checkpoints, rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
    • Defined and measured process. Define metrics to measure EA’s performance and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
    • Strike the right balance. Adopt architecture principles that strikes the right balance between business and technology imperatives.

    Info-Tech Insight

    Enterprise architecture is critical to ensuring that an organization has the solid IT foundation it needs to efficiently enable the achievement of its current and future strategic goals rather than focusing on short-term tactical gains.

    What is enterprise architecture governance?

    An architecture governance process is the set of activities an organization executes to ensure that decisions are made and accountability is enforced during the execution of its architecture strategy. (Hopkins, “The Essential EA Toolkit.”)

    EA governance includes the following:

    • Implement a system of controls over the creation and monitoring of all architectural components.
    • Ensure effective introduction, implementation, and evolution of architectures within the organization.
    • Implement a system to ensure compliance with internal and external standards and regulatory obligations.
    • Develop practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization.

    (TOGAF)

    IT governance sets direction through prioritization and decision making, and monitors overall IT performance.

    The image shows a circle set within a larger circle. The inner circle is connected to the bottom of the larger circle. The inner circle is labelled EA Governance and the larger circle is labelled IT Governance.

    EA governance ensures that optimal architectural design choices are being made that focus on long-term value creation.

    Harness the benefits of an optimized EA governance

    Core benefits of EA governance are seen through:

    Value creation

    Effective EA governance ensures alignment between organizational investments and corporate strategic goals and objectives.

    Cost reduction

    Architecture standards provide guidance to identify opportunities for reuse and eliminate redundancies in an organization.

    Risk optimization

    Architecture review processes and assessment checklists ensure that solutions are within the acceptable risk levels of the organization.

    EA governance is difficult to structure appropriately, but having an effective structure will allow you to:

    • Achieve business strategy through faster time-to-market innovations and capabilities.
    • Reduced transaction costs with more consistent business processes and information across business units.
    • Lower IT costs due to better traceability, faster design, and lower risk.
    • Link IT investments to organizational strategies and objectives
    • Integrate and institutionalizes IT best practices.
    • Enable the organization to take full advantage of its information, infrastructure, and hardware and software assets.
    • Support regulatory as well as best practice requirements such as auditability, security, responsibility, and accountability.

    Organizations that have implemented EA governance realize greater benefits from their EA programs

    Modern day CIOs of high-performing organizations use EA as a strategic planning discipline to improve business-IT alignment, enable innovation, and link business and IT strategies to execution.

    Recent Info-Tech research found that organizations that establish EA governance realize greater benefits from their EA initiatives.

    The image shows a bar graph, with Impact from EA on the Y-axis, and different initiatives listed on the X-axis. Each initiative has two bars connected to it, with a blue bar representing answers of No and the grey bar representing answers of Yes.

    (Info-Tech Research Group, N=89)

    Measure EA governance implementation effectiveness

    Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an “enabler” of business outcomes to senior executives.

    EA performance measures (lead, operational) EA value measures (lag)
    Application of EA management process EA’s contribution to IT performance EA’s contribution to business value

    Enterprise Architecture Management

    • Number of months since the last review of target state EA blueprints.

    IT Investment Portfolio Management

    • Percentage of projects that were identified and proposed by EA.

    Solution Development

    • Number of projects that passed EA reviews.
    • Number of building blocks reused.

    Operations Management

    • Reduction in the number of applications with overlapping functionality.

    Business Value

    • Lower non-discretionary IT spend.
    • Decreased time to production.
    • Higher satisfaction of IT-enabled services.

    An insurance provider adopts a value-focused, right-sized EA governance program

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    The insurance sector has been undergoing major changes, and as a reaction, businesses within the sector have been embracing technology to provide innovative solutions.

    The head of EA in a major insurance provider (henceforth to be referred to as “INSPRO01”) was given the mandate to ensure that solutions are architected right the first time to maximize reuse and reduce technology debt. The EA group was at a critical point – to demonstrate business value or become irrelevant.

    Complication

    The project management office had been accountable for solution architecture and had placed emphasis on short-term project cost savings at the expense of long term durability.

    There was a lack of awareness of the Enterprise Architecture group within INSPRO01, and people misunderstood the roles and responsibilities of the EA team.

    Result

    Info-Tech helped define the responsibilities of the EA team and clarify the differences between the role of a Solution Architect vs. Enterprise Architect.

    The EA team was able to make the case for change in the project management practices to ensure architectures are reviewed and approved prior to implementation.

    As a result, INSPRO01 saw substantial increases in reuse opportunities and thereby derived more value from its technology investments.

    Success factors for EA governance

    The success of any EA governance initiative revolves around adopting best practices, setting up repeatable processes, and establishing appropriate controls.

    1. Develop best practices for managing architecture policies, procedures, roles, skills, and organizational structures.
    2. Establish organizational responsibilities and structures to support the architecture governance processes.
    3. Management of criteria for the control of the architecture governance processes, dispensations, compliance assessments, and SLAs.

    Info-Tech’s approach to EA governance

    Our best-practice approach is grounded in TOGAF and enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.

    Right-sized. Insert EA governance into existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.

    Measured. Define metrics to measure EA’s performance, and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.

    Balanced. Adopt architecture principles that strikes the right balance between business and technology.

    Info-Tech’s EA governance framework

    Info-Tech’s architectural governance framework provides a value-focused, right-sized approach with a strong emphasis on process standardization, repeatability, and sustainability.

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    Use Info-Tech’s templates to complete this project

    1. Current state of EA governance
      • EA Capability - Risk and Complexity Assessment Tool
      • EA Governance Assessment Tool
    2. EA fundamentals
      • EA Vision and Mission Template
      • EA Goals and Measures Template
      • EA Principles Template
    3. Engagement model
      • EA Engagement Model Template
    4. EA governing bodies
      • Architecture Board Charter Template
      • Architecture Review Process Template
    5. EA policy
      • EA Policy Template
      • Architecture Assessment Checklist Template
      • Compliance Waiver Process Template
      • Compliance Waiver Form Template
    6. Architectural standards
      • Architecture Standards Update Process Template
    7. Communication Plan
      • EA Governance Communication Plan Template
      • EA Governance Framework Template

    As you move through the project, capture your progress with a summary in the EA Governance Framework Template.

    Download the EA Governance Framework Template document for use throughout this project.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    EA governance framework – phase-by-phase outline (1/2)

    Current state of EA governance EA Fundamentals Engagement Model EA Governing Bodies
    Best-Practice Toolkit

    1.1 Determine organizational complexity

    1.2 Conduct an assessment of the EA governance components

    1.3 Identify and prioritize gaps

    2.1 Craft the EA vision and mission

    2.2 Develop the EA principles

    2.3 Identify the EA goals

    3.1 Build the case for EA engagement

    3.2 Identify engagement touchpoints within the IT operating model

    4.1 Identify the number of governing bodies

    4.2 Define the game plan to initialize the governing bodies

    4.3 Define the architecture review process

    Guided Implementations
    • Determine organizational complexity
    • Assess current state of EA governance
    • Develop the EA fundamentals
    • Review the EA fundamentals
    • Review the current IT operating model
    • Determine the target engagement model
    • Identify architecture boards and develop charters
    • Develop an architecture review process

    Phase 1 Results:

    • EA Capability - risk and complexity assessment
    • EA governance assessment

    Phase 2 Results:

    • EA vision and mission
    • EA goals and measures
    • EA principles

    Phase 3 Results:

    • EA engagement model

    Phase 4 Results:

    • Architecture board charter
    • Architecture review process

    EA governance framework – phase-by-phase outline (2/2)

    EA Policy Architectural Standards Communication Plan
    Best-Practice Toolkit

    5.1 Define the scope of EA policy

    5.2 Identify the target audience

    5.3 Determine the inclusion and exclusion criteria

    5.4 Craft an assessment checklist

    6.1 Identify and standardize EA work products

    6.2 Classify the architectural standards

    6.3 Identify the custodian of standards

    6.4 Update the standards

    7.1 List the changes identified in the EA governance initiative

    7.2 Identify stakeholders

    7.3 Create a communication plan

    Guided Implementations
    • EA policy, assessment checklists, and decision types
    • Compliance waivers
    • Understand architectural standards
    • EA repository and updating the standards
    • Create a communication plan
    • Review the communication plan

    Phase 5 Results:

    • EA policy
    • Architecture assessment checklist
    • Compliance waiver process
    • Compliance waiver form

    Phase 6 Results:

    • Architecture standards update process

    Phase 7 Results:

    • Communication plan
    • EA governance framework

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-workshopWorkshop Day 1Workshop Day 2Workshop Day 3Workshop Day 4
    ActivitiesCurrent state of EA governance EA fundamentals and engagement model EA governing bodies EA policy Architectural standards and

    communication plan

    1.1 Determine organizational complexity

    1.2 Conduct an assessment of the EA governance components

    1.3 Identify and prioritize gaps

    1.4 Senior management interviews

    1. Review the output of the organizational complexity and EA assessment tools
    2. Craft the EA vision and mission
    3. Develop the EA principles.
    4. Identify the EA goals
    5. Identify EA engagement touchpoints within the IT operating model
    1. Identify the number of governing bodies
    2. Define the game plan to initialize the governing bodies
    3. Define the architecture review process
    1. Define the scope
    2. Identify the target audience
    3. Determine the inclusion and exclusion criteria
    4. Craft an assessment checklist
    1. Identify and standardize EA work products
    2. Classifying the architectural standards
    3. Identifying the custodian of standards
    4. Updating the standards
    5. List the changes identified in the EA governance initiative
    6. Identify stakeholders
    7. Create a communication plan
    Deliverables
    1. EA Capability - risk and complexity assessment tool
    2. EA governance assessment tool
    1. EA vision and mission template
    2. EA goals and measures template
    3. EA principles template
    4. EA engagement model template
    1. Architecture board charter template
    2. Architecture review process template
    1. EA policy template
    2. Architecture assessment checklist template
    3. Compliance waiver process template
    4. Compliance waiver form template
    1. Architecture standards update process template
    2. Communication plan template

    Phase 1

    Current State of EA Governance

    Create a Right-Sized Enterprise Architecture Governance Framework

    Current State of EA Governance

    1. Current State of EA Governance
    2. EA Fundamentals
    3. Engagement Model
    4. EA Governing Bodies
    5. EA Policy
    6. Architectural Standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Determine organizational complexity
    • Conduct an assessment of the EA governance components
    • Identify and prioritize gaps

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Prioritized list of gaps

    Info-Tech Insight

    Correlation is not causation – an apparent problem might be a symptom rather than a cause. Assess the organization’s current EA governance to discover the root cause and go beyond the symptoms.

    Phase 1 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Current State of EA Governance

    Proposed Time to Completion: 2 weeks

    Step 1.1: Determine organizational complexity

    Start with an analyst kick-off call:

    • Discuss how to use Info-Tech’s EA Capability – Risk and Complexity Assessment Tool.
    • Discuss how to complete the inputs on the EA Governance Assessment Tool.

    Then complete these activities…

    • Conduct an assessment of your organization to determine its complexity.
    • Assess the state of EA governance within your organization.

    With these tools & templates:

    • EA Capability – Risk and Complexity Assessment Tool
    • EA Governance Assessment Tool

    Step 1.2: Assess current state of EA governance

    Start with an analyst kick-off call:

    • Review the output of the EA governance assessment and gather feedback on your goals for the EA practice.

    Then complete these activities…

    • Discuss whether you are ready to proceed with the project.
    • Review the list of tasks and plan your next steps.

    With these tools & templates:

    • EA Governance Assessment Tool

    Right-size EA governance based on organizational complexity

    Determining organizational complexity is not rocket science. Use Info-Tech’s tool to quantify the complexity and use it, along with common sense, to determine the appropriate level of architecture governance.

    Info-Tech’s methodology uses six factors to determine the complexity of the organization:

    1. The size of the organization, which can often be denoted by the revenue, headcount, number of applications in use, and geographical diversity.
    2. The solution alignment factor helps indicate the degree to which various projects map to the organization’s strategy.
    3. The size and complexity of the IT infrastructure and networks.
    4. The portfolio of applications maintained by the IT organization.
    5. Key changes within the organization such as M&A, regulatory changes, or a change in business or technology leadership.
    6. Other negative influences that can adversely affect the organization.

    Determine your organization’s level of complexity

    1.1 2 hours

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Capability section highlighted.

    Step 1 - Facilitate

    Download the EA Capability – Risk and Complexity Assessment Tool to facilitate a session on determining your organization’s complexity.

    Download EA Organizational - Risk and Complexity Assessment Tool

    Step 2 - Summarize

    Summarize the results in the EA governance framework document.

    Update the EA Governance Framework Template

    Understand the components of effective EA governance

    EA governance is multi-faceted and it facilitates effective use of resources to meet organizational strategic objectives through well-defined structural elements.

    EA Governance

    • Fundamentals
    • Engagement Model
    • Policy
    • Governing Bodies
    • Architectural Standards

    Components of architecture governance

    1. EA vision, mission, goals, metrics, and principles that provide a direction for the EA practice.
    2. An engagement model showing where and in what fashion EA is engaged in the IT operating model.
    3. An architecture policy formulated and enforced by the architectural governing bodies to guide and constrain architectural choices in pursuit of strategic goals.
    4. Governing bodies to assess projects for compliance and provide feedback.
    5. Architectural standards that codify the EA work products to ensure consistent development of architecture.

    Next Step: Based on the organization’s complexity, conduct a current state assessment of EA governance using Info-Tech’s EA Governance Assessment Tool.

    Assess the components of EA governance in your organization

    1.2 2 hrs

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Governance section highlighted.

    Step 1 - Facilitate

    Download the “EA Governance Assessment Tool” to facilitate a session on identifying the best practices to be applied in your organization.

    Download Info-Tech’s EA Governance Assessment Tool

    Step 2 - Summarize

    Summarize the identified best practices in the EA governance framework document.

    Update the EA Governance Framework Template


    Conduct a current state assessment to identify limitations of the existing EA governance framework

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 was planning a major transformation initiative. The organization determined that EA is a strategic function.

    The CIO had pledged support to the EA group and had given them a mandate to deliver long-term strategic architecture.

    The business leaders did not trust the EA team and believed that lack of business skills in the group put the business transformation at risk.

    Complication

    The EA group had been traditionally seen as a technology organization that helps with software design.

    The EA team lacked understanding of the business and hence there had been no common language between business and technology.

    Result

    Info-Tech helped the EA team create a set of 10 architectural principles that are business-value driven rather than technical statements.

    The team socialized the principles with the business and technology stakeholders and got their approvals.

    By applying the business focused architectural principles, the EA team was able to connect with the business leaders and gain their support.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Determine organizational complexity.
    • Conduct an assessment of the EA governance components.
    • Identify and prioritize gaps.

    Outcomes

    • Organizational complexity assessment
    • EA governance capability assessment
    • A prioritized list of capability gaps

    Phase 2

    EA Fundamentals

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Fundamentals

    1. Current State of EA Governance
    2. EA Fundamentals
    3. Engagement Model
    4. EA Governing Bodies
    5. EA Policy
    6. Architectural Standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Craft the EA vision and mission
    • Develop the EA principles.
    • Identify the EA goals

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Refined set of EA fundamentals to support the building of EA governance

    Info-Tech Insight

    A house divided against itself cannot stand – ensure that the EA fundamentals are aligned with the organization’s goals and objectives.

    Phase 2 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: EA Fundamentals

    Proposed Time to Completion: 3 weeks

    Step 2.1: Develop the EA fundamentals

    Review findings with analyst:

    • Discuss the importance of the EA fundamentals – vision, mission, goals, measures, and principles.
    • Understand how to align the EA vision, mission, goals, and measures to your organization’s vision, mission, goals, measures, and principles.

    Then complete these activities…

    • Develop the EA vision statements.
    • Craft the EA mission statements.
    • Define EA goals and measures.
    • Adopt EA principles.

    With these tools & templates:

    • EA Vision and Mission Template
    • EA Principles Template
    • EA Goals and Measures Template

    Step 2.2: Review the EA fundamentals

    Review findings with analyst:

    • Review the EA fundamentals in conjunction with the results of the EA governance assessment tool and gather feedback.

    Then complete these activities…

    • Refine the EA vision, mission, goals, measures, and principles.
    • Review the list of tasks and plan your next steps.

    With these tools & templates:

    • EA Vision and Mission Template
    • EA Principles Template
    • EA Goals and Measures Template

    Fundamentals of an EA organization

    Vision, mission, goals and measures, and principles form the foundation of the EA function.

    Factors to consider when developing the vision and mission statements

    The vision and mission statements provide strategic direction to the EA team. These statements should be created based on the business and technology drivers in the organization.

    Business Drivers

    • Business drivers are factors that determine, or cause, an increase in value or major improvement of a business.
    • Examples of business drivers include:
      • Increased revenue
      • Customer retention
      • Salesforce effectiveness
      • Innovation

    Technology Drivers

    • Technology drivers are factors that are vital for the continued success and growth of a business using effective technologies.
    • Examples of technology drivers include:
      • Enterprise integration
      • Information security
      • Portability
      • Interoperability

    "The very essence of leadership is [that] you have a vision. It's got to be a vision you articulate clearly and forcefully on every occasion. You can't blow an uncertain trumpet." – Theodore Hesburgh

    Develop vision, mission, goals, measures, and principles to define the EA capability direction and purpose

    EA capability vision statement

    Articulates the desired future state of EA capability expressed in the present tense.

    • What will be the role of EA capability?
    • How will EA capability be perceived?

    Example: To be recognized by both the business and IT as a trusted partner that drives [Company Name]’s effectiveness, efficiency, and agility.

    EA capability mission statement

    Articulates the fundamental purpose of the EA capability.

    • Why does EA capability exist?
    • What does EA capability do to realize its vision?
    • Who are the key customers of the EA capability?

    Example: Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.

    EA capability goals and measures

    EA capability goals define specific desired outcomes of an EA management process execution. EA capability measures define how to validate the achievement of the EA capability goals.

    Example:

    Goal: Improve reuse of IT assets at [Company Name].

    Measures:

    • The number of building blocks available for reuse.
    • Percent of projects that utilized existing building blocks.
    • Estimated efficiency gain (= effort to create a building block * reuse count).

    EA principles

    EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, solution development, and procurement decisions.

    Example:

    • EA principle name: Reuse.
    • Statement: Maximize reuse of existing assets.
    • Rationale: Reuse prevents duplication of development and support efforts, increasing efficiency, and agility.
    • Implications: Define architecture and solution building blocks and ensure their consistent application.

    EA principles guide decision making

    Policies can be seen as “the letter of the law,” whereas EA principles summarize “the spirit of the law.”

    The image shows a graphic with EA Principles listed at the top, with an arrow pointing down to Decisions on the use of IT. At the bottom are domain-specific policies, with two arrows pointing upwards: the arrow on the left is labelled direct, and the arrow on the right is labelled control. The arrow points up to the label Decisions on the use of IT. On the left, there is an arrow pointing both up and down. At the top it is labelled The spirit of the law, and at the bottom, The letter of the law. On the right, there is another arrow pointing both up and down, labelled How should decisions be made at the top and labelled Who has the accountability and authority to make decisions? at the bottom.

    Define EA capability goals and related measures that resonate with EA capability stakeholders

    EA capability goals, i.e. specific desired outcomes of an EA management process execution. Use COBIT 5, APO03 process goals, and metrics as a starting point.

    The image shows a chart titled Manage Enterprise Architecture.

    Define relevant business value measures to collect indirect evidence of EA’s contribution to business benefits

    Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an enabler of business outcomes to senior executives.

    EA performance measures (lead, operational) EA value measures (lag)
    Application of EA management process EA’s contribution to IT performance EA’s contribution to business value

    Enterprise Architecture Management

    • Number of months since the last review of target state EA blueprints.

    IT Investment Portfolio Management

    • Percentage of projects that were identified and proposed by EA.

    Solution Development

    • Number of projects that passed EA reviews.
    • Number of building blocks reused.

    Operations Management

    • Reduction in the number of applications with overlapping functionality.

    Business Value

    • Lower non-discretionary IT spend.
    • Decreased time to production.
    • Higher satisfaction of IT-enabled services.

    Refine the organization’s EA fundamentals

    2.1 2 hrs

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents with four sections highlighted, beginning with EA Vision Statement and ending with EA Goals and Measures.

    Step 1 - Facilitate

    Download the three templates and hold a working session to facilitate a session on creating EA fundamentals.

    Download the EA Vision and Mission Template, the EA Principles Template, and the EA Goals and Measures Template

    Step 2 - Summarize

    Document the final vision, mission, principles, goals, and measures within the EA Governance Framework.

    Update the EA Governance Framework Template


    Ensure that the EA fundamentals are aligned to the organizational needs

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    The EA group at INSPRO01 was being pulled in multiple directions with requests ranging from architecture review to solution design to code reviews.

    Project level architecture was being practiced with no clarity on the end goal. This led to EA being viewed as just another IT function without any added benefits.

    Info-Tech recommended that the EA team ensure that the fundamentals (vision, mission, principles, goals, and measures) reflect what the team aspired to achieve before fixing any of the process concerns.

    Complication

    The EA team was mostly comprised of technical people and hence the best practices outlined were not driven by business value.

    The team had no documented vision and mission statements in place. In addition, the existing goals and measures were not tied to the business strategic objectives.

    The team had architectural principles documented, but there were too many and they were very technical in nature.

    Result

    With Info-Tech’s guidance, the team developed a vision and mission statement to succinctly communicate the purpose of the EA function.

    The team also reduced and simplified the EA principles to make sure they were value driven and communicated in business terms.

    Finally, the team proposed goals and measures to track the performance of the EA team.

    With the fundamentals in place, the team was able to show the value of EA and gain organization-wide acceptance.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Craft the EA vision and mission.
    • Develop the EA principles.
    • Identify the EA goals.

    Outcomes

    • Refined set of EA fundamentals to support the building of EA governance.

    Phase 3

    Engagement Model

    Create a Right-Sized Enterprise Architecture Governance Framework

    Engagement Model

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This step will walk you through the following activities:

    • Build the case for EA engagement
    • Engagement touchpoints within the IT operating model

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Summary of the assessment of the current EA engagement model
    • Target EA engagement model

    Info-Tech Insight

    Perform due diligence prior to decision making. Use the EA Engagement Model to promote conversations between stage gate meetings as opposed to having the conversation during the stage gate meetings.

    Phase 3 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: EA engagement model

    Proposed Time to Completion: 2 weeks

    Step 3.1 Review the current IT operating model

    Start with an analyst kick-off call:

    • Review Info-Tech’s IT operating model.
    • Understand how to document your organization’s IT operating model.
    • Document EA’s current role and responsibility at each stage of the IT operating model.

    Then complete these activities…

    • Document your organization’s IT operating model.

    With these tools & templates:

    • EA Engagement Model Template

    Step 3.2: Determine the target engagement model

    Review findings with analyst:

    • Review your organization’s current state IT operating model.
    • Review your EA’s role and responsibility at each stage of the IT operating model.
    • Document the role and responsibility of EA in the future state.

    Then complete these activities…

    • Document EA’s future role within each stage of your organization’s IT operating model.

    With these tools & templates:

    • EA Engagement Model Template.

    The three pillars of EA Engagement

    Effective EA engagement revolves around three basic principles – generating business benefits, creating adaptable models, and being able to replicate the process across the organization.

    Business Value Driven

    Focus on generating business value from organizational investments.

    Repeatable

    Process should be standardized, transparent, and repeatable so that it can be consistently applied across the organization.

    Flexible

    Accommodate the varying needs of projects of different sizes.

    Where these pillars meet: Advocates long-term strategic vs. short-term tactical solutions.

    EA interaction points within the IT operating model

    EA’s engagement in each stage within the plan, build, and run phases should be clearly defined and communicated.

    Plan Strategy Development Business Planning Conceptualization Portfolio Management
    Build Requirements Solution Design Application Development/ Procurement Quality Assurance
    Run Deploy Operate

    Document the organization’s current IT operating model

    3.1 2-3 hr

    Input

    • IT project lifecycle

    Output

    • Organization’s current IT operating model.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, IT department leads, business leaders.

    Instructions:

    Hold a working session with the participants to document the current IT operating model. Facilitate the activity using the following steps:

    1. Map out the IT operating model.

    1. Find a project that was just deployed within the organization and backtrack every step of the way to the strategy development that resulted in the conception of the project.
    2. Interview the personnel involved with each step of the process to get a sense of whether or not projects usually move to deployment going through these steps.
    3. Review Info-Tech’s best-practice IT operating model presented in the EA Engagement Model Template, and add or remove any steps to the existing organization’s IT operating model as necessary. Document the finalized steps of the IT operating model.

    2. Determine EA’s current role in the operating model.

    1. Interview EA personnel through each step of the process and ask them their role. This is to get a sense of the type of input that EA is having into each step of the process.
    2. Using the EA Engagement Model Template, document the current role of EA in each step of the organization’s IT operation as you complete the interviews.

    Download the EA Engagement Model Template to document the organization’s current IT operating model.

    Define RACI in every stage of the IT operating model (e.g. EA role in strategy development phase of the IT operating model is presented below)

    Strategy Development

    Also known as strategic planning, strategy development is fundamental to creating and running a business. It involves the creation of a longer-term game plan or vision that sets specific goals and objectives for a business.

    R Those in charge of performing the task. These are the people actively involved in the completion of the required work. Business VPs, EA, IT directors R
    A The one ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. CEO A
    C Those whose opinions are sought before a decision is made, and with whom there is two-way communication. PMO, Line managers, etc. C
    I Those who are kept up to date on progress, and with whom there is one-way communication. Development managers, etc. I

    Next Step: Similarly define the RACI for each stage of the IT operating model; refer to the activity slide for prompts.

    Best practices on the role of EA within the IT operating model

    Plan

    Strategy Development

    C

    Business Planning

    C

    Conceptualization

    A

    Portfolio Management

    C

    Build

    Requirements

    C

    Solution Design

    R

    Application Development/ Procurement

    R

    Quality Assurance

    I

    Run

    Deploy

    I

    Operate

    I

    Next Step: Define the role of EA in each stage of the IT operating model; refer to the activity slide for prompts.

    Define EA’s target role in each step of the IT operating model

    3.2 2 hrs

    Input

    • Organization’s IT operating model.

    Output

    • Organization’s EA engagement model.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business leaders, IT department leaders.

    The image shows the Table of Contents for the EA Engagement Model Template with the EA Engagement Summary section highlighted.

    Step 1 - Facilitate

    Download the EA Engagement Model Template and hold a working session to define EA’s target role in each step of the IT operating model.

    Download the EA Engagement Model Template

    Step 2 - Summarize

    Document the target state role of EA within the EA Governance Framework document.

    Update the EA Governance Framework Template


    Design an EA engagement model to formalize EA’s role within the IT operating model

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 had a high IT cost structure with looming technology debt due to a preference for short-term tactical gains over long-term solutions.

    The business satisfaction with IT was at an all-time low due to expensive solutions that did not meet business needs.

    INSPRO01’s technology landscape was in disarray with many overlapping systems and interoperability issues.

    Complication

    No single team within the organization had an end-to-end perspective all the way from strategy to project execution. A lot of information was being lost in handoffs between different teams.

    This led to inconsistent design/solution patterns being applied. Investment decisions had not been grounded in reality and this often led to cost overruns.

    Result

    Info-Tech helped INSPRO01 identify opportunities for EA team engagement at different stages of the IT operating model. EA’s role within each stage was clearly defined and documented.

    With Info-Tech’s help, the EA team successfully made the case for engagement upfront during strategy development rather than during project execution.

    The increased transparency enabled the EA team to ensure that investments were aligned to organizational strategic goals and objectives.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Build the case for EA engagement.
    • Identify engagement touchpoints within the IT operating model.

    Outcomes

    • Summary of the assessment of the current EA engagement model
    • Target EA engagement model

    Phase 4

    EA Governing Bodies

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Governing Bodies

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Identify the number of governing bodies
    • Define the game plan to initialize the governing bodies
    • Define the architecture review process

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Charter definition for each EA governance board

    Info-Tech Insight

    Use architecture governance like a scalpel rather than a hatchet. Implement governing bodies to provide guidance rather than act as a police force.

    Phase 4 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create or identify EA governing bodies

    Proposed Time to Completion: 2 weeks

    Step 4.1: Identify architecture boards and develop charters

    Start with an analyst kick-off call:

    • Understand the factors influencing the number of governing bodies required for an organization.
    • Understand the components of a governing body charter.

    Then complete these activities…

    • Identify how many governing bodies are needed.
    • Define EA governing body composition, meeting frequency, and domain of coverage.
    • Define the inputs and outputs of each EA governing body.
    • Identify mandatory inclusion criteria.

    With these tools & templates:

    • Architecture Board Charter Template

    Step 4.2: Develop an architecture review process

    Follow-up with an analyst call:

    • Review the number of boards identified for your organization and gather feedback.
    • Review the charters developed for each governing body and gather feedback.
    • Understand the various factors that impact the architecture review process.
    • Review Info-Tech’s best-practice architecture review process.

    Then complete these activities…

    • Refine the charters for governing bodies.
    • Develop the architecture review process for your organization.

    With these tools & templates:

    • Architecture Review Process Template

    Factors that determine the number of architectural boards required

    The primary purpose of architecture boards is to ensure that business benefits are maximized and solution design is within the options set forth by the architectural reference models without introducing additional layers of bureaucracy.

    The optimal number of architecture boards required in an organization is a function of the following factors:

    • EA organization model
      • Distributed
      • Federated
      • Centralized
    • Architecture domains Maturity of architecture domains
    • Project throughput

    Commonly observed architecture boards:

    • Architecture Review Board
    • Technical Architecture Committee
    • Data Architecture Review Board
    • Infrastructure Architecture Review Board
    • Security Architecture Review Board

    Info-Tech Insight

    Before building out a new governance board, start small by repurposing existing forums by adding architecture as an agenda item. As the items for review increase consider introducing dedicated governing bodies.

    EA organization model drives the architecture governance structure

    EA teams can be organized in three ways – distributed, federated, and centralized. Each model has its own strengths and weaknesses. EA governance must be structured in a way such that the strengths are harvested and the weaknesses are mitigated.

    Distributed Federated Centralized
    EA org. structure
    • No overarching EA team exists and segment architects report to line of business (LOB) executives.
    • A centralized EA team exists with segment architects reporting to LOB executives and dotted-line to head of (centralized) EA.
    • A centralized EA capability exists with enterprise architects reporting to the head of EA.
    Implications
    • Produces a fragmented and disjointed collection of architectures.
    • Economies of scale are not realized.
    • High cross-silo integration effort.
    • LOB-specific approach to EA.
    • Requires dual reporting relationships.
    • Additional effort is required to coordinate centralized EA policies and blueprints with segment EA policies and blueprints.
    • Accountabilities may be unclear.
    • Can be less responsive to individual LOB needs, because the centralized EA capability must analyze needs of multiple LOBs and various trade-off options to avoid specialized, one-off solutions.
    • May impede innovation.
    Architectural boards
    • Cross LOB working groups to create architecture standards, patterns, and common services.
    • Local boards to support responsiveness to LOB-specific needs.
    • Cross LOB working groups to create architecture standards, patterns and common services.
    • Cross-enterprise boards to ensure adherence to enterprise standards and reduce integration costs.
    • Local boards to support responsiveness to LOB specific needs.
    • Enterprise working groups to create architecture standards, patterns, and all services.
    • Central board to ensure adherence to enterprise standards.

    Architecture domains influences the number of architecture boards required

    • An architecture review board (ARB) provides direction for domain-specific boards and acts as an escalation point. The ARB must have the right mix of both business and technology stakeholders.
    • Domain-specific boards provide a platform to have focused discussions on items specific to that domain.
    • Based on project throughput and the maturity of each domain, organizations would have to pick the optimal number of boards.
    • Architecture working groups provide a platform for cross-domain conversations to establish organization wide standards.
    Level 1 Architecture Review Board IT and Business Leaders
    Level 2 Business Architecture Board Data Architecture Board Application Architecture Board Infrastructure Architecture Board Security Architecture Board IT and Business Managers
    Level 3 Architecture Working Groups Architects

    Create a game plan for the architecture boards

    • Start with a single board for each level – an architecture review board (ARB), a technical architecture committee (TAC), and architecture working groups.
    • As the organization matures and the number of requests to the TAC increase, consider creating domain-specific boards – such as business architecture, data architecture, application architecture, etc. – to handle architecture decisions pertaining to that domain.

    Start with this:

    Level 1 Architecture Review Board
    Level 2 Technical Architecture Committee
    Level 3 Architecture Working Groups

    Change to this:

    Architecture Review Board IT and Business Leaders
    Business Architecture Board Data Architecture Board Application Architecture Board Infrastructure Architecture Board Security Architecture Board IT and Business Managers
    Architecture Working Groups Architects

    Architecture boards have different objectives and activities

    The boards at each level should be set up with the correct agenda – ensure that the boards’ composition and activities reflect their objective. Use the entry criteria to communicate the agenda for their meetings.

    Architecture Review Board Technical Architecture Committee
    Objective
    • Evaluates business strategy, needs, and priorities, sets direction and acts as a decision making authority of the EA capability.
    • Directs the development of target state architecture.
    • Monitors performance and compliance of the architectural standards.
    • Monitor project solution architecture compliance to standards, regulations, EA principles, and target state EA blueprints.
    • Review EA compliance waiver requests, make recommendations, and escalate to the architecture review board (ARB).
    Composition
    • Business Leadership
    • IT Leadership
    • Head of Enterprise Architecture
    • Business Managers
    • IT Managers
    • Architects
    Activities
    • Review compliance of conceptual solution to standards.
    • Discuss the enterprise implications of the proposed solution.
    • Select and approve vendors.
    • Review detailed solution design.
    • Discuss the risks of the proposed solution.
    • Discuss the cost of the proposed solution.
    • Review and recommend vendors.
    Entry Criteria
    • Changes to IT Enterprise Technology Policy.
    • Changes to the technology management plan.
    • Approve changes to enterprise technology inventory/portfolio.
    • Ongoing operational cost impacts.
    • Detailed estimates for the solution are ready for review.
    • There are significant changes to protocols or technologies responsible for solution.
    • When the project is deviating from baselined architectures.

    Identify the number of governing bodies

    4.1 2 hrs

    Input

    • EA Vision and Mission
    • EA Engagement Model

    Output

    • A list of EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    Instructions:

    Hold a working session with the participants to identify the number of governing bodies. Facilitate the activity using the following steps:

    1. Examine the EA organization models mentioned previously. Assess how your organization is structured, and identify whether your organization has a federated, distributed or centralized EA organization model.
    2. Reference the “Game plan for the architecture boards” slide. Assess the architecture domains, and define how many there are in the organization.
    3. Architecture domains:
      1. If no defined architecture domains exist, model the number of governing bodies in the organization based on the “Start with this” scenario in the “Game plan for the architecture boards” slide.
      2. If defined architecture domains do exist, model the number of governing bodies based on the “Change to this” scenario in the “Game plan for the architecture boards” slide.
    4. Name each governing body you have defined in the previous step. Download Info-Tech’s Architecture Board Charter Template for each domain you have named. Input the names into the title of each downloaded template.

    Download the Architecture Board Charter Template to document this activity.

    Defining the governing body charter

    The charter represents the agreement between the governing body and its stakeholders about the value proposition and obligations to the organization.

    1. Purpose: The reason for the existence of the governing body and its goals and objectives.
    2. Composition: The members who make up the committee and their roles and responsibilities in it.
    3. Frequency of meetings: The frequency at which the committee gathers to discuss items and make decisions.
    4. Entry/Exit Criteria: The criteria by which the committee selects items for review and items for which decisions can be taken.
    5. Inputs: Materials that are provided as inputs for review and decision making by the committee.
    6. Outputs: Materials that are provided by the committee after an item has been reviewed and the decision made.
    7. Activities: Actions undertaken by the committee to arrive at its decision.

    Define EA’s target role in each step of the IT operating model

    4.2 3 hrs

    Input

    • A list of all identified EA governing bodies.

    Output

    • Charters for each EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents for the EA Governance Framework document, with the Architecture Board Charters highlighted.

    Step 1 Facilitate

    Hold a working session with the stakeholders to define the charter for each of the identified architecture boards.

    Download Architecture Board Charter Template

    Step 2 Summarize

    • Summarize the objectives of each board and reference the charter document within the EA Governance Framework.
    • Upload the final charter document to the team’s common repository.

    Update the EA Governance Framework document


    Considerations when creating an architecture review process

    • Ensure that architecture review happens at major milestones within the organization’s IT Operating Model such as the plan, build, and run phases.
    • In order to provide continuous engagement, make the EA group accountable for solution architecture in the plan phase. In the build phase, the EA group will be consulted while the solution architect will be responsible for the project solution architecture.

    Plan

    • Strategy Development
    • Business Planning
    • A - Conceptualization
    • Portfolio Management

    Build

    • Requirements
    • R - Solution Design
    • Application Development/ Procurement
    • Quality Assurance

    Run

    • Deploy
    • Operate

    Best-practice project architecture review process

    The best-practice model presented facilitates the creation of sound solution architecture through continuous engagement with the EA team and well-defined governance checkpoints.

    The image shows a graphic of the best-practice model. At the left, four categories are listed: Committees; EA; Project Team; LOB. At the top, three categories are listed: Plan; Build; Run. Within the area between these categories is a flow chart demonstrating the best-practice model and specific checkpoints throughout.

    Develop the architecture review process

    4.3 2 hours

    Input

    • A list of all EA governing bodies.
    • Info-Tech’s best practice architecture review process.

    Output

    • The new architecture review process.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    Hold a working session with the participants to develop the architecture review process. Facilitate the activity using the following steps:

    1. Reference Info-Tech’s best-practice architecture review process embedded within the “Architecture Review Process Template” to gain an understanding of an ideal architecture review process.
    2. Identify the stages within the plan, build, and run phases where solution architecture reviews should occur, and identify the governing bodies involved in these reviews.
    3. As you go through these stages, record your findings in the Architecture Review Process Template.
    4. Connect the various activities leading to and from the architecture creation points to outline the review process.

    Download the Architecture Review Process Template for additional guidance regarding developing an architecture review process.

    Develop the architecture review process

    4.3 2 hrs

    Input

    • A list of all identified EA governing bodies.

    Output

    • Charters for each EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents, with the Architecture Review Process highlighted.

    Step 1 - Facilitate

    Download Architecture Review Process Template and facilitate a session to customize the best-practice model presented in the template.

    Download the Architecture Review Process Template

    Step 2 - Summarize

    Summarize the process changes and document the process flow in the EA Governance Framework document.

    Update the EA Governance Framework Template

    Right-size EA governing bodies to reduce the perception of red tape

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    At INSPRO01, architecture governance boards were a bottleneck. The boards fielded all project requests, ranging from simple screen label changes to complex initiatives spanning multiple applications.

    These boards were designed as forums for technology discussions without any business stakeholder involvement.

    Complication

    INSPRO01’s management never gave buy-in to the architecture governance boards since their value was uncertain.

    Additionally, architectural reviews were perceived as an item to be checked off rather than a forum for getting feedback.

    Architectural exceptions were not being followed through due to the lack of a dispensation process.

    Result

    Info-Tech has helped the team define adaptable inclusion/exclusion criteria (based on project complexity) for each of the architectural governing boards.

    The EA team was able to make the case for business participation in the architecture forums to better align business and technology investment.

    An architecture dispensation process was created and operationalized. As a result architecture reviews became more transparent with well-defined next steps.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Identify the number of governing bodies.
    • Define the game plan to initialize the governing bodies.
    • Define the architecture review process.

    Outcomes

    • Charter definition for each EA governance board

    Phase 5

    EA Policy

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Policy

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Define the EA policy scope
    • Identify the target audience
    • Determine the inclusion and exclusion criteria
    • Create an assessment checklist

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • The completed EA policy
    • Project assessment checklist
    • Defined assessment outcomes
    • Completed compliance waiver process

    Info-Tech Insight

    Use the EA policy to promote EA’s commitment to deliver value to business stakeholders through process transparency, stakeholder engagement, and compliance.

    Phase 5 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 5: EA Policy

    Proposed Time to Completion: 3 weeks

    Step 5.1–5.3: EA Policy, Assessment Checklists, and Decision Types

    Start with an analyst kick-off call:

    • Discuss the three pillars of EA policy and its purpose.
    • Review the components of an effective EA policy.
    • Understand how to develop architecture assessment checklists.
    • Understand the assessment decision types.

    Then complete these activities…

    • Define purpose, scope, and audience of the EA policy.
    • Create a project assessment checklist.
    • Define the organization’s assessment decision type.

    With these tools & templates:

    • EA Policy Template
    • EA Assessment Checklist Template

    Step 5.4: Compliance Waivers

    Review findings with analyst:

    • Review your draft EA policy and gather feedback.
    • Review your project assessment checklists and the assessment decision types.
    • Discuss the best-practice architecture compliance waiver process and how to tailor it to your organizational needs.

    Then complete these activities…

    • Refine the EA policy based on feedback gathered.
    • Create the compliance waiver process.

    With these tools & templates:

    • EA Compliance Waiver Process Template
    • EA Compliance Waiver Form Template

    Three pillars of architecture policy

    Architecture policy is a set of guidelines, formulated and enforced by the governing bodies of an organization, to guide and constrain architectural choices in pursuit of strategic goals.

    Architecture compliance – promotes compliance to organizational standards through well-defined assessment checklists across architectural domains.

    Business value – ensures that investments are tied to business value by enforcing traceability to business capabilities.

    Architectural guidance – provides guidance to architecture practitioners on the application of the business and technology standards.

    Components of EA policy

    An enterprise architecture policy is an actionable document that can be applied to projects of varying complexity across the organization.

    1. Purpose and Scope: This EA policy document clearly defines the scope and the objectives of architecture reviews within an organization.
    2. Target Audience: The intended audience of the policy such as employees and partners.
    3. Architecture Assessment Checklist: A wide range of typical questions that may be used in conducting Architecture Compliance reviews, relating to various aspects of the architecture.
    4. Assessment Outcomes: The outcome of the architecture review process that determines the conformance of a project solution to the enterprise architecture standards.
    5. Compliance Waiver: Used when a solution or segment architecture is perceived to be non-compliant with the enterprise architecture.

    Draft the purpose and scope of the EA policy

    5.1 2.5 hrs

    Input

    • A consensus on the purpose, scope, and audience for the EA policy.

    Output

    • Documented version of the purpose, scope, and audience for the EA policy.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Policy section highlighted.

    Step 1 - Facilitate

    Download the EA Policy Template and hold a working session to draft the EA policy.

    Download the EA Policy Template

    Step 2 - Summarize

    • Summarize purpose, scope, and intended audience of the policy in the EA Governance Framework document.
    • Update the EA policy document with the purpose, scope and intended audience.

    Update the EA Governance Framework Template

    Architecture assessment checklist

    Architecture assessment checklist is a list of future-looking criteria that a project will be assessed against. It provides a set of standards against which projects can be assessed in order to render a decision on whether or not the project can be greenlighted.

    Architecture checklists should be created for each EA domain since each domain provides guidance on specific aspects of the project.

    Sample Checklist Questions

    Business Architecture:

    • Is the project aligned to organizational strategic goals and objectives?
    • What are the business capabilities that the project supports? Is it creating new capabilities or supporting an existing one?

    Data Architecture:

    • What processes are in place to support data referential integrity and/or normalization?
    • What is the physical data model definition (derived from logical data models) used to design the database?

    Application Architecture:

    • Can this application be placed on an application server independent of all other applications? If not, explain the dependencies.
    • Can additional parallel application servers be easily added? If so, what is the load balancing mechanism?

    Infrastructure Architecture:

    • Does the solution provide high-availability and fault-tolerance that can recover from events within a datacenter?

    Security Architecture:

    • Have you ensured that the corporate security policies and guidelines to which you are designing are the latest versions?

    Create architectural assessment checklists

    5.2 2 hrs

    Input

    • Reference architecture models.

    Output

    • Architecture assessment checklist.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Assessment Checklist section highlighted.

    Step 1 - Facilitate

    Download the EA Assessment Checklist Template and hold a working session to create the architectural assessment checklists.

    Download the EA Assessment Checklist Template

    Step 2 - Summarize

    • Summarize the major points of the checklists in the EA Governance Framework document.
    • Update the EA policy document with the detailed architecture assessment checklists.

    Update the EA Governance Framework Template

    Architecture assessment decision types

    • As a part of the proposed solution review, the governing bodies produce a decision indicating the compliance of the solution architecture with the enterprise standards.
    • Go, No Go, or Conditional are a sample set of decision outcomes available to the governing bodies.
    • On a conditional approval, the project team must file for a compliance waiver.

    Approved

    • The solution demonstrates substantial compliance with standards.
    • Negligible risk to the organization or minimal risks with sound plans of how to mitigate them.
    • Architectural approval to proceed with delivery type of work.

    Conditional Approval

    • The significant aspects of the solution have been addressed in a satisfactory manner.
    • Yet, there are some aspects of the solution that are not compliant with standards.
    • The architectural approval is conditional upon presenting the missing evidence within a minimal period of time determined.
    • The risk level may be acceptable to the organization from an overall IT governance perspective.

    Not Approved

    • The solution is not compliant with the standards.
    • Scheduled for a follow-up review.
    • Not recommended to proceed until the solution is more compliant with the standards.

    Best-practice architecture compliance waiver process

    Waivers are not permanent. Waiver terms must be documented for each waiver specifying:

    • Time period after which the architecture in question will be compliant with the enterprise architecture.
    • The modifications necessary to the enterprise architecture to accommodate the solution.

    The image shows a flow chart, split into 4 sections: Enterprise Architect; Solution Architect; TAC; ARB. To the right of these section labels, there is a flow chart that documents the waiver process.

    Create compliance waiver process

    5.4 3-4 hrs

    Input

    • A consensus on the compliance waiver process.

    Output

    • Documented compliance waiver process and form.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents with the Compliance Waiver Form section highlighted.

    Step 1 - Facilitate

    Download the EA compliance waiver template and hold a working session to customize the best-practice process to your organization’s needs.

    Download the EA Compliance Waiver Process Template

    Step 2 - Summarize

    • Summarize the objectives and high-level process in the EA Governance Framework document.
    • Update the EA policy document with the compliance waiver process.
    • Upload the final policy document to the team’s common repository.

    Update the EA Governance Framework Template

    Creates an enterprise architecture policy to drive adoption

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    EA program adoption across INSPRO01 was at its lowest point due to a lack of transparency into the activities performed by the EA group.

    Often, projects ignored EA entirely as it was viewed as a nebulous and non-value-added activity that produced no measurable results.

    Complication

    There was very little documented information about the architecture assessment process and the standards against which project solution architectures were evaluated.

    Additionally, there were no well-defined outcomes for the assessment.

    Project groups were left speculating about the next steps and with little guidance on what to do after completing an assessment.

    Result

    Info-Tech helped the EA team create an EA policy containing architecture significance criteria, assessment checklists, and reference to the architecture review process.

    Additionally, the team also identified guidelines and detailed next steps for projects based on the outcome of the architecture assessment.

    These actions brought clarity to EA processes and fostered better engagement with the EA group.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Define the scope.
    • Identify the target audience.
    • Determine the inclusion and exclusion criteria.
    • Create an assessment checklist.

    Outcomes

    • The completed EA policy
    • Project assessment checklist
    • Defined assessment outcomes
    • Completed compliance waiver process

    Phase 6

    Architectural Standards

    Create a Right-Sized Enterprise Architecture Governance Framework

    Architectural Standards

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Identify and standardize EA work products
    • Classify the architectural standards
    • Identify the custodian of standards
    • Update the standards

    This step involves the following participants:

    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • A standardized set of EA work products
    • A way to categorize and store EA work products
    • A defined method of updating standards

    Info-Tech Insight

    The architecture standard is the currency that facilitates information exchange between stakeholders. The primary purpose is to minimize transaction costs by providing a balance between stability and relevancy.

    Phase 6 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 6: Architectural standards

    Proposed Time to Completion: 4 weeks

    Step 6.1: Understand Architectural Standards

    Start with an analyst kick-off call:

    • Discuss architectural standards.
    • Know how to identify and define EA work products.
    • Understand the standard content of work products.

    Then complete these activities…

    • Identify and standardize EA work products.

    Step 6.2–6.3: EA Repository and Updating the Standards

    Review with analyst:

    • Review the standardized EA work products.
    • Discuss the principles of EA repository.
    • Discuss the Info-Tech best-practice model for updating architecture standards and how to tailor them to your organizational context.

    Then complete these activities…

    • Build a folder structure for storing EA work products.
    • Use the Info-Tech best-practice architecture standards update process to develop your organization’s process for updating architecture standards.

    With these tools & templates:

    • Architecture Standards Update Process Template

    Recommended list of EA work products to standardize

    • EA work products listed below are typically produced as a part of the architecture lifecycle.
    • To ensure consistent development of architecture, the work products need to be standardized.
    • Consider standardizing both the naming conventions and the content of the work products.
    1. EA vision: A document containing the vision that provides the high-level aspiration of the capabilities and business value that EA will deliver.
    2. Statement of EA Work: The Statement of Architecture Work defines the scope and approach that will be used to complete an architecture project.
    3. Reference architectures: A reference architecture is a set of best-practice taxonomy that describes components and the conceptual structure of the model, as well as graphics, which provide a visual representation of the taxonomy to aid understanding. Reference architectures are created for each of the architecture domains.
    4. Solution proposal: The proposed project solution based on the EA guidelines and standards.
    5. Compliance assessment request: The document that contains the project solution architecture assessment details.
    6. Architecture change request: The request that initiates a change to architecture standards when existing standards can no longer meet the needs of the enterprise.
    7. Transition architecture: A transition architecture shows the enterprise at incremental states that reflect periods of transition that sit between the baseline and target architectures.
    8. Architectural roadmap: A roadmap that lists individual increments of change and lays them out on a timeline to show progression from the baseline architecture to the target architecture.
    9. EA compliance waiver request: A compliance waiver request that must be made when a solution or segment architecture is perceived to be non-compliant with the enterprise architecture.

    Standardize the content of each work product

    1. Purpose - The reason for the existence of the work product.
    2. Owner - The owner of this EA work product.
    3. Target Audience - The intended audience of the work product such as employees and partners.
    4. Naming Pattern - The pattern for the name of the work product as well as its file name.
    5. Table of Contents - The various sections of the work product.
    6. Review & Sign-Off Authority - The stakeholders who will review the work product and approve it.
    7. Repository Folder Location - The location where the work product will be stored.

    Identify and standardize work products

    6.1 3 hrs

    Input

    • List of various documents being produced by projects currently.

    Output

    • Standardized list of work products.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • A computer, and/or a whiteboard and marker.

    Instructions:

    Hold a working session with the participants to identify and standardize work products. Facilitate the activity using the steps below.

    1. Identifying EA work products:
      1. Start by reviewing the list of all architecture-related documents presently produced in the organization. Any such deliverable with the following characteristics can be standardized:
        1. If it can be broken out and made into a standalone document.
        2. If it can be made into a fill-in form completed by others.
        3. If it is repetitive and requires iterative changes.
      2. Create a list of work products that your organization would like to standardize based on the characteristics above.
    2. The content and format of standardized EA work products:
      1. For each work product your organization wishes to standardize, look at its purpose and brainstorm the content needed to fulfill that purpose.
      2. After identifying the elements that need to be included in the work product to fulfill its purpose, order them logically for presentation purposes.
      3. In each section of the work product that need to be completed, include instructions on how to complete the section.
      4. Review the seven elements presented in the previous slide and include them in the work products.

    EA repository - information taxonomy

    As the EA function begins to grow and accumulates EA work products, having a well-designed folder structure helps you find the necessary information efficiently.

    Architecture meta-model

    Describes the organizationally tailored architecture framework.

    Architecture capability

    Defines the parameters, structures, and processes that support the enterprise architecture group.

    Architecture landscape

    An architectural presentation of assets in use by the enterprise at particular points in time.

    Standards information base

    Captures the standards with which new architectures and deployed services must comply.

    Reference library

    Provides guidelines, templates, patterns, and other forms of reference material to accelerate the creation of new architectures for the enterprise.

    Governance log

    Provides a record of governance activity across the enterprise.

    Create repository folder structure

    6.2 5-6 hrs

    Input

    • List of standardized work products.

    Output

    • EA work products mapped to a repository folder.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, IT department leads.

    Instructions:

    Hold a working session with the participants to create a repository structure. Facilitate the activity using the steps below:

    1. Start with the taxonomy on the previous slide, and sort the existing work products into these six categories.
    2. Assess that the work products are sorted in a mutually exclusive and collectively exhaustive fashion. This means that a certain work product that appears in one category should not appear in another category. As well, make sure these six categories capture all the existing work products.
    3. Based on the categorization of the work products, build a folder structure that follows these categories, which will allow for the work products to be accessed quickly and easily.

    Create a process to update EA work products

    • Architectural standards are not set in stone and should be reviewed and updated periodically.
    • The Architecture Review Board is the custodian for standards.
    • Any change to the standards need to be assessed thoroughly and must be communicated to all the impacted stakeholders.

    Architectural standards update process

    Identify

    • Identify changes to the standards

    Assess

    • Review and assess the impacts of the change

    Document

    • Document the change and update the standard

    Approve

    • Distribute the updated standards to key stakeholders for approval

    Communicate

    • Communicate the approved changes to impacted stakeholders

    Create a process to continually update standards

    6.3 1.5 hrs

    Input

    • The list of work products and its owners.

    Output

    • A documented work product update process.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the screenshot of the Table of Contents with the Standards Update Process highlighted.

    Step 1 - Facilitate

    Download the standards update process template and hold a working session to customize the best practice process to your organization’s needs.

    Download the Architecture Standards Update Process Template

    Step 2 - Summarize

    Summarize the objectives and the process flow in the EA governance framework document.

    Update the EA Governance Framework Template

    Create architectural standards to minimize transaction costs

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 didn’t maintain any centralized standards and each project had its own solution/design work products based on the preference of the architect on the project. This led to multiple standards across the organization.

    Lack of consistency in architectural deliverables made the information hand-offs expensive.

    Complication

    INSPRO01 didn’t maintain the architectural documents in a central repository and the information was scattered across multiple project folders.

    This caused key stakeholders to make decisions based on incomplete information and resulted in constant revisions as new information became available.

    Result

    Info-Tech recommended that the EA team identify and standardize the various EA work products so that information was collected in a consistent manner across the organization.

    The team also recommended an information taxonomy to store the architectural deliverables and other collateral.

    This resulted in increased consistency and standardization leading to efficiency gains.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Identify and standardize EA work products.
    • Classify the architectural standards.
    • Identify the custodian of standards.
    • Update the standards.

    Outcomes

    • A standardized set of EA work products
    • A way to categorize and store EA work products
    • A defined method of updating standards

    Phase 7

    Communication Plan

    Create a Right-Sized Enterprise Architecture Governance Framework

    Communication Plan

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • List the changes identified in the EA governance initiative
    • Identify stakeholders
    • Create a communication plan

    This step involves the following participants:

    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Communication Plan
    • EA Governance Framework

    Info-Tech Insight

    By failing to prepare, you are preparing to fail – maximize the likelihood of success for EA governance by engaging the relevant stakeholders and communicating the changes.

    Phase 7 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 6: Operationalize the EA governance framework

    Proposed Time to Completion: 1 week

    Step 7.1: Create a Communication Plan

    Start with an analyst kick-off call:

    • Discuss how to communicate changes to stakeholders.
    • Discuss the purposes and benefits of the EA governance framework.

    Then complete these activities…

    • Identify the stakeholders affected by the EA governance transformations.
    • List the benefits of the proposed EA governance initiative.
    • Create a plan to communicate the changes to impacted stakeholders.

    With these tools & templates:

    • EA Governance Communication Plan Template
    • EA Governance Framework Template

    Step 7.2: Review the Communication Plan

    Start with an analyst kick-off call:

    • Review the communication plan and gather feedback on the proposed stakeholders.
    • Confer about the various methods of communicating change in an organization.
    • Discuss the uses of the EA Governance Framework.

    Then complete these activities…

    • Refine your communication plan and use it to engage with stakeholders to better serve customers.
    • Create the EA Governance Framework to accompany the communication plan in engaging stakeholders to better understand the value of EA.

    With these tools & templates:

    • EA Governance Communication Plan Template
    • EA Governance Framework Template

    Communicate changes to stakeholders

    The changes made to the EA governance components need to be reviewed, approved, and communicated to all of the impacted stakeholders.

    Deliverables to be reviewed:

    • Fundamentals
      • Vision and Mission
      • Goals and Measures
      • Principles
    • Architecture review process
    • Assessment checklists
    • Policy Governing body charters
    • Architectural standards

    Deliverable Review Process:

    Step 1: Hold a meeting with stakeholders to review, refine, and agree on the changes.

    Step 2: Obtain an official approval from the stakeholders.

    Step 3: Communicate the changes to the impacted stakeholders.

    Communicate the changes by creating an EA governance framework and communication plan

    7.1 3 hrs

    Input

    • EA governance deliverables.

    Output

    • EA Governance Framework
    • Communication Plan.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    Instructions:

    Hold a working session with the participants to create the EA governance framework as well as the communication plan. Facilitate the activity using the steps below:

    1. EA Governance Framework:
      1. The EA Governance Framework is a document that will help reference and cite all the materials created from this blueprint. Follow the instructions on the framework to complete.
    2. Communication Plan:
      1. Identify the stakeholders based on the EA governance deliverables.
      2. For each stakeholder identified, complete the “Communication Matrix” section in the EA Governance Communication Plan Template. Fill out the section based on the instructions in the template.
      3. As the stakeholders are identified based on the “Communication Matrix,” use the EA Governance Framework document to communicate the changes.

    Download the EA Governance Communication Plan Template and EA Governance Framework Template for additional instructions and to document your activities in this phase.

    Maximize the likelihood of success by communicating changes

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    The EA group followed Info-Tech’s methodology to assess the current state and has identified areas for improvement.

    Best practices were adopted to fill the gaps identified.

    The team planned to communicate the changes to the technology leadership team and get approvals.

    As the EA team tried to roll out changes, they encountered resistance from various IT teams.

    Complication

    The team was not sure of how to communicate the changes to the business stakeholders.

    Result

    Info-Tech has helped the team conduct a thorough stakeholder analysis to identify all the stakeholders who would be impacted by the changes to the architecture governance framework.

    A comprehensive communication plan was developed that leveraged traditional email blasts, town hall meetings, and non-traditional methods such as team blogs.

    The team executed the communication plan and was able to manage the change effectively.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • List the changes identified in the EA governance initiative.
    • Identify stakeholders.
    • Create a communication plan.
    • Compile the materials created in the blueprint to better communicate the value of EA governance.

    Outcomes

    • Communication plan
    • EA governance framework

    Bibliography

    Government of British Columbia. “Architecture and Standards Review Board.” Government of British Columbia. 2015. Web. Jan 2016. < http://www.cio.gov.bc.ca/cio/standards/asrb.page >

    Hopkins, Brian. “The Essential EA Toolkit Part 3 – An Architecture Governance Process.” Cio.com. Oct 2010. Web. April 2016. < http://www.cio.com/article/2372450/enterprise-architecture/the-essential-ea-toolkit-part-3---an-architecture-governance-process.html >

    Kantor, Bill. “How to Design a Successful RACI Project Plan.” CIO.com. May 2012. Web. Jan 2016. < http://www.cio.com/article/2395825/project-management/how-to-design-a-successful-raci-project-plan.html >

    Sapient. “MIT Enterprise Architecture Guide.” Sapient. Sep 2004. Web. Jan 2016. < http://web.mit.edu/itag/eag/FullEnterpriseArchitectureGuide0.1.pdf >

    TOGAF. “Chapter 41: Architecture Repository.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap41.html >

    TOGAF. “Chapter 48: Architecture Compliance.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap48.html >

    TOGAF. “Version 9.1.” The Open Group. 2011. Web. Jan 2016. http://pubs.opengroup.org/architecture/togaf9-doc/arch/

    United States Secret Service. “Enterprise Architecture Review Board.” United States Secret Service. Web. Jan 2016. < http://www.archives.gov/records-mgmt/toolkit/pdf/ID191.pdf >

    Virginia Information Technologies Agency. “Enterprise Architecture Policy.” Commonwealth of Virginia. Jul 2006. Web. Jan 2016. < https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/eapolicy200-00.pdf >

    Research contributors and experts

    Alan Mitchell, Senior Manager, Global Cities Centre of Excellence, KPMG

    Alan Mitchell has held numerous consulting positions before his role in Global Cities Centre of Excellence for KPMG. As a Consultant, he has had over 10 years of experience working with enterprise architecture related engagements. Further, he worked extensively with the public sector and prides himself on his knowledge of governance and how governance can generate value for an organization.

    Ian Gilmour, Associate Partner, EA advisory services, KPMG

    Ian Gilmour is the global lead for KPMG’s enterprise architecture method and Chief Architect for the KPMG Enterprise Reference Architecture for Health and Human Services. He has over 20 years of business design experience using enterprise architecture techniques. The key service areas that Ian focuses on are business architecture, IT-enabled business transformation, application portfolio rationalization, and the development of an enterprise architecture capability within client organizations.

    Djamel Djemaoun Hamidson, Senior Enterprise Architect, CBC/Radio-Canada

    Djamel Djemaoun is the Senior Enterprise Architect for CBC/Radio-Canada. He has over 15 years of Enterprise Architecture experience. Djamel’s areas of special include service-oriented architecture, enterprise architecture integration, business process management, business analytics, data modeling and analysis, and security and risk management.

    Sterling Bjorndahl, Director of Operations, eHealth Saskatchewan

    Sterling Bjorndahl is now the Action CIO for the Sun Country Regional Health Authority, and also assisting eHealth Saskatchewan grow its customer relationship management program. Sterling’s areas of expertise include IT strategy, enterprise architecture, ITIL, and business process management. He serves as the Chair on the Board of Directors for Gardiner Park Child Care.

    Huw Morgan, IT Research Executive, Enterprise Architect

    Huw Morgan has 10+ years experience as a Vice President or Chief Technology Officer in Canadian internet companies. As well, he possesses 20+ years experience in general IT management. Huw’s areas of expertise include enterprise architecture, integration, e-commerce, and business intelligence.

    Serge Parisien, Manager, Enterprise Architecture at Canada Mortgage Housing Corporation

    Serge Parisien is a seasoned IT leader with over 25 years of experience in the field of information technology governance and systems development in both the private and public sectors. His areas of expertise include enterprise architecture, strategy, and project management.

    Alex Coleman, Chief Information Officer at Saskatchewan Workers’ Compensation Board

    Alex Coleman is a strategic, innovative, and results-driven business leader with a proven track record of 20+ years’ experience planning, developing, and implementing global business and technology solutions across multiple industries in the private, public, and not-for-profit sectors. Alex’s expertise includes program management, integration, and project management.

    L.C. (Skip) Lumley , Student of Enterprise and Business Architecture

    Skip Lumley was formerly a Senior Principle at KPMG Canada. He is now post-career and spends his time helping move enterprise business architecture practices forward. His areas of expertise include enterprise architecture program implementation and public sector enterprise architecture business development.

    Additional contributors

    • Tim Gangwish, Enterprise Architect at Elavon
    • Darryl Garmon, Senior Vice President at Elavon
    • Steve Ranaghan, EMEIA business engagement at Fujitsu

    Operations management

    • Buy Link or Shortcode: {j2store}12|cart{/j2store}
    • Related Products: {j2store}12|crosssells{/j2store}
    • Up-Sell: {j2store}12|upsells{/j2store}
    • member rating overall impact: 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    IT Operations is all about effectiveness. We make sure that you deliver reliable services to the clients and users within the company.

    Get Started With IT Project Portfolio Management

    • Buy Link or Shortcode: {j2store}443|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $7,599 Average $ Saved
    • member rating average days saved: 46 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.
    • While struggling to find a solution, within the organization, project requests never stop and all projects continue to all be treated the same. Resources are requested for multiple projects without any visibility into their project capacity. Projects lack proper handoffs from closure to ongoing operational work. And the benefits are never tracked.
    • If you have too many projects, limited resources, ineffective communications, or low post-project adoption, keep reading. Perhaps you should spend a bit more on project, portfolio, and organizational change management.

    Our Advice

    Critical Insight

    • Successful project outcomes are not built by rigorous project processes: Projects may be the problem, but project management rigor is not the solution.
    • Don’t fall into the common trap of thinking high-rigor project management should be every organization’s end goal.
    • Instead, understand that it is better to spend time assessing the portfolio to determine what projects should be prioritized.

    Impact and Result

    Begin by establishing a few foundational practices that will work to drive project throughput.

    • Capacity Estimation: Understand what your capacity is to do projects by determining how much time is allocated to doing other things.
    • Book of Record: Establish a basic but sustainable book of record so there is an official list of projects in flight and those waiting in a backlog or funnel.
    • Simple Project Management Processes: Align the rigor of your project management process with what is required, not what is prescribed by the PMP designation.
    • Impact Assessment: Address the impact of change at the beginning of the project and prepare stakeholders with the right level of communication.

    Get Started With IT Project Portfolio Management Research & Tools

    Start here – read the Executive Brief

    Begin by establishing a few foundational practices that will work to drive project throughput. Most project management problems are resolved with portfolio level solutions. This blueprint will address the eco-system of project, portfolio, and organizational change management.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Project portfolio management

    Estimate project capacity, determine what needs to be tracked on an ongoing basis, and determine what criteria is necessary for prioritizing projects.

    • Project Portfolio Supply-Demand Analysis Tool
    • Project Value Scorecard Development Tool
    • Project Portfolio Book of Record

    2. Project management

    Develop a process to inform the portfolio of the project status, create a plan that can be maintained throughout the project lifecycle, and manage the scope through a change request process.

    • Light Project Change Request Form Template

    3. Organizational change management

    Perform a change impact assessment and identify the obvious and non-obvious stakeholders to develop a message canvas accordingly.

    • Organizational Change Management Triage Tool

    4. Develop an action plan

    Develop a roadmap for how to move from the current state to the target state.

    • PPM Wireframe
    • Project Portfolio Management Foundations Stakeholder Communication Deck
    [infographic]

    Workshop: Get Started With IT Project Portfolio Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Project Portfolio Management

    The Purpose

    Establish the current state of the portfolio.

    Organize the portfolio requirements.

    Determine how projects are prioritized.

    Key Benefits Achieved

    Understand project capacity supply-demand.

    Build a portfolio book of record.

    Create a project value scorecard.

    Activities

    1.1 Conduct capacity supply-demand estimation.

    1.2 Determine requirements for portfolio book of record.

    1.3 Develop project value criteria.

    Outputs

    Clear project capacity

    Draft portfolio book of record

    Project value scorecard

    2 Project Management

    The Purpose

    Feed the portfolio with the project status.

    Plan the project work with a sustainable level of granularity.

    Manage the project as conditions change.

    Key Benefits Achieved

    Develop a process to inform the portfolio of the project status.

    Create a plan that can be maintained throughout the project lifecycle and manage the scope through a change request process.

    Activities

    2.1 Determine necessary reporting metrics.

    2.2 Create a work structure breakdown.

    2.3 Document your project change request process.

    Outputs

    Feed the portfolio with the project status

    Plan the project work with a sustainable level of granularity

    Manage the project as conditions change

    3 Organizational Change Management

    The Purpose

    Discuss change accountability.

    Complete a change impact assessment.

    Create a communication plan for stakeholders.

    Key Benefits Achieved

    Complete a change impact assessment.

    Identify the obvious and non-obvious stakeholders and develop a message canvas accordingly.

    Activities

    3.1 Discuss change accountability.

    3.2 Complete a change impact assessment.

    3.3 Create a communication plan for stakeholders.

    Outputs

    Assign accountability for the change

    Assess the change impact

    Communicate the change

    4 Develop an Action Plan

    The Purpose

    Summarize current state.

    Determine target state.

    Create a roadmap.

    Key Benefits Achieved

    Develop a roadmap for how to move from the current state to the target state.

    Activities

    4.1 Summarize current state and target state.

    4.2 Create a roadmap.

    Outputs

    Stakeholder Communication Deck

    MS Project Wireframe

    Mandate Data Valuation Before It’s Mandated

    • Buy Link or Shortcode: {j2store}121|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data can be valuable if used properly or dangerous when mishandled.
    • The organization needs to understand the value of their data before they can establish proper data management practice.
    • Data is not considered a capital asset unless there is a financial transaction (e.g. buying or selling data assets).
    • Data valuation is not easy, and it costs money to collect, store, and maintain data.

    Our Advice

    Critical Insight

    • Data always outlives people, processes, and technology. They all come and go, while data remains.
    • Oil is a limited resource, data is not. Contrary to oil, data is likely to grow over time.
    • Data is likely to outlast all other current popular financial instruments including currency, assets, or commodities.
    • Data is used internally and externally and can easily be replicated or combined.
    • Data is beyond currency, assets, or commodities and needs to be a category of its own.

    Impact and Result

    • Every organization must calculate the value of their data. This will enable organizations to become truly data-driven.
    • Too much time has been spent arguing different methods of valuation. An organization must settle on valuation that is acceptable to all its stakeholders.
    • Align data governance and data management to data valuation. Often organizations struggle to justify data initiatives due to lack of visibility in data valuation.
    • Establish appropriate roles and responsibilities and ensure alignment to a common set of goals as a foundation to get the most accurate future data valuation for your organization.
    • Assess organization data assets and implementation roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the higher maturity of data assets.

    Mandate Data Valuation Before It’s Mandated Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the value associated with the organization's data. Review Info-Tech’s methodology for assessing data value and justifying your data initiatives with a value proposition.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify data valuation

    Understand the benefits of data valuation.

    • Mandate Data Valuation Before It’s Mandated – Phase 1: Demystify Data Valuation

    2. Data value chain

    Learn about the data value chain framework and preview the step-by-step guide to start collecting data sources.

    • Mandate Data Valuation Before It’s Mandated – Phase 2: Data Value Chain

    3. Data value assessment

    Mature your data valuation by putting in the valuation dimensions and metrics. Establish documented results that can be leveraged to demonstrate value in your data assets.

    • Mandate Data Valuation Before It’s Mandated – Phase 3: Data Value Assessment
    [infographic]

    Workshop: Mandate Data Valuation Before It’s Mandated

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Value of Data Valuation

    The Purpose

    Explain data valuation approach and value proposition.

    Key Benefits Achieved

    A clear understanding and case for data valuation.

    Activities

    1.1 Review common business data sources and how the organization will benefit from data valuation assessment.

    1.2 Understand Info-Tech’s data valuation framework.

    Outputs

    Organization data valuation priorities

    2 Capture Organization Data Value Chain

    The Purpose

    Capture data sources and data collection methods.

    Key Benefits Achieved

    A clear understanding of the data value chain.

    Activities

    2.1 Assess data sources and data collection methods.

    2.2 Understand key insights and value proposition.

    2.3 Capture data value chain.

    Outputs

    Data Valuation Tool

    3 Data Valuation Framework

    The Purpose

    Leverage the data valuation framework.

    Key Benefits Achieved

    Capture key data valuation dimensions and align with data value chain.

    Activities

    3.1 Introduce data valuation framework.

    3.2 Discuss key data valuation dimensions.

    3.3 Align data value dimension to data value chain.

    Outputs

    Data Valuation Tool

    4 Plan for Continuous Improvement

    The Purpose

    Improve organization’s data value.

    Key Benefits Achieved

    Continue to improve data value.

    Activities

    4.1 Capture data valuation metrics.

    4.2 Define data valuation for continuous monitoring.

    4.3 Create a communication plan.

    4.4 Define a plan for continuous improvements.

    Outputs

    Data valuation metrics

    Data Valuation Communication Plan

    Knowledge Management

    • Buy Link or Shortcode: {j2store}33|cart{/j2store}
    • Related Products: {j2store}33|crosssells{/j2store}
    • member rating overall impact: 9.0/10
    • member rating average dollars saved: $10,000
    • member rating average days saved: 2
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources
    Mitigate Key IT Employee Knowledge Loss

    The State of Black Professionals in Tech

    • Buy Link or Shortcode: {j2store}550|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • The experience of Black professionals in IT differs from their colleagues.
    • Job satisfaction is also lower for Black IT professionals.
    • For organizations to gain from the benefits of diversity, equity, and inclusion, they need to ensure they understand the landscape for many Black professionals.

    Our Advice

    Critical Insight

    • As an IT leader, you can make a positive difference in the working lives of your team; this is not just the domain of HR.
    • Employee goals can vary depending on the barriers that they encounter. IT leaders must ensure they have an understanding of unique employee needs to better support them, increasing their ability to recruit and retain.
    • Improve the experience of Black IT professionals by ensuring your organization has diversity in leadership and supports mentorship and sponsorship.

    Impact and Result

    • Use the data from Info-Tech’s analysis to inform your DEI strategy.
    • Learn about actions that IT leaders can take to improve the satisfaction and career advancement of their Black employees.

    The State of Black Professionals in Tech Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The State of Black Professionals in Tech Report – A report providing you with advice on barriers and solutions for leaders of Black employees.

    IT leaders often realize that there are barriers impacting their employees but don’t know how to address them. This report provides insights on the barriers and actions that can help improve the lives of Black professionals in technology.

    • The State of Black Professionals in Tech Report

    Infographic

    Further reading

    The State of Black Professionals in Tech

    Keep inclusion at the forefront to gain the benefits from diversity.

    Analysts' Perspective

    The experience of Black professionals in technology is unique.

    Diversity in tech is not a new topic, and it's not a secret that technology organizations struggle to attract and retain Black employees. Ever since the early '90s, large tech organizations have been dealing with public critique of their lack of diversity. This topic is close to our hearts, but unfortunately while improvements have been made, progress is quite slow.

    In recent years, current events have once again brought diversity to the forefront for many organizations. In addition, the pandemic along with talent trends such as "the great resignation" and "quiet quitting" and preparations for a recession have not only impacted diversity at large but also Black professionals in technology. Our previous research has focused on the wider topic of Recruiting and Retaining People of Color in Tech, but we've found that the experiences of persons of color are not all the same.

    This study focuses on the unique experience of Black professionals in technology. Over 600 people were surveyed using an online tool; interviews provided additional insights. We're excited to share our findings with you.

    This is a picture of Allison Straker This is an image of Ugbad Farah

    Allison Straker
    Research Director
    Info-Tech Research Group

    Ugbad Farah
    Research Director
    Info-Tech Research Group

    Demographics

    In October 2021, we launched a survey to understand what the Black experience is like for people in technology. We wanted and received a variety of responses which would help us to understand how Black technology professionals experienced their working world. We received responses from 633 professionals, providing us with the data for this report.

    For more information on our survey demographics please see the appendix at this end of this report.

    A pie chart showing 26% black and 74% All Other

    26% of our respondents either identified as Black or felt the world sees them as Black.

    Professionals from various countries responded to the survey:

    • Most respondents were born in the US (52%), Canada (14%), India (14%), or Nigeria (4%).
    • Most respondents live in the US (56%), Canada (25%), Nigeria (2%), or the United Kingdom (2%).

    Companies with more diversity achieve more revenue from innovation

    Organizations do better and are more innovative when they have more diversity, a key ingredient in an organization's secret sauce.
    Organizations also benefit from engaged employees, yet we've seen that organizations struggle with both. Just having a certain number of diverse individuals is not enough. When it comes to reaping the benefits of diversity, organizations can flourish when employees feel safe bringing their whole selves to work.

    45% Innovation Revenue by Companies With Above-Average Diversity Scores
    26%

    Innovation Revenue by Companies With Below-Average Diversity Scores

    (Chart source: McKinsey, 2020)


    Companies with higher employee engagement experience 19.2% higher earnings.

    However, those with lower employee engagement experience 32.7% lower earnings.
    (DecisionWise, 2020)

    If your workforce doesn't reflect the community it serves, your business may be missing out on the chance to find great employees and break into new and growing markets, both locally and globally.
    Diversity makes good business sense.
    (Business Development Canada, 2023)

    A study about Black professionals

    Why is this about Black professionals and not other diverse groups?

    While there are a variety of diversity dimensions, it's important to understand what makes up a "multicultural workforce." There is more to diversity than gender, race, and ethnicity. Organizations need to understand that there is diversity within these groups and Black professionals have their own unique experience when it comes to entering and navigating tech that needs to be addressed.

    This image contains two bar graphs from the Brookfield Institute for Innovation and Entrepreneurship. They show the answers to two questions, sorted by the following categories: Black; Non-White; Asian; White. The questions are as follows: I feel comfortable to voice my opinion, even when it differs from the group opinion; I am part of the decision-making process at work.

    (Brookfield Institute for Innovation and Entrepreneurship, 2019)

    The solutions that apply to Black professionals are not only beneficial for Black employees but for all. While all demographics are unique, the solutions in this report can support many.

    Unsatisfied and underrepresented

    Less Black professionals responded as "satisfied" in their IT careers. The question is: How do we mend the Gap?

    Percentage of IT Professionals Who Reported Being Very Satisfied in Their Current Role

    • All Other Professionals: 34%
    • Black Professionals: 23%

    Black workers are underrepresented in most professional roles, especially computer and math Occupations

    A bar graph showing representation of black workers in the total workforce compared to computer and mathematical science occupations.

    The gap in satisfaction

    What's Important?

    Our research suggests that the differences in satisfaction among ethnic groups are related to differences in value systems. We asked respondents to rank what's important, and we explored why.

    Non-Black professionals rated autonomy and their manager working relationships as most important.

    For Black professionals, while those were important, #1 was promotion and growth opportunities, ranked #7 by all other professionals. This is a significant discrepancy.

    Recognition of my work/accomplishments also was viewed significantly differently, with Black professionals ranking it low on the list at #7 and all other professionals considering it very important at #3.

    All Other Professionals

    Black Professionals

    Two columns, containing metrics of satisfaction rated by Black Professionals, and All Other Professionals.

    Maslow's Hierarchy of Needs applies to job satisfaction

    In Maslow's hierarchy, it is necessary for people to achieve items lower on the hierarchy before they can successfully pursue the higher tiers.

    An image of Maslow's Hierarchy of Needs modified to apply to Job Satisfaction

    Too many Black professionals in tech are busy trying to achieve some of the lower parts of the hierarchy; it is stopping them from achieving elements higher up that can lead to job satisfaction.

    This can stop them from gaining esteem, importance, and ultimately, self-actualization. The barriers that impact safety and social belonging happen on a day-to-day basis, and so the day-to-day lives of Black professionals in tech can look very different from their counterparts.

    There are barriers that hinder and solutions that support employees

    An image showing barriers to success An image showing Actions for Success.
    There are various barriers that increase the likelihood for Black professionals to focus on the lower end of the needs hierarchy:

    These are among some of the solutions that, when layered, can support Black professionals in tech in moving up the needs hierarchy.

    Focusing on these actions can support Black professionals in achieving much needed job satisfaction.

    What does this mean?

    The minority experience is not a monolith

    The barriers that Black professionals encounter aren't limited to the same barriers as their colleagues, and too often this means that they aren't in a position to grow their careers in a way that leads to job satisfaction.

    There is a 11% gap between the satisfaction of Black professionals and their peers.

    Early Steps:
    Take time to understand the Black experience.

    As leaders, it's important to be aware that employee goals vary depending on the barriers they're battling with.

    Intermediate:
    If Black employees don't have strong relationships, networks, and mentorships it becomes increasingly difficult to navigate the path to upward mobility.

    As a leader, you can look for opportunities to bridge the gap on these types of conversations.

    Advanced:
    Black professionals in tech are not advancing like their counterparts.

    Creating clear career paths will not only benefit Black employees but also support your entire organization.

    Key metrics:

    • Engagement
    • Committed Executive Leadership
    • Development Opportunities
    • Organizational Programs

    Black respondents are significantly more likely to report barriers to their career advancement

    Common barriers

    Black professionals, like their colleagues, encounter barriers as they try to advance their careers. The barriers both groups encounter include microaggressions, racism, ageism, accessibility issues, sexual orientation, bias due to religion, lack of a career-supported network, gender bias, family status bias, and discrimination due to language/accents.

    What tops the list

    Microaggressions and racism are at the top of these barriers, but Black professionals also deal with other barriers that their colleagues may experience, such as gender-based bias, accessibility issues, religion, and more.

    One of these barriers alone can be difficult to deal with but when they are compounded it can be very difficult to navigate through the working environment in tech.

    A graph charting the impact of the common barriers

    What are microaggressions?

    Microaggression

    A statement, action, or incident regarded as an instance of indirect, subtle, or unintentional discrimination against members of a marginalized group such as a racial or ethnic minority.

    (Oxford Languages, 2023)

    Why are they significant?

    These things may seem innocent enough but the messaging that is received and the lasting impression is often far from it.

    Our research shows that racism and discrimination contribute to poor mental health among Black professionals.

    Examples

    • You're so articulate!
    • How do you always have different hair, can I touch it?
    • Where are you really from?
    • I don't see color.
    • I believe the most qualified person should get the job; everyone can succeed in this society if they work hard enough.

    "The experience of having to question whether something happened to you because of your race or constantly being on edge because your environment is hostile can often leave people feeling invisible, silenced, angry, and resentful."
    Dr. Joy Bradford,
    clinical Psychologist, qtd. In Pfizer

    It takes some time to get in the door

    For too many Black respondents, It took Longer than their peers to Find Technology Jobs.

    Both groups had some success finding jobs in "no time" – however, there was a difference. Thirty-four percent of "all others" found their jobs quickly, while the numbers were less for Black professionals, at 26%. There was also a difference at the opposite end of the spectrum. For 29% of Black professionals, it took seven months or longer to find their IT job, while that number is only 19% for their peers.

    .a graph showing time taken for respondents sorted by black; and all other.

    This points to the need for improvements in recruitment and career advancement.

    29% of Black respondents said that it took them 7 months or longer to find their technology job.

    Compared to 19% of all other professionals that selected the same response.

    And once they're in, it's difficult to advance

    Black Professionals are not Advancing as Quickly as their Colleagues. Especially when you look at their Experience.

    Our research shows that compared to all other ethnicities; Black participants were 55% more likely to report that they had no career advancement/promotion in their career. There is a bigger percentage of Black professionals who have never received a promotion; there's also a large number of Black professionals who have been working a significant amount time in the same role without a promotion.

    .Career Advancement

    A graph showing career advancement for the categories: Black and All Other.

    Black participants were 55% more likely to report that they had had no career advancement/promotion in their career.

    No advancement

    A graph showing the number of respondents who reported no career advancement over time, for the categories: Black; and All Other.

    There's a high cost to lack of engagement

    When employees feel disillusioned with things like career advancement and microaggressions, they often become disengaged. When you continuously have to steel yourself against microaggressions, racism, and other barriers, it prevents you from bringing your whole self to the office. The barriers can lead to what's been coined as "emotional tax." An emotional tax is the experience of feeling different from colleagues because of your inherent diversity and the associated negative effects on health, wellbeing, and the ability to thrive at work.

    Earnings of companies with higher employee engagement

    19.2%

    Earnings of companies with lower employee engagement

    -32.7%

    (DecisionWise, 2020)

    "I've conditioned myself for the corporate world, I don't bring my authentic self to work."
    Anonymous Interview Subject

    Lack of engagement also costs the organization in terms of turnover, something many organizations today are struggling with how to address. Organizations want to increase the ability of the workforce to remain in the organization. For Black employees, this gets harder when they're not engaged and they're the only one. When the emotional tax gets to be too much, this can lead to turnover. Turnover not only costs companies billions in profits, it also negatively impacts leadership diversity. It's difficult to imagine career growth when you don't see anyone that looks like you at the top. It is a challenge to see your future when there aren't others that you can relate to at top levels in the organization, leading to one of our interview subjects to muse, "How long can I last?"

    "Being Black in tech can be hard on your mental health. Your mind is constantly wondering, 'how long can I last?' "
    Anonymous Interview Subject

    Fewer Black professionals feel like they can be their authentic selves at work

    Authentic vs. Successes

    For many Black professionals, "code-switching," or altering the way one speaks and acts depending on context, becomes the norm to make others more comfortable. Many feel that being authentic and succeeding in the workplace are mutually exclusive.

    Programs and Resources

    We asked respondents "What's in place to build an inclusive culture at your company?" Most respondents (51% and 45%) reported that there were employee resource groups at their organizations.

    Do you feel you can be your authentic self at work?

    A bar graph showing 86% for All Other Professions, and 75% for Black Professionals

    A bar graph showing responses to the question What’s in place to build an inclusive culture at your company.

    What can be done?

    An image showing actions for success.

    There are various actions that organizations can take to help address barriers.

    It's important to ensure these are not put in as band-aid solutions but that they are carefully thought out and layered.

    Our findings demonstrate that remote work, career development, and DEI programs along with mentorship and diverse leadership are strong enablers of professional satisfaction. An unfortunate consequence, if professionals are not nurtured, is that we risk losing much needed talent to self-employment or to other organizations.

    There are several solutions

    Respondents were asked to distribute points across potential solutions that could lead to job satisfaction. The ratings showed that there were common solutions that could be leveraged across all groups.

    Respondents were asked what solutions were valuable for their career development.

    All groups were mostly aligned on the order of the solutions that would lead to career satisfaction; however, Black professionals rated the importance of employee resource groups as higher than their colleagues did.

    An image showing how respondents rate a number of categories, sorted into Ratings by Black Professionals, and Ratings by Other Professionals

    Mentorship and sponsorship are seen as key for all employees, as is of course training.

    However, employee resource groups (ERGs) were rated significantly higher for Black professionals and discussions around diversity were higher for their colleagues. This may be because other groups feel a need to learn more about diversity, whereas Black professionals live this experience on a day-to day basis, so it's not as critical for them.

    Double the number of satisfied Black professionals through mentorship and sponsorship

    a bar graph showing the number of very satisfied people with and without mentors/sponsors.

    Mentorship and sponsorship help to close the job satisfaction gap for Black IT professionals. The percentage of satisfied Black employees almost doubles when they have a mentor or sponsorship, moving the satisfaction rate to closer to all other colleagues.

    As leaders, you likely benefit from a few different advisors, and your staff should be able to benefit in the same way.

    They can have their own personal board of advisors, both inside and outside of your organization, helping them to navigate the working world in IT.

    To support your staff, provide guidance and coaching to internal mentors so that they can best support employees, and ensure that your organizational culture supports relationship building and trust.

    While all are critical, coaching, mentoring, and sponsorship are not the same

    Coaching

    Performance-driven guidance geared to support the employee with on-the-job performance. This could be a short-term relationship.

    Mentorship

    A relationship where the mentor provides guidance, information, and expertise to support the long-term career development of the mentee.

    Sponsorship

    The act of advocating on the behalf of another for a position, promotion, development opportunity, etc. over a longer period.

    For more information on setting up a mentorship program, see Optimize the Mentoring Program to Build a High Performing Learning Organization.

    On why mentorship and sponsorship are important:

    "With some degree of mentorship or sponsorship, it means that your ability to thrive or to have a positive experience in organizations increases substantially.

    Mentorship and sponsorship are very often the lynchpin of someone being successful and sticking with an organization.

    Sponsorship is an endorsement to other high-level stakeholders who very often are the gatekeepers of opportunity. Sponsors help to shepherd you through the gate."

    An Image of Carlos Thomas

    Carlos Thomas
    Executive Councilor, Info-Tech Research Group

    What is an employee resource group?

    IT Professionals rated ERGs as the third top driver of success at work

    Employee resource groups enable employees to connect in their workplace based on shared characteristics or life experiences.

    ERGs generally focus on providing support, enhancing career development, and contributing to personal development in the work environment. Some ERGs provide advice to the organization on how they can support their diverse employees.

    As leaders, you should support and encourage the formation of ERGs in your organization.

    What each ERG does will vary according to the needs of employees in your organization. Your role is to enable the ERGs as they are created and maintained.

    On setting up and leveraging employee resource groups:

    "Employee resource groups, when leveraged in an authentically intentional way, can be the some of the most impactful stakeholders in the development and implementation of the organizational diversity, equity, and inclusion strategy.

    ERGs are essential to the development of policies, programs, and initiatives that address the needs of equity-seeking groups and are key to driving organizational culture and employee wellbeing, in addition to hiring and recruitment.

    ERGs must be set up for success by having adequate resources to do the work, which includes adequate budgets, executive sponsorship, training, support, and capacity to do the work. According to a Great Place To Work survey (2021), 50% of ERGs identified the need for adequate resources as a challenge for carrying out the work.:"

    An image of Cinnamon Clark

    CINNAMON CLARK
    PRACTICE LEAD, DIVERSITY, EQUITY AND INCLUSION services, MCLEAN & CO

    There is a gap when it comes to diversity in leadership

    Representation at leadership levels is especially stagnant.

    Black Americans comprise 13.6% of the US population
    (2022 data from the US Census Bureau)

    And yet only 5.9% of the country's CEOs are Black, with only 6 (1%) at the top of Fortune 500 companies.
    (2021 data from the Bureau of Labor Statistics and Fortune.com)

    I've never worked for a company that has Black executives. It's difficult to envision long-term growth with an organization when you don't see yourself represented in leadership.
    – Anonymous Interview Subject

    Having diversity in your leadership team doubles satisfaction

    An image of a bar graph showing satisfaction for those who do, and do not see diversity in their company's leadership.

    Our research shows that Black professionals are more satisfied in their role when they see leaders that look like them.

    Satisfaction of other professionals is not as impacted by diversity in leadership as for Black professionals. Satisfaction doubles in organizations that have a diverse leadership team.

    To reap the benefits from diversity, we need to ensure diversity is not just in entry or mid-level positions and provide employees an opportunity to see diversity in their company's leadership.

    On the need for diversity in leadership:

    "As a Black professional leader, it's not lost on me that I have a responsibility. I have to demonstrate authenticity, professionalism, and exemplary behavior that others can mimic. And I must also showcase that there are possibilities for those coming up in their career. I feel very grateful that I can bestow onto others my knowledge, my experience, my journey, and the tips that I've used to help bring me to be where I am.
    (Having Black leaders in an organization) demonstrates that there is talent across the board, that there are all types of women and people with proficiencies. What it brings to the table is a difference in thoughts and experience.
    A person like myself, sitting at the table, can bring a unique perspective on employee behavior and employee impact. CCL is an organization focused on equity, diversity, and inclusion; for sure having me at the table and others that look like me at the table demonstrates to the public an organization that's practicing what it preaches."

    An image of C. Fara Francis

    C. Fara Francis
    CIO, Center for creative leadership

    Work from home

    While all groups have embraced the work-from-home movement, many Black professionals find it reduces the impact of racial incidents in the workplace.

    Percentage of employees who experienced positive changes in motivation after working remotely.

    Black: 43%; All Other: 43%

    I have to guard and protect myself from experiencing and witnessing racism every day. I am currently working remotely, and I can say for certain my mood and demeanor have improved. Not having to decide if I should address a racist comment or action has made my day easier.
    Source: Slate, 2022

    Remote work significantly led to feelings of better chances for career advancement

    Survey respondents were asked about the positive and negative changes they saw in their interactions and experiences with remote work. Black employees and their colleagues replied similarly, with mostly positive experiences.

    While both groups enjoyed better chances for career advancement, the difference was significantly higher for Black professionals.

    An image of a series of bar graphs showing the effects of remote work on a number of factors.

    Reasons for Self-Employment:

    More Black professionals have chosen self-employment than their colleagues.

    All Other: 26%; Black: 30%.

    A bar graph showing rankings for reasons for self employment, sorted by Black and All Other.

    The biggest reasons for both groups in choosing self-employment were for better pay, career growth, and work/life balance.

    While the desire for better pay was the highest reason for both groups, for engaged employees salary is a lower priority than other concerns (Adecco Group's Global Workforce of the Future report). Consider salary in conjunction with career growth, work/life balance, and the variety in the work that your employees have.

    A bar graph showing rankings for reasons for self employment, sorted by Black and All Other.

    If we don't consider our Black employees, not only do we risk them leaving the organization, but they may decide to just work for themselves.

    Most professionals believe their organizations are committed to diversity, equity, and inclusion

    38% of all respondents believe their organizations are very committed to DEI
    49% believe they are somewhat committed
    9% feel they are not committed
    4% are unsure

    Make sure supports are in place to help your employees grow in their careers:

    Leadership
    IT Leadership Career Planning Research Center

    Diversity and Inclusion Tactics
    IT Diversity & Inclusion Tactics

    Employee Development Planning
    Implement an IT Employee Development Plan

    Belief in your organization's diversity, equity, and inclusion efforts isn't consistent across groups: Make sure actions are seen as genuine

    While organization's efforts are acknowledged, Black professionals aren't as optimistic about the commitment as their peers. Make sure that your programs are reaching the various groups you want to impact, to increase the likelihood of satisfaction in their roles.

    SATISFACTION INCREASES IN BOTH BLACK AND NON-BLACK PROFESSIONALS

    When they believe in their company's commitment to diversity, equity. and inclusion.

    Of those who believe in their organization's commitment, 61% of Black professionals and 67% of non-Black professionals are very satisfied in their roles.

    BELIEVE THEIR ORGANIZATION IS NOT COMMITTED TO DEI

    BELIEVE THEIR ORGANIZATION IS VERY COMMITTED TO DEI

    NON-BLACK PROFESSIONALS

    8%

    41%

    BLACK PROFESSIONALS

    13%

    30%

    Recommendations

    It's important to understand the current landscape:

    • The barriers that Black employees often face.
    • The potential solutions that can help close the gap in employee satisfaction.

    We recognize that resolving this is not easy. Although senior executives are recognizing that a diverse set of experiences, perspectives, and backgrounds is crucial to fostering innovation and competing on the global stage, organizations often don't take the extra step to actively look for racialized talent, and many people still believe that race doesn't play an important part in an individual's ability to access opportunities.

    Look at a variety of solutions that you can implement within your organization; layering solutions is the key to driving business diversity. Always keep in mind that diversity is not a monolith, that the experiences of each demographic varies.

    Info-Tech resources

    Appendix

    About the research

    Diversity in tech survey

    As part of the research process for the State of Black Tech Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from October 2021 to April 2022, collecting 633 responses.

    An image of Page 1 of the Appendix.

    Current Position

    An image of Page 2 of the Appendix.

    Education and Experience

    Education was fairly consistent across both groups, with a few exceptions: more Black professionals had secondary school (9% vs. 4%) and more Black professionals had Doctorate degrees (4% vs. 2%).

    We had more non-Black respondents with 20+ years of experience (31% vs. 19%) and more Black respondents with less than 1 year of experience (8% vs. 5%) – the rest of the years of experience were consistent across the two groups.

    An image of Page 3 of the Appendix.

    It is important to recognize that people are often seen by "the world" as belonging to a different race or set of races than what they personally identify as. Both aspects impact a professional's experience in the workplace.

    An image of Page 4 of the Appendix.

    Bibliography

    Barton, LeRon. “I’m Black. Remote Work Has Been Great for My Mental Health.” Slate, 15 July 2022.

    “Black or African American alone, percent.” U.S. Census Bureau QuickFacts: United States. Accessed 14 February 2023.

    Boyle, Matthew. “More Workers Ready to Quit Over ‘Window Dressing’ Racism Efforts.” Bloomberg.com, 9 June 2022.

    Boyle, Matthew. “Remote Work Has Vastly Improved the Black Worker Experience.” Bloomberg.com, 5 October 2021.

    Cooper, Frank, and Ranjay Gulati. “What Do Black Executives Really Want?” Harvard Business Review, 18 November 2021.

    “Emotional Tax.” Catalyst. Accessed 1 April 2022.

    “Employed Persons by Detailed Occupation, Sex, Race, and Hispanic or Latino Ethnicity” U.S. Bureau of Labor Statistics. Accessed February 14, 2023.

    “Equality in Tech Report - Welcome.” Dice, 9 March 2022. Accessed 23 March 2022.

    Erb, Marcus. "Leaders Are Missing the Promise and Problems of Employee Resource Groups." Great Place To Work, 30 June 2021.

    Gawlak, Emily, et al. “Key Findings - Being Black In Corporate America.” Coqual, Center for Talent Innovation (CTI), 2019.

    “Global Workforce of the Future Research.” Adecco, 2022. Accessed 4 February 2023.

    Gruman, Galen. “The State of Ethnic Minorities in U.S. Tech: 2020.” Computerworld, 21 September 2020. Accessed 31 May 2022.

    Hancock, Bryan, et al. “Black Workers in the US Private Sector.” McKinsey, 21 February 2021. Accessed 1 April 2022.

    “Hierarchy Of Needs Applied To Employee Engagement.” Proactive Insights, 12 February 2020.

    Hobbs, Cecyl. “Shaping the Future of Leadership for Black Tech Talent.” Russell Reynolds Associates, 27 January 2022. Accessed 3 August 2022.

    Hubbard, Lucas. “Race, Not Job, Predicts Economic Outcomes for Black Households.” Duke Today, 16 September 2021. Accessed 30 May 2022.

    Knight, Marcus. “How the Tech Industry Can Be More Inclusive to the Black Community.” Crunchbase, 23 February 2022.

    “Maslow’s Hierarchy of Needs in Employee Engagement (Pre and Post Covid 19).” Vantage Circle HR Blog, 30 May 2022.

    McDonald, Autumn. “The Racism of the ‘Hard-to-Find’ Qualified Black Candidate Trope (SSIR).” Stanford Social Innovation Review, 1 June 2021. Accessed 13 December 2021.

    McGlauflin, Paige. “The Fortune 500 Features 6 Black CEOs—and the First Black Founder Ever.” Fortune, 23 May 2022. Accessed 14 February 2023.

    “Microaggression." Oxford English Dictionary, Oxford Languages, 2023.

    Reed, Jordan. "Understanding Racial Microaggression and Its Effect on Mental Health." Pfizer, 26 August 2020.

    Shemla, Meir “Why Workplace Diversity Is So Important, And Why It’s So Hard To Achieve.” Forbes, 22 August 2018. Accessed 4 February 2023.

    “The State of Black Women in Corporate America.” Lean In and McKinsey & Company, 2020. Accessed 14 January 2022.

    Van Bommel, Tara. “The Power of Empathy in Times of Crisis and Beyond (Report).” Catalyst, 2021. Accessed 1 April 2022.

    Vu, Viet, Creig Lamb, and Asher Zafar. “Who Are Canada’s Tech Workers?” Brookfield Institute for Innovation and Entrepreneurship, January 2019. Accessed on Canadian Electronic Library, 2021. Web.

    Warner, Justin. “The ROI of Employee Engagement: Show Me the Money!” DecisionWise, 1 January 2020. Web.

    White, Sarah K. “5 Revealing Statistics about Career Challenges Black IT Pros Face.” CIO (blog), 9 February 2023. Accessed 5 July 2022.

    Williams, Joan C. “Stop Asking Women of Color to Do Unpaid Diversity Work.” Bloomberg.com, 14 April 2022.

    Williams, Joan C., Rachel Korn, and Asma Ghani. “A New Report Outlines Some of the Barriers Facing Asian Women in Tech.” Fast Company, 13 April 2022.

    Wilson, Valerie, Ethan Miller, and Melat Kassa. “Racial representation in professional occupations.” Economic Policy Institute, 8 June 2021.

    “Workplace Diversity: Why It’s Good for Business.” Business Development Canada (BDC.ca), 6 Feb. 2023. Accessed 4 February 2023.

    Make IT a Successful Partner in M&A Integration

    • Buy Link or Shortcode: {j2store}79|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Many organizations forget the essential role IT plays during M&A integration. IT is often unaware of a merger or acquisition until the deal is announced, making it very difficult to adequately interpret business goals and appropriately assess the target organization.
    • IT-related integration activities are amongst the largest cost items in an M&A, yet these costs are often overlooked or underestimated during due diligence.
    • IT is expected to use the M&A team’s IT due diligence report and estimated IT integration budget, which may not have been generated appropriately.
    • IT involvement in integration is critical to providing a better view of risks, improving the ease of integration, and optimizing synergies.

    Our Advice

    Critical Insight

    • Anticipate that you are going to be under pressure. Fulfill short-term, tactical operational imperatives while simultaneously conducting discovery and designing the technology end-state.
    • To migrate risks and guide discovery, select a high-level IT integration posture that aligns with business objectives.

    Impact and Result

    • Once a deal has been announced, use this blueprint to set out immediately to understand business M&A goals and expected synergies.
    • Assemble an IT Integration Program to conduct discovery and begin designing the technology end-state, while simultaneously identifying and delivering operational imperatives and quick-wins as soon as possible.
    • Following discovery, use this blueprint to build initiatives and put together an IT integration budget. The IT Integration Program has an obligation to explain the IT cost implications of the M&A to the business.
    • Once you have a clear understanding of the cost of your IT integration, use this blueprint to build a long-term action plan to achieve the planned technology end-state that best supports the business capabilities of the organization.

    Make IT a Successful Partner in M&A Integration Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should follow Info-Tech’s M&A IT integration methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Define the business’s M&A goals, assemble an IT Integration Program, and select an IT integration posture that aligns with business M&A strategy.

    • Make IT a Successful Partner in M&A Integration – Phase 1: Launch the Project
    • IT Integration Charter

    2. Conduct discovery and design the technology end-state

    Refine the current state of each IT domain in both organizations, and then design the end-state of each domain.

    • Make IT a Successful Partner in M&A Integration – Phase 2: Conduct Discovery and Design the Technology End-State
    • IT Integration Roadmap Tool

    3. Initiate operational imperatives and quick-wins

    Generate tactical operational imperatives and quick-wins, and then develop an interim action plan to maintain business function and capture synergies.

    • Make IT a Successful Partner in M&A Integration – Phase 3: Initiate Operational Imperatives and Quick-Wins

    4. Develop an integration roadmap

    Generate initiatives and put together a long-term action plan to achieve the planned technology end-state.

    • Make IT a Successful Partner in M&A Integration – Phase 4: Develop an Integration Roadmap
    [infographic]

    Workshop: Make IT a Successful Partner in M&A Integration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    Identification of staffing and skill set needed to manage the IT integration.

    Generation of an integration communication plan to highlight communication schedule during major integration events.

    Identification of business goals and objectives to select an IT Integration Posture that aligns with business strategy.

    Key Benefits Achieved

    Defined IT integration roles & responsibilities.

    Structured communication plan for key IT integration milestones.

    Creation of the IT Integration Program.

    Generation of an IT Integration Posture.

    Activities

    1.1 Define IT Integration Program responsibilities.

    1.2 Build an integration communication plan.

    1.3 Host interviews with senior management.

    1.4 Select a technology end-state and IT integration posture.

    Outputs

    Define IT Integration Program responsibilities and goals

    Structured communication plan

    Customized interview guide for each major stakeholder

    Selected technology end-state and IT integration posture

    2 Conduct Discovery and Design the Technology End-State

    The Purpose

    Identification of information sources to begin conducting discovery.

    Definition of scope of information that must be collected about target organization.

    Definition of scope of information that must be collected about your own organization.

    Refinement of the technology end-state for each IT domain of the new entity. 

    Key Benefits Achieved

    A collection of necessary information to design the technology end-state of each IT domain.

    Adequate information to make accurate cost estimates.

    A designed end-state for each IT domain.

    A collection of necessary, available information to make accurate cost estimates. 

    Activities

    2.1 Define discovery scope.

    2.2 Review the data room and conduct onsite discovery.

    2.3 Design the technology end-state for each IT domain.

    2.4 Select the integration strategy for each IT domain.

    Outputs

    Tone set for discovery

    Key information collected for each IT domain

    Refined end-state for each IT domain

    Refined integration strategy for each IT domain

    3 Initiate Tactical Initiatives and Develop an Integration Roadmap

    The Purpose

    Generation of tactical initiatives that are operationally imperative and will help build business credibility.

    Prioritization and execution of tactical initiatives.

    Confirmation of integration strategy for each IT domain and generation of initiatives to achieve technology end-states.

    Prioritization and execution of integration roadmap.

    Key Benefits Achieved

    Tactical initiatives generated and executed.

    Confirmed integration posture for each IT domain.

    Initiatives generated and executed upon to achieve the technology end-state of each IT domain. 

    Activities

    3.1 Build quick-win and operational imperatives.

    3.2 Build a tactical action plan and execute.

    3.3 Build initiatives to close gaps and redundancies.

    3.4 Finalize your roadmap and kick-start integration.

    Outputs

    Tactical roadmap to fulfill short-term M&A objectives and synergies

    Confirmed IT integration strategies

    Finalized integration roadmap

    Annual CIO Survey Report 2024

    • Buy Link or Shortcode: {j2store}106|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    CIOs today face increasing pressures, disruptive emerging technologies, talent shortages, and a slew of other challenges. What are their top concerns, priorities, and technology bets that will define the future direction of IT?

    CIO responses to our Future of IT 2024 survey reveal key insights on spending projects, the potential disruptions causing the most concern, plans for adopting emerging technology, and how firms are responding to generative AI.

    See how CIOs are sizing up the opportunities and threats of the year ahead

    Map your organization’s response to the external environment compared to CIOs across geographies and industries. Learn:

    • The CIO view on continuing concerns such as cybersecurity.
    • Where they rate their IT department’s maturity.
    • What their biggest concerns and budget increases are.
    • How they’re approaching third-party generative AI tools.

    Annual CIO Survey Report 2024 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Future of IT Survey 2024 – A summary of key insights from the CIO responses to our Future of IT 2024 survey.

    Take the pulse of the IT industry and see how CIOs are planning to approach 2024.

    • Annual CIO Survey Report for 2024
    [infographic]

    Further reading

    Annual CIO Survey Report 2024

    An inaugural look at what's on the minds of CIOs.

    1. Firmographics

    • Region
    • Title
    • Organization Size
    • IT Budget Size
    • Industry

    Firmographics

    The majority of CIO responses came from North America. Contributors represent regions from around the world.

    Countries / Regions Response %
    United States 47.18%
    Canada 11.86%
    Australia 9.60%
    Africa 6.50%
    China 0.28%
    Germany 1.13%
    United Kingdom 5.37%
    India 1.41%
    Brazil 1.98%
    Mexico 0.56%
    Middle East 4.80%
    Asia 0.28%
    Other country in Europe 4.52%

    n=354

    Firmographics

    A typical CIO respondent held a C-level position at a small to mid-sized organization.

    Half of CIOs hold a C-level position, 10% are VP-level, and 20% are director level

    Pie Chart of CIO positions

    38% of respondents are from an organization with above 1,000 employees

    Pie chart of size of organizations

    Firmographics

    A typical CIO respondent held a C-level position at a small to mid-sized organization.

    40% of CIOs report an annual budget of more than $10 million

    Pie chart of CIO annual budget

    A range of industries are represented, with 29% of respondents in the public sector or financial services

    Range of industries

    2. Key Factors

    • IT Maturity
    • Disruptive Factors
    • IT Spending Plans
    • Talent Shortage

    Two in three respondents say IT can deliver outcomes that Support or Optimize the business

    IT drives outcomes

    Most CIOs are concerned with cybersecurity disruptions, and one in four expect a budget increase of above 10%

    How likely is it that the following factors will disrupt your business in the next 12 months?

    Chart for factors that will disrupt your business

    Looking ahead to 2024, how will your organization's IT spending change compared to spending in 2023?

    Chart of IT spending change

    3. Adoption of Emerging Technology

    • Fastest growing tech for 2024 and beyond

    CIOs plan the most new spend on AI in 2024 and on mixed reality after 2024

    Top five technologies for new spending planned in 2024:

    1. Artificial intelligence - 35%
    2. Robotic process automation or intelligent process automation - 24%
    3. No-code/low-code platforms - 21%
    4. Data management solutions - 14%
    5. Internet of Things (IoT) - 13%

    Top five technologies for new spending planned after 2024:

    1. Mixed reality - 20%
    2. Blockchain - 19%
    3. Internet of Things (IoT) - 17%
    4. Robotics/drones - 16%
    5. Robotic process automation or intelligent process automation - 14%

    n=301

    Info-Tech Insight
    Three in four CIOs say they have no plans to invest in quantum computing, more than any other technology with no spending plans.

    4. Adoption of AI

    • Interest in generative AI applications
    • Tasks to be completed with AI
    • Progress in deploying AI

    CIOs are most interested in industry-specific generative AI applications or text-based

    Rate your business interest in adopting the following generative AI applications:

    Chart for interest in AI

    There is interest across all types of generative AI applications. CIOs are least interested in visual media generators, rating it just 2.4 out of 5 on average.

    n=251

    Info-Tech Insight
    Examples of generative AI solutions specific to the legal industry include Litigate, CoCounsel, and Harvey.

    By the end of 2024, CIOs most often plan to use AI for analytics and repetitive tasks

    Most popular use cases for AI by end of 2024:

    1. Business analytics or intelligence - 69%
    2. Automate repetitive, low-level tasks - 68%
    3. Identify risks and improve security - 66%
    4. IT operations - 62%
    5. Conversational AI or virtual assistants - 57%

    Fastest growing uses cases for AI in 2024:

    1. Automate repetitive, low-level tasks - 39%
    2. IT operations - 38%
    3. Conversational AI or virtual assistants - 36%
    4. Business analytics or intelligence - 35%
    5. Identify risks and improve security - 32%

    n=218

    Info-Tech Insight
    The least popular use case for AI is to help define business strategy, with 45% saying they have no plans for it.

    One in three CIOs are running AI pilots or are more advanced with deployment

    How far have you progressed in the use of AI?

    Chart of progress in use of AI

    Info-Tech Insight
    Almost half of CIOs say ChatGPT has been a catalyst for their business to adopt new AI initiatives.

    5. AI Risk

    • Perceived impact of AI
    • Approach to third-party AI tools
    • AI features in business applications
    • AI governance and accountability

    Six in ten CIOs say AI will have a positive impact on their organization

    What overall impact do you expect AI to have on your organization?

    Overall impact of AI on organization

    The majority of CIOs are waiting for professional-grade generative AI tools

    Which of the following best describes your organization's approach to third-party generative AI tools (such as ChatGPT or Midjourney)?

    Third-party generative AI

    Info-Tech Insight
    Business concerns over intellectual property and sensitive data exposure led OpenAI to announce ChatGPT won't use data submitted via its API for model training unless customers opt in to do so. ChatGPT users can also disable chat history to avoid having their data used for model training (OpenAI).

    One in three CIOs say they are accountable for AI, and the majority are exploring it cautiously

    Who in your organization is accountable for governance of AI?

    Governance of AI

    More than one-third of CIOs say no AI governance steps are in place today

    What AI governance steps does your organization have in place today?

    Chart of AI governance steps

    Among organizations that plan to invest in AI in 2024, 30% still say there are no steps in place for AI governance. The most popular steps to take are to publish clear explanations about how AI is used, and to conduct impact assessments (n=170).

    Chart of AI governance steps

    Among all CIOs, including those that do not plan to invest in AI next year, 37% say no steps are being taken toward AI governance today (n=243).

    6. Contribute to Info-Tech's Research Community

    • Volunteer to be interviewed
    • Attend LIVE in Las Vegas

    It's not too late; take the Future of IT online survey

    Contribute to our tech trends insights

    If you haven't already contributed to our Future of IT online survey, we are keeping the survey open to continue to collect insights and inform our research reports and agenda planning process. You can take the survey today. Those that complete the survey will be sent a complimentary Tech Trends 2024 report.

    Complete an interview for the Future of IT research project

    Help us chart the future course of IT

    If you are receiving this for completing the Future of IT online survey, thank you for your contribution. If you are interested in further participation and would like to provide a complementary interview, please get in touch at brian.Jackson@infotech.com. All interview subjects must also complete the online survey.

    If you've already completed an interview, thank you very much, and you can look forward to seeing more impacts of your contribution in the near future.

    LIVE 2023

    Methodology

    All data in this report is from Info-Tech's Future of IT online survey 2023 edition.

    A CIO focus for the Future of IT

    Data in this report represents respondents to the Future of IT online survey conducted by Info-Tech Research Group between May 11 and July 7, 2023.

    Only CIO respondents were selected for this report, defined as those who indicated they are the most senior member of their organization's IT department.

    This data segment reflects 355 total responses with 239 completing every question on the survey.

    Further data from the Future of IT online survey and the accompanying interview process will be featured in Info-Tech's Tech Trends 2024 report this fall and in forthcoming Priorities reports including Applications, Data & EA, CIO, Infrastructure, and Security.

    Create a Data Management Roadmap

    • Buy Link or Shortcode: {j2store}122|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $100,135 Average $ Saved
    • member rating average days saved: 36 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Data has quickly become one of the most valuable assets in any organization. But when it comes to strategically and effectively managing those data assets, many businesses find themselves playing catch-up. The stakes are high because ineffective data management practices can have serious consequences, from poor business decisions and missed revenue opportunities to critical cybersecurity risks.

    Successful management and consistent delivery of data assets requires collaboration between the business and IT and the right balance of technology, process, and resourcing solutions.

    Build an effective and collaborative data management practice

    Data management is not one-size-fits-all. Cut through the noise around data management and create a roadmap that is right for your organization:

    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing data assets.
    • Design a program that can scale and evolve over time.
    • Perform data strategy planning and incorporate data capabilities into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    This blueprint will help you design a data management practice that builds capabilities to support your organization’s current use of data and its vision for the future.

    Create a Data Management Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a Data Management Roadmap Storyboard – Use this deck to help you design a data management practice and turn data into a strategic enabler for the organization.

    Effective data delivery and management provides the business with new and improved opportunities to leverage data for business operations and decision making. This blueprint will help you design a data management practice that will help your team build capabilities that align to the business' current usage of data and its vision for the future.

    • Create a Data Management Roadmap – Phases 1-2

    2. Data Management Strategy Planning Tools – Use these tools to align with the business and lay the foundations for the success of your data management practice.

    Begin by using the interview guide to engage stakeholders to gain a thorough understanding of the business’ challenges with data, their strategic goals, and the opportunities for data to support their future plans. From there, these tools will help you identify the current and target capabilities for your data management practice, analyze gaps, and build your roadmap.

    • Data Strategy Planning Interview Guide
    • Data Management Assessment and Planning Tool
    • Data Management Project Charter Template

    3. Stakeholder Communication and Assessment Tools – Use these templates to develop a communication strategy that will convey the value of the data management project to the organization and meet the needs of key stakeholders.

    Strong messaging around the value and purpose of the data management practice is essential to ensure buy-in. Use these templates to build a business case for the project and socialize the idea of data management across the various levels of the organization while anticipating the impact on and reactions from key stakeholders.

    • Data Management Communication/Business Case Template
    • Project Stakeholder and Impact Assessment Tool

    4. Data Management Strategy Work Breakdown Structure Template – Use this template to maintain strong project management throughout your data management project.

    This customizable template will support an organized approach to designing a program that addresses the business’ current and evolving data management needs. Use it to plan and track your deliverables and outcomes related to each stage of the project.

    • Data Management Strategy Work Breakdown Structure Template

    5. Data Management Roadmap Tools – Use these templates to plan initiatives and create a data management roadmap presentation.

    Create a roadmap for your data management practice that aligns to your organization’s current needs for data and its vision for how it wants to use data over the next 3-5 years. The initiative tool guides you to identify and record all initiative components, from benefits to costs, while the roadmap template helps you create a presentation to share your project findings with your executive team and project sponsors.

    • Initiative Definition Tool
    • Data Management Roadmap Template

    6. Track and Measure Benefits Tool – Use this tool to monitor the project’s progress and impact.

    Benefits tracking enables you to measure the effectiveness of your project and make adjustments where necessary to realize expected benefits. This tool will help you track benefit metrics at regular intervals to report progress on goals and identify benefits that are not being realized so that you can take remedial action.

    • Track and Measure Benefits Tool

    Infographic

    Workshop: Create a Data Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop Data Strategies

    The Purpose

    Understand the business’s vision for data and the role of the data management practice.

    Determine business requirements for data.

    Map business goals and strategic plans to create data strategies.

    Key Benefits Achieved

    Understanding of business’s vision for data

    Unified vision for data management (business and IT)

    Identification of the business’s data strategies

    Activities

    1.1 Establish business context for data management.

    1.2 Develop data management principles and scope.

    1.3 Develop conceptual data model (subject areas).

    1.4 Discuss strategic information needs for each subject area.

    1.5 Develop data strategies.

    1.6 Identify data management strategies and enablers.

    Outputs

    Practice vision

    Data management guiding principles

    High-level data requirements

    Data strategies for key data assets

    2 Assess Data Management Capabilities

    The Purpose

    Determine the current and target states of your data management practice.

    Key Benefits Achieved

    Clear understanding of current environment

    Activities

    2.1 Determine the role and scope of data management within the organization.

    2.2 Assess current data management capabilities.

    2.3 Set target data management capabilities.

    2.4 Identify performance gaps.

    Outputs

    Data management scope

    Data management capability assessment results

    3 Analyze Gaps and Develop Improvement Initiatives

    The Purpose

    Identify how to bridge the gaps between the organization’s current and target environments.

    Key Benefits Achieved

    Creation of key strategic plans for data management

    Activities

    3.1 Evaluate performance gaps.

    3.2 Identify improvement initiatives.

    3.3 Create preliminary improvement plans.

    Outputs

    Data management improvement initiatives

    4 Design Roadmap and Plan Implementation

    The Purpose

    Create a realistic and action-oriented plan for implementing and improving the capabilities for data management.

    Key Benefits Achieved

    Completion of a Data Management Roadmap

    Plan for how to implement the roadmap’s initiatives

    Activities

    4.1 Align data management initiatives to data strategies and business drivers.

    4.2 Identify dependencies and priorities

    4.3 Build a data management roadmap (short and long term)

    4.4 Create a communication plan

    Outputs

    Data management roadmap

    Action plan

    Communication plan

    Further reading

    Contents

    Executive Brief
    Analyst Perspective
    Executive Summary
    Phase 1: Build Business and User Context
    Phase 2: Assess Data Management and Build Your Roadmap
    Additional Support
    Related Research
    Bibliography

    Create a Data Management Roadmap

    Ensure the right capabilities to support your data strategy.

    EXECUTIVE BRIEF

    Analyst Perspective

    Establish a data management program to realize the data strategy vision and data-driven organization.

    Data is one of the most valuable organizational assets, and data management is the foundation – made up of plans, programs, and practices – that delivers, secures, and enhances the value of those assets.

    Digital transformation in how we do business and innovations like artificial intelligence and automation that deliver exciting experiences for our customers are all powered by readily available, trusted data. And there’s so much more of it.

    A data management roadmap designed for where you are in your business journey and what’s important to you provides tangible answers to “Where do we start?” and “What do we do?”

    This blueprint helps you build and enhance data management capabilities as well as identify the next steps for evaluating, strengthening, harmonizing, and optimizing these capabilities, aligned precisely with business objectives and data strategy.

    Andrea Malick
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Frame the problem

    Who this research is for
    • Data management professionals looking to improve the organization’s ability to leverage data in value-added ways
    • Data governance managers and data analysts looking to improve the effectiveness and value of their organization’s data management practice
    This research will help you
    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing the organization’s data assets.
    • Design a data management program that can scale and evolve over time.
    This research will also assist
    • Business leaders creating plans to leverage data in their strategic planning and business processes
    • IT professionals looking to improve the environment that manages and delivers data
    This research will also help you
    • Perform data strategy planning and incorporate data capabilities and plans into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    Executive Summary

    Your Challenge
    • The organizational appetite for data is increasing, with growing demands for data to better support business processes and inform decision making.
    • For data to be accessible and trustworthy for the business it must be effectively managed throughout its lifecycle.
    • With so much data circulating throughout our systems and a steady flow via user activity and business activities, it is imperative that we understand our data environment, focus our data services and oversight on what really matters, and work closely with business leads to ensure data is an integral part of the digital solution.
    Common Obstacles
    • Despite the growing focus on data, many organizations struggle to develop an effective strategy for managing their data assets.
    • Successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.
    • Employees are doing their best to just get things done with their own spreadsheets and familiar patterns of behavior. It takes leadership to pause those patterns and take a thoughtful enterprise and strategic approach to a more streamlined – and transformed – business data service.
    Info-Tech’s Approach
    • Incremental approach: Building a mature and optimized practice doesn’t occur overnight – it takes time and effort. Use this blueprint’s approach and roadmap results to support your organization in building a practice that prioritizes scope, increases the effectiveness of your data management practice, and improves your alignment with business data needs.
    • Build smart: Don’t do data management for data management’s sake; instead, align it to business requirements and the business’ vision for the organization’s data. Ensure initiatives and program investments best align to business priorities and support the organization in becoming more data driven and data centric.

    Info-Tech Insight

    Use value streams and business capabilities to develop a prioritized and practical data management plan that provides the highest business satisfaction in the shortest time.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Data is a business asset and needs to be treated like one

    Data management is an enabler of the business and therefore needs to be driven by business goals and objectives. For data to be a strategic asset of the business, the business and IT processes that support its delivery and management must be mature and clearly executed.

    Business Drivers
    1. Client Intimacy/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Risk and Compliance Management
    Data Management Enablers
    • Data Governance
    • Data Strategy Planning
    • Data Architecture
    • Data Operations Management
    • Data Risk Management
    • Data Quality Management

    Industry spotlight: Risk management in the financial services sector

    REGULATORY
    COMPLIANCE

    Regulations are the #1 driver for risk management.

    US$11M:

    Fine incurred by a well-known Wall Street firm after using inaccurate data to execute short sales orders.
    “To successfully leverage customer data while maintaining compliance and transparency, the financial sector must adapt its current data management strategies to meet the needs of an ever-evolving digital landscape.” (Phoebe Fasulo, Security Scorecard, 2021)

    Industry spotlight: Operational excellence in the public sector

    GOVERNMENT
    TRANSPARENCY

    With frequent government scandals and corruption dominating the news, transparency to the public is quickly becoming a widely adopted practice at every level of government. Open government is the guiding principle that the public has access to the documents and proceedings of government to allow for effective public oversight. With growing regulations and pressure from the public, governments must adopt a comprehensive data management strategy to ensure they remain accountable to their rate payers, residents, businesses, and other constituents.

    1. Transparency Transparency is not just about access; it’s about sharing and reuse.
    2. Social and commercial value Everything from finding your local post office to building a search engine requires access to data.
    3. Participatory government Open data enables citizens to be more directly informed and involved in decision making.

    Industry spotlight: Operational excellence and client intimacy in major league sports

    SPORTS
    ANALYTICS

    A professional sports team is essentially a business that is looking for wins to maximize revenue. While they hope for a successful post-season, they also need strong quarterly results, just like you. Sports teams are renowned for adopting data-driven decision making across their organizations to do everything from improving player performance to optimizing tickets sales. At the end of the day, to enable analytics you must have top-notch information management.

    Team Performance Benefits
    1. Talent identification
    2. In-game decision making
    3. Injury reduction
    4. Athlete performance
    5. Bargaining agreement
    Team Performance Benefits
    1. Fan engagement
    2. Licensing
    3. Sports gambling
    (Deloitte Insights, 2020)
    Industry leaders cite data, and the insights they glean from it, as their means of standing apart from their competitors.

    Industry spotlight: Operational excellence and service delivery within manufacturing and supply chain services

    SUPPLY CHAIN
    EFFICIENCY

    Data offers key insights and opportunities when it comes to supply chain management. The supply chain is where the business strategy gets converted to operational service delivery of the business. Proper data management enables business processes to become more efficient, productive, and profitable through the greater availability of quality data and analysis.

    Fifty-seven percent of companies believe that supply chain management gives them a competitive advantage that enables them to further develop their business (FinancesOnline, 2021).

    Involving Data in Your Supply Chain

    25%

    Companies can reap a 25% increase in productivity, a 20% gain in space usage, and a 30% improvement in stock use efficiency if they use integrated order processing for their inventory system.

    36%

    Thirty-six percent of supply chain professionals say that one of the top drivers of their analytics initiatives is the optimization of inventory management to balance supply and demand.
    (Source: FinancesOnline, 2021)

    Industry spotlight: Intelligent product innovation and strong product portfolios differentiate consumer retailers and CPGs

    INFORMED PRODUCT
    DEVELOPMENT
    Consumer shopping habits and preferences are notoriously variable, making it a challenge to develop a well-received product. Information and insights into consumer trends, shopping preferences, and market analysis support the probability of a successful outcome.

    Maintaining a Product Portfolio
    What is selling? What is not selling?

    Product Development
    • Based on current consumer buying patterns, what will they buy next?
    • How will this product be received by consumers?
    • What characteristics do consumers find important?
    A combination of operational data and analytics data is required to accurately answer these questions.
    Internal Data
    • Organizational sales performance
    External Data
    • Competitor performance
    • Market analysis
    • Consumer trends and preferences
    Around 75% of ideas fail for organizational reasons – viability or feasibility or time to market issues. On the other hand, around 20% of product ideas fail due to user-related issues – not valuable or usable (Medium, 2020).

    Changes in business and technology are changing how organizations use and manage data

    The world moves a lot faster today

    Businesses of today operate in real time. To maintain a competitive edge, businesses must identify and respond quickly to opportunities and events.

    To effectively do this businesses must have accurate and up-to-date data at their fingertips.

    To support the new demands around data consumption, data velocity (pace in which data is captured, organized, and analyzed) must also accelerate.

    Data Management Implications
    • Strong integration capabilities
    • Intelligent and efficient systems
    • Embedded data quality management
    • Strong transparency into the history of data and its transformation

    Studies and projections show a clear case of how data and its usage will grow and evolve.

    Zettabyte Era

    64.2

    More Data

    The amount of data created, consumed, and stored globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020 and projected to grow to over 180 zettabyes in 2025 (Statista, 2021).

    Evolving Technologies

    $480B

    Cloud Proliferation

    Global end-user spending on public cloud services is expected to exceed $480 billion next year (Info-Tech, 2021).

    To differentiate and remain competitive in today’s marketplace, organizations are becoming more data-driven

    Pyramid with a blue tip. Sublevels from top down are labelled 'Analytical Companies', 'Analytical Aspirations', 'Localized Analytics', and 'Analytically Impaired'.

    Analytic Competitor

    “Given the unforgiving competitive landscape, organizations have to transform now, and correctly. Winning requires an outcome-focused analytics strategy.” (Ramya Srinivasan, Forbes, 2021)
    Data and the use of data analytics has become a centerpiece to effective modern business. Top-performing organizations across a variety of industries have been cited as using analytics five times more than lower performers (MIT Sloan).

    The strategic value of data

    Power intelligent and transformative organizational performance through leveraging data.

    Respond to industry disruptors

    Optimize the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    Despite investments in data initiatives, organizations are carrying high levels of data debt

    Data debt is the accumulated cost that is associated with the suboptimal governance of data assets in an enterprise, like technical debt.

    Data debt is a problem for 78% of organizations.

    40%

    of organizations say individuals within the business do not trust data insights.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    33%

    of organizations are not able to get value from a new system or technology investment.

    30%

    of organizations are unable to become data-driven.

    (Source: Experian, 2020)

    The journey to being data-driven

    The journey to becoming a data-driven organization requires a pit stop at data enablement.

    The Data Economy

    Diagram of 'The Data Economy' with three points on an arrow. 'Data Disengaged: You have a low appetite for data and rarely use data for decision making.' 'Data Enabled: Technology, data architecture, and people and processes are optimized and supported by data governance.' 'Data Driven: You are differentiating and competing on data and analytics, described as a “data first” organization. You’re collaborating through data. Data is an asset.'

    Measure success to demonstrate tangible business value

    Put data management into the context of the business:
    • Tie the value of data management and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don’t let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data management program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organization.

    Key considerations:
    • When building your data management roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data management partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data management milestones
    Sample milestones:
    • Data Management Leadership & Org Structure Definition
      Define the home for data management, as approved by senior leadership.
    • Data Management Charter and Policies
      Create a charter for your program and build/refresh associated policies.
    • Data Culture Diagnostic
      Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
    • Use Case Build and Prioritization
      Build a use case that is tied to business capabilities. Prioritize accordingly.
    • Business Data Glossary/Catalog
      Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
    • Tools & Technology
      Explore the tools and technology offering in the data management space that would serve as an enabler to the program (e.g. RFI, RFP).

    Insight summary

    Overarching insight

    Your organization’s value streams and the associated business capabilities require effectively managed data. Whether building customer service excellence or getting ahead of cyberattacks, a data management practice is the dependable mainstay supporting business operations and transformation.

    Insight 1

    Data – it’s your business.
    Data is a digital imprint of business activities. Data architecture and flows are reflective of the organizational business architecture. Take data management capabilities as seriously as other core business capabilities.

    Insight 2

    Take a data-oriented approach.
    Data management must be data-centric – with technology and functional enablement built around the data and its structure and flows. Maintain the data focus during project’s planning, delivery, and evaluation stages.

    Insight 3

    Get the business into the data business.
    Data is not “IT’s thing.” Just as a bank helps you properly allocate your money to achieve your financial goals, IT will help you implement data management to support your business goals, but the accountability for data resides with the business.

    Tactical insight

    Data management is the program and environment we build once we have direction, i.e. a data strategy, and we have formed an ongoing channel with the guiding voice of the business via data governance. Without an ultimate goal in a strategy or the real requirements of the business, what are we building data systems and processes for? We are used to tech buzz words and placing our hope in promising innovations like artificial intelligence. There are no shortcuts, but there are basic proven actions we can take to meet the digital revolution head on and let our data boost our journey.

    Key deliverable:

    Data Management Roadmap Template

    Use this template to guide you in translating your project's findings and outcomes into a presentation that can be shared with your executive team and project sponsors.

    Sample of the 'Data Management Roadmap Template' key deliverable.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Management Assessment and Planning Tool

    Use this tool to support your team in assessing and designing the capabilities and components of your organization's data management practice. Sample of the 'Data Management Assessment and Planning Tool' deliverable.

    Data Culture Diagnostic and Scorecard

    Sample of the 'Data Culture Diagnostic and Scorecard' deliverable.

    Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

    Business Capability Map

    This template takes you through a business capability and value stream mapping to identify the data capabilities required to enable them. Sample of the 'Business Capability Map' deliverable.

    Measure the value of this blueprint

    Leverage this blueprint’s approach to ensure your data management initiatives align and support your key value streams and their business capabilities.
    • Aligning your data management program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data management with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

    Project outcome

    Metric

    Timely data delivery Time of data delivery to consumption
    Improved data quality Data quality scorecard metrics
    Data provenance transparency Time for data auditing (from report/dashboard to the source)
    New reporting and analytic capabilities Number of level 2 business capabilities implemented as solutions
    In Phase 1 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data management capabilities and strengths.

    In Phase 2, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data management capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Create a Data Management Roadmap project overview

    1. Build Business Context and Drivers for the Data Management Program 2. Assess Data Management and Build Your Roadmap
    Best-Practice Toolkit

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • An understanding of the core components of an effective data management program
    • Your organization’s business capabilities and value streams
    • A business capability map for your organization
    • High-value use cases for data management
    • Vision and guiding principles for data management
    • An understanding of your organization’s current data management capabilities
    • Definition of target-state capabilities and gaps
    • Roadmap of priority data management initiatives
    • Business data domains and ownership

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Call #1: Understand drivers, business context, and scope of data management at your organization. Learn about Info-Tech’s approach and resources.

    Call #2: Get a detailed overview of Info-Tech’s approach, framework, Data Culture Diagnostic, and blueprint.

    Call #3:Align your business capabilities with your data management capabilities. Begin to develop a use case framework.

    Call #4:Further discuss alignment of business capabilities to data management capabilities and use case framework.

    Call #5: Assess your current data management capabilities and data environment. Review your Data Culture Diagnostic Scorecard, if applicable.

    Call #6: Plan target state and corresponding initiatives.

    Call #7: Identify program risks and formulate a roadmap.

    Call #8: Identify and prioritize improvements. Define a RACI chart.

    Call #9: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Understand and contextualize

    1.1 Review your data strategy.

    1.2 Learn data management capabilities.

    1.3 Discuss DM capabilities cross-dependencies and interactions.

    1.4 Develop high-value use cases.

    Assess current DM capabilities and set improvement targets

    2.1 Assess you current DM capabilities.

    2.2 Set targets for DM capabilities.

    Formulate and prioritize improvement initiatives

    3.1 Formulate core initiatives for DM capabilities improvement.

    3.2 Discuss dependencies across the initiatives and prioritize them.

    Plan for delivery dates and assign RACI

    4.1 Plan dates and assign RACI for the initiatives.

    4.2 Brainstorm initiatives to address gaps and enable business goals.

    Next steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Understanding of the data management capabilities and their interactions and logical dependencies
    2. Use cases
    1. DM capability assessment results
    2. DM vision and guiding principles
    1. Prioritized DM capabilities improvement initiatives
    1. DM capabilities improvement roadmap
    2. Business data domains and ownership
    1. Workshop final report with key findings and recommendations

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    What is data management and why is it needed?

    “Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    Achieving successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.

    Who:

    This research is designed for:
    • Data management heads and professionals looking to improve their organization’s ability to leverage data in value-added ways.
    • Data management and IT professionals looking to optimize the data environment, from creation and ingestion right through to consumption.

    Are your data management capabilities optimized to support your organization’s data use and demand?

    What is the current situation?

    Situation
    • The volume and variety of data are growing exponentially and show no sign of slowing down.
    • Business landscapes and models are evolving.
    • Users and stakeholders are becoming more and more data-centric, with maturing and demanding expectations.
    Complication
    • Organizations struggle to develop a comprehensive approach to optimizing data management.
    • In their efforts to keep pace with the demands for data, data management groups often adopt a piecemeal approach that includes turning to tools as a means to address the needs.
    • Data architecture, models, and designs fail to deliver real and measurable business impact and value. Technology ROI is not realized.
    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Management Framework

    What Is Data Management?

    Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    The three-tiered Data Management Framework, tiers are labelled 'Data Management Enablers', 'Information Dimensions', and 'Business Information'.

    Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions

    Info-Tech’s Approach

    Info-Tech’s Data Management Framework is designed to show how an organization’s business model sits as the foundation of its data management practice. Drawing from the requirements of the underpinning model, a practice is designed and maintained through the creation and application of the enablers and dimensions of data management.

    Build a data management practice that is centered on supporting the business and its use of key data assets

    Business Resources

    Data subject areas provide high-level views of the data assets that are used in business processes and enable an organization to perform its business functions.

    Classified by specific subjects, these groups reflect data elements that, when used effectively, are able to support analytical and operational use cases of data.

    This layer is representative of the delivery of the data assets and the business’ consumption of the data.

    Data is an integral business asset that exists across all areas of an organization

    Equation stating 'Trustworthy and Usable Data' plus 'Well-Designed and Executed Processes' equals 'Business Capabilities and Functions'.
    Data Management Framework with only the bottom tier highlighted.

    For a data management practice to be effective it ultimately must show how its capabilities and operations better support the business in accessing and leveraging its key data assets.*

    *This project focuses on building capabilities for data management. Leverage our data quality management research to support you in assessing the performance of this model.

    Information dimensions support the different types of data present within an organization’s environment

    Information Dimensions

    Components at the Information Dimensions layer manage the different types of data and information present with an environment.

    At this layer, data is managed based on its type and how the business is looking to use and access the data.

    Custom capabilities are developed at this level to support:

    • Structured data
    • Semi-structured data
    • Unstructured data
    The types, formats, and structure of the data are managed at this level using the data management enablers to support their successful execution and performance.
    Data Management Framework with only the middle tier highlighted.

    Build a data management practice with strong process capabilities

    Use these guiding principles to contextualize the purpose and value for each data management enabler.

    Data Management Framework with only the top tier highlighted.

    Data Management Enablers

    Info-Tech categorizes data management enablers as the processes that guide the management of the organization’s data assets and support the delivery.

    Govern and Direct

    • Ensures data management practices and processes follow the standards and policies outlined for them
    • Manages the executive oversight of the broader practice

    Align and Plan

    • Aligns data management plans to the business’ data requirements
    • Creates the plans to guide the design and execution of data management components

    Build, Acquire, Operate, Deliver, and Support

    • Executes the operations that manage data as it flows through the business environment
    • Manages the business’ risks in relation to its data assets and the level of security and access required

    Monitor and Improve

    • Analyzes the performance of data management components and the quality of business data
    • Creates and execute plans to improve the performance of the practice and the quality and use of data assets

    Use Info-Tech’s assessment framework to support your organization’s data management planning

    Info-Tech employs a consumer-driven approach to requirements gathering in order to support a data management practice. This will create a vision and strategic plan that will help to make data an enabler to the business as it looks to achieve its strategic objectives.

    Data Strategy Planning

    To support the project in building an accurate understanding of the organization’s data requirements and the role of data in its operations (current and future), the framework first guides organizations on a business and subject area assessment.

    By focusing on data usage and strategies for unique data subject areas, the project team will be better able to craft a data management practice with capabilities that will generate the greatest value and proactively handle evolving data requirements.

    Arrow pointing right.

    Data Management Assessment

    To support the design of a fit-for-purpose data management practice that aligns with the business’ data requirements this assessment will guide you in:

    • Determining the target capabilities for the different dimensions of data management.
    • Identifying the interaction dependencies and coordination efforts required to build a successful data management practice.

    Create a Data Management Roadmap

    Phase 1

    Build Business Context and Drivers for the Data Management Program

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Identify your business drivers and business capabilities.
    • Align data management capabilities with business goals.
    • Define scope and vision of the data management plan.
    • This phase involves the follow

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data Owners, Records Managers, Regulatory Subject Matter Experts (e.g. Legal Counsel, Security)

    Step 1.1

    Review the Data Management Framework

    Activities

    1.1.1 Walk through the main parts of the best-practice Data Management Framework

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map
    Build Business Context and Drivers
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Build a Robust & Comprehensive Data Strategy

    Business Strategy

    Organizational Goals & Objectives

    Business Drivers

    Industry Drivers

    Current Environment

    Data Management Capability Maturity Assessment

    Data Culture Diagnostic

    Regulatory and Compliance Requirements

    Data Strategy

    Organizational Drivers and Data Value

    Data Strategy Objectives & Guiding Principles

    Data Strategy Vision and Mission

    Data Strategy Roadmap

    People: Roles and Organizational Structure

    Data Culture & Data Literacy

    Data Management and Tools

    Risk and Feasibility

    Unlock the Value of Data

    Generate Game-Changing Insights

    Fuel Data-Driven Decision Making

    Innovate and Transform With Data

    Thrive and Differentiate With a Data-Driven Culture

    Elevate Organizational Data IQ

    Build a Foundation for Data Valuation

    What is a data strategy and why is it needed?

    • Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
    • For any CDO or equivalent data leader, a robust and comprehensive data strategy is the number one tool in your toolkit for generating measurable business value from data.
    • The data strategy will serve as the mechanism for making high-quality, trusted, and well-governed data readily available and accessible to deliver on your organizational mandate.

    What is driving the need to formulate or refresh your organization’s data strategy?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Governance Framework

    Model of Info-Tech's Data Governance Framework titled 'Key to Data Enablement'. There are inputs, a main Data Governance cycle, and a selection of outputs. The inputs are 'Business Strategy' and 'Data Strategy' injected into the cycle via 'Strategic Goals & Objectives'. The cycle consists of 'Operating Model', 'Policies & Procedures', 'Data Literacy & Culture', 'Enterprise Projects & Services', 'Data Management', 'Data Privacy & Security', 'Data Leadership', and 'Data Ownership & Stewardship'. The latter two are part of 'Enterprise Governance's 'Oversight & Alignment' cycle. Outputs are 'Defined Data Accountability & Responsibility', 'Knowledge & Common Understanding of Data Assets', 'Trust & Confidence in Traceable Data', 'Improved Data ROI & Reduced Data Debt', and 'Support of Ethical Use of Data in a Data-Driven Culture'.

    What is data governance and why is it needed?

    • Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
    • It should deliver agreed-upon models that are conducive to your organization’s operating culture, where there is clarity on who can do what with which data and via what means.
    • It is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization.
    • It promotes and drives responsible and ethical use and handling of data while helping to build and foster an organizational culture of data excellence.

    Do you feel there is a clear definition of data accountability and responsibility in your organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data Governance, Lead Data Governance Officer
    • Head of Data
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function.

    A diagram titled 'Data Platform Selection - Make complex tasks simple by applying proven methodology to connect businesses to software' with five steps. '1. Formalize a Business Strategy', '2. Identify Platform Specific Considerations', '3. Execute Data Platform Architecture Selection', 'Select Software', 'Achieve Business Goals'.

    Info-Tech’s Data Platform Framework

    Data pipeline for versatile and scalable data delivery

    a diagram showing the path from 'Data Creation' to 'Data Accumulation', to 'Engineering & Augmentation', to 'Data Delivery'. Each step has a 'Fast Lane', 'Operational Lane', and 'Curated Lane'.

    What are the data platform and practice and why are they needed?

    • The data platform and practice are two parts of the data and analytics equation:
      • The practice is about the operating model for data; that is, how stakeholders work together to deliver business value on your data platform. These stakeholders are a combination of business and IT from across the organization.
      • The platform is a combination of the architectural components of the data and analytics landscape that come together to support the role the business plays day to day with respect to data.
    • Don’t jump directly into technology: use Info-Tech tools to solve and plan first.
    • Create a continuous roadmap to implement and evolve your data practice and platform.
    • Promote collaboration between the business and IT by clearly defining responsibilities.

    Does your data platform effectively serve your reporting and analytics capabilities?

    Who:

    This research is designed for:

    • Data and Information Leadership
    • Enterprise Information Architect
    • Data Architect
    • Data Engineer/Modeler

    Info-Tech Insight

    Info-Tech’s approach is driven by business goals and leverages standard data practice and platform patterns. This enables the implementation of critical and foundational data and analytics components first and subsequently facilitates the evolution and development of the practice and platform over time.

    Info-Tech’s Reporting and Analytics Framework

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layers is in turn driven by the enterprise reporting and analytics strategy.
    A diagram of the 'Reporting and Analytics Framework' with 'Business vision/strategies' fed through four stages beginning with 'Business Intelligence: Reporting & Analytics Strategy', 'Data Warehouse: Data Warehouse/ Data Lake Strategy', 'Integration and Translation: Data Integration Strategy', 'Sources: Source Strategy (Content/Quality)'
    The current states of your integration and warehouse platforms determine what data can be used for BI and analytics.
    Your enterprise reporting and analytics strategy is driven by your organization’s vision and corporate strategy.

    What is reporting and analytics and why is it needed?

    • Reporting and analytics bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed or evidence-based decision making.
    • The reporting and analytics strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    • The reporting and analytics strategy ensures that the investment made in optimizing the data environment to support reporting and analytics is directly aligned with the organization’s needs and priorities and hence will deliver measurable business value.

    Do you have a strategy to enable self-serve analytics? What does your operating model look like? Have you an analytics CoE?

    Who:

    This research is designed for:

    • Head of BI and Analytics
    • CIO or Business Unit (BU) Leader looking to improve reporting and analytics
    • Applications Lead

    Info-Tech Insight

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layer is in turn driven by the enterprise reporting and analytics strategy.

    Info-Tech’s Data Architecture Framework

    Info-Tech’s methodology:
      1. Prioritize your core business objectives and identify your business driver.
      2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
      3. Determine the appropriate tactical pattern that addresses your most important requirements.
    Visual diagram of the first two parts of the methodology on the left. Objectives apply to the data architecture model, which appropriates tactical patterns, which leads to a focus.
      1. Select the areas of the five-tier architecture to focus on.
      2. Measure your current state.
      3. Set the targets of your desired optimized state.
      1. Roadmap your tactics.
      2. Manage and communicate change.
    Visual diagram of the third part of the methodology on the left. A roadmap of tactics leads to communicating change.

    What is data architecture and why is it needed?

    • Data architecture is the set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.
    • In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    Is your architecture optimized to sustainably deliver readily available and accessible data to users?

    Who:

    This research is designed for:

    • Data Architects or their equivalent
    • Enterprise Architects
    • Head of Data
    • CIO
    • Database Administrators

    Info-Tech Insight

    Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify your business’ priorities and adapt your data architecture to those needs.

    A diagram titled 'Build Your Data Quality Program'. '1. Data Quality & Data Culture Diagnostics Business Landscape Exercise', '2. Business Strategy & Use Cases', '3. Prioritize Use Cases With Poor Quality'. 'Info-Tech Insight: As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.' A data flow diagram points out how 'Data quality issues can occur at any stage of the data flow', and that it is better to 'Fix data quality root causes here' during the 'Data Creation', 'Data Ingestion', and 'Data Accumulation & Engineering' stages in order 'to prevent expensive cures here' in the 'Data Delivery' and 'Reporting & Analytics' stages.

    What is data quality management and why is it needed?

    • Data is the foundation of decisions made at data-driven organizations.
    • Data quality management ensures that foundation is sustainably solid.
    • If there are problems with the organization’s underlying data, it can have a domino effect on many downstream business functions.
    • The transformational insights that executives are constantly seeking can be uncovered by a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

    Do your users have an optimal level of trust and confidence in the quality of the organization’s data?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data quality suffers most at the point of entry. The resulting domino effect of error propagation makes these errors among the most costly forms of data quality errors. Fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a majority of data quality issues.

    Info-Tech’s Enterprise Content Management Framework

    Drivers Governance Information Architecture Process Policy Systems Architecture
    Regulatory, Legal –›
    Efficiency, Cost-Effectiveness –›
    Customer Service –›
    User Experience –›
    • Establish decision-making committee
    • Define and formalize roles (RACI, charter)
    • Develop policies
    • Create business data glossary
    • Decide who approves documents in workflow
    • Operating models
    • Information categories (taxonomy)
    • Classifications, retention periods
    • Metadata (for findability and as tags in automated workflows)
    • Review and approval process, e.g. who approves
    • Process for admins to oversee performance of IM service
    • Process for capturing and classifying incoming documents
    • Audit trails and reporting process
    • Centralized index of data and records to be tracked and managed throughout their lifecycle
    • Data retention policy
    • E-signature policy
    • Email policy
    • Information management policies
    • Access/privacy rules
    • Understand the flow of content through multiple systems (e.g. email, repositories)
    • Define business and technical requirements to select a new content management platform/service
    • Improve integrations
    • Right-size solutions for use case (e.g. DAM)
    • Communication/Change Management
    • Data Literacy

    What is enterprise content management and why is it needed?

    “Enterprise Content Management is the systematic collection and organization of information that is to be used by a designated audience – business executives, customers, etc. Neither a single technology nor a methodology nor a process, it is a dynamic combination of strategies, methods and tools used to capture, manage, store, preserve and deliver information supporting key organizational processes through its entire lifecycle.” (AIIM, 2021)

    • Changing your ECM capabilities is about changing organizational behavior; take an all-hands-on-deck approach to make the most of information gathering, create a vested interest, and secure buy-in.
    • It promotes and drives responsible and ethical use and handling of content while helping to build and foster an organizational culture of information excellence.

    Who:

    This research is designed for:

    • Information Architect
    • Chief Data Officer (CDO)
    • Head of Data, Information Management
    • Records Management
    • CIO

    Info-Tech Insight

    ECM is critical to becoming a digital and modernized operation, where both structured data (such as sales reports) and unstructured content (such as customer sentiment in social media) are brought together for a 360-degree view of the customer or for a comprehensive legal discovery.

    Metadata management/Data cataloging

    Overview

    Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about data or information about information (NISO).

    Metadata management is the function that manages and maintains the technology and processes that creates, processes, and stores metadata created by business processes and data.

    90%

    The majority of data is unstructured information like text, video, audio, web server logs, social media, and more (MIT Sloan, 2021).
    As data becomes more unstructured, complex, and manipulated, the importance and value of metadata will grow exponentially and support improved:
    • Data consumption
    • Quality management
    • Risk management

    Value of Effective Metadata Management

    • Supports the traceability of data through an environment.
    • Creates standards and logging that enable information and data to be searchable and cataloged.
    • Metadata schemas enable easier transferring and distribution of data across different environments.
    Data about data: The true value of metadata and the management practices supporting it is its ability to provide deeper understanding and auditability to the data assets and processes of the business.
    Metadata supports the use of:
    Big Data
    Unstructured data
    Content and Documents
    Unstructured and semi-structured data
    Structured data
    Master, reference, etc.

    Critical Success Factors of Metadata Management

    • Consistent and documented data standards and definitions
    • Architectural planning for metadata
    • Incorporation of metadata into system design and the processing of data
    • Technology to support metadata creation, collection, storage, and reviews (metadata repository, meta marts, etc.)

    Info-Tech’s Data Integration Framework

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level and is used to design a common data-centric integration environment.

    A diagram of the 'Data Integration Onion Framework' with five layers: 'Enterprise Business Processes', 'Enterprise Analytics', 'Enterprise Integration', 'Enterprise Data Repositories', and 'Enterprise Data' at the center.
    Info-Tech’s Data Integration Onion Framework
    Data-centric integration is the solution you need to bring data together to break down data silos.

    What is data integration and why is it needed?

    • To get more value from their information, organizations are relying on increasingly more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of that data.
    • Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and that leads to the formation of data silos.
    • Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Is your integration near real time and scalable?

    Who:

    This research is designed for:

    • Data Engineers
    • Business Analysts
    • Data Architects
    • Head of Data Management
    • Enterprise Architects

    Info-Tech Insight

    Every IT project requires data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.

    Info-Tech’s Master Data Management Framework

    Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).

    The Data Management Framework from earlier with tier 2 item 'Reference and Master' highlighted.

    Fundamental objective of MDM: Enable the business to see one view of critical data elements across the organization.

    Phases of the MDM Framework. 'Phase 1: Build a Vision for MDM' entails a 'Readiness Assessment', then both 'Identify the Master Data Needs of the Business' and 'Create a Strategic Vision'. 'Phase 2: Create a Plan and Roadmap for the Organization’s MDM Program' entails 'Assess Current MDM Capabilities', then 'Initiative Planning', then 'Strategic Roadmap'.

    What is MDM and why is it needed?

    • Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).
    • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
    • What is included in the scope of MDM?
      • Party data (employees, customers, etc.)
      • Product/service data
      • Financial data
      • Location data

    Is there traceability and visibility into your data’s lineage? Does your data pipeline facilitate that single view across the organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO)
    • Head of Data Management, CIO
    • Data Architect
    • Head of Data Governance, Data Officer

    Info-Tech Insight

    Successful MDM requires a comprehensive approach. To be successfully planned, implemented, and maintained it must include effective capabilities in the critical processes and subpractices of data management.

    Data Modeling Framework

    • The framework consists of the business, enterprise, application, and implementation layers.
    • The Business Layer encodes real-world business concepts via the conceptual model.
    • The Enterprise Layer defines all enterprise data asset details and their relationships.
    • The Application Layer defines the data structures as used by a specific application.
    • The Implementation Layer defines the data models and artifacts for use by software tools.
    Data Modeling Framework with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Model hierarchy

    • The Conceptual data model describes the organization from a business perspective.
    • The Message model is used to describe internal- and external-facing messages and is equivalent to the canonical model.
    • The Enterprise model depicts the whole organization and is divided into domains.
    • The Analytical model is built for specific business use cases.
    • Application models are application-specific operational models.
    Model hierarchy with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Info-Tech Insight

    The Conceptual model acts as the root of all the models required and used by an organization.

    Data architecture and modeling processes

    A diagram moving from right to left through 5 phases: 'Business concepts defined and organized', 'Business concepts enriched with attribution', 'Physical view of the data, still vendor agnostic', 'The view being used by developers and business', and 'Manage the progression of your data assets'.

    Info-Tech Insight

    The Conceptual data model adds relationships to your business data glossary terms and is the first step of the modeling journey.

    Data operations

    Objectives of Data Operations Management

    • Implement and follow policies and procedures to manage data at each stage of its lifecycle.
    • Maintain the technology supporting the flow and delivery of data (applications, databases, systems, etc.).
    • Control the delivery of data within the system environment.

    Indicators of Successful Data Operations Management

    • Effective delivery of data assets to end users.
    • Successful maintenance and performance of the technical environment that collects, stores, delivers, and purges organizational data.
    'Data Lifecycle' with steps 'Create', 'Acquire', 'Store', 'Maintain', 'Use', and 'Archive/Destroy'.
    This data management enabler has a heavy focus on the management and performance of data systems and applications.
    It works closely with the organization’s technical architecture to support successful data delivery and lifecycle management (data warehouses, repositories, databases, networks, etc.).

    Step 1.2

    Understand and Align to Business Drivers

    Activities

    1.2.1 Define your value streams

    1.2.2 Identify your business capabilities

    1.2.3 Categorize your organization’s key business capabilities

    1.2.4 Develop a strategy map tied to data management

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Identifying value streams

    Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities.
    There are several key questions to ask when endeavouring to identify value streams.

    Key Questions

    • Who are your customers?
    • What are the benefits we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?

    1.2.1 Define value streams

    1-3 hours

    Input: Business strategy/goals, Financial statements, Info-Tech’s industry-specific business architecture

    Output: List of organization-specific value streams, Detailed value stream definition(s)

    Materials: Whiteboard/kanban board, Info-Tech’s Reference Architecture Template – contact your Account Representative for details, Other industry standard reference architecture models: BIZBOK, APQC, etc., Info-Tech’s Archimate models

    Participants: Enterprise/Business Architect, Business Analysts, Business Unit Leads, CIO, Departmental Executive & Senior managers

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      • How does the organization deliver those benefits?
      • How does the customer receive the benefits?
      • What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Avoid:
      • Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.

    Contact your Account Representative for access to Info-Tech’s Reference Architecture Template

    Define or validate the organization’s value streams

    Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

    If the organization does not have a business architecture function to conduct and guide Activity 1.2.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture–related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
    • Engage with these stakeholders to define and validate how the organization creates value. Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, they could be customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organization’s products and/or services help them accomplish that?
      • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data management to the organization’s value realization activities.

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively managed and governed data. Without this, you could face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Retail Banking with five value chains. 'Attract Customers: Retail banks design new products to fill gaps in their product portfolios by analyzing the market for changing customer needs and new competitor offerings or pricing; Pricing a product correctly through analysis and rate setting is a delicate balance and fundamental to a bank’s success.' 'Supply Loans and Mortgages and Credit Cards: Selecting lending criteria helps banks decide on the segment of customer they should take on and the degree of risk they are willing to accept.' 'Provide Core Banking Services: Servicing includes the day-to-day interactions with customers for onboarding, payments, adjustments, and offboarding through multiple banking channels; Customer retention and growing share of wallet are crucial capabilities in servicing that directly impact the growth and profitability of retail banks.' 'Offer Card Services: Card servicing involves quick turnarounds on card delivery and acceptance at a large number of merchants; Accurate billing and customizable spending alerts are crucial in ensuring that the customer understands their spending habits.' 'Grow Investments and Manage Wealth: Customer retention can be increased through effective wealth management and additional services that will increase the number of products owned by a customer.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Higher Education with five value chains. 'Shape Institutional Research: Institutional research provides direct benefits to both partners and faculty, ensuring efficient use of resources and compliance with ethical and methodological standards; This value stream involves all components of the research lifecycle, from planning and resourcing to delivery and commercialization.' 'Facilitate Curriculum Design: Curriculum design is the process by which learning content is designed and developed to achieve desired student outcomes; Curriculum management capabilities include curriculum planning, design and commercialization, curriculum assessment, and instruction management.' 'Design Student Support Services: Support services design and development provides a range of resources to assist students with academic success, such as accessibility, health and counseling, social services, housing, and academic skills development.' 'Manage Academic Administration: Academic administration involves the broad capabilities required to attract and enroll students in institutional programs; This value stream involves all components related to recruitment, enrollment, admissions, and retention management.' 'Deliver Student Services: Delivery of student services comes after curricular management, support services design, and academic administration. It comprises delivery of programs and services to enable student success; Program and service delivery capabilities include curriculum delivery, convocation management, and student and alumni support services.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Local Government with five value chains. 'Sustain Land, Property, and the Environment: Local governments act as the stewards of the regional land and environment that are within their boundaries; Regional government bodies are responsible for ensuring that the natural environment is protected and sustained for future citizens in the form of parks and public land.' 'Facilitate Civic Engagement: Local governments engage with constituents to maintain a high quality of life through art, culture, and education.' 'Protect Local Health and Safety: Health concerns are managed by a local government through specialized campaigns and clinics; Emergency services are provided by the local authority to protect and react to health and safety concerns including police and firefighting services.' 'Grow the Economy: Economic growth is a cornerstone of a strong local government. Growth comes from flourishing industries, entrepreneurial success, high levels of employment, and income from tourism.' 'Provide Regional Infrastructure: Local governments ensure that infrastructure is built, maintained, and effective in meeting the needs of constituents. (Includes: electricity, water, sustainable energy sources, waste collection, transit, and local transportation.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Manufacturing with three value chains. 'Design Product: Manufacturers proactively analyze their respective markets for any new opportunities or threats; They design new products to serve changing customer needs or to rival any new offerings by competitors; A manufacturer’s success depends on its ability to develop a product that the market wants at the right price and quality level.' 'Produce Product: Optimizing production activities is an important capability for manufacturers. Raw materials and working inventories need to be managed effectively to minimize wastage and maximize the utilization of the production lines; Processes need to be refined continuously over time to remain competitive and the quality of the materials and final products needs to be strictly managed.' 'Sell Product: Once produced, manufacturers need to sell the products. This is done through distributors, retailers, and, in some cases, directly to the end consumer; After the sale, manufacturers typically have to deliver the product, provide customer care, and manage complaints; Manufacturers also randomly test their end products to ensure they meet quality requirements.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Define the organization’s business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

    If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described in the slide entitled “Define or validate the organization’s value streams”:

    • Analyze the value streams to identify and describe the organization’s capabilities that support them.
    • Consider the objective of your value stream. (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

    Align data management to the organization’s value realization activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data management program must support.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    1.2.2 Identify your business capabilities

    Input: List of confirmed value streams and their related business capabilities

    Output: Business capability map with value streams for your organization

    Materials: Your existing business capability map, Business Alignment worksheet provided in the Data Management Assessment and Planning Tool, Info-Tech’s Document Your Business Architecture blueprint

    Participants: Key business stakeholders, Data stewards, Data custodians, Data leads and administrators

    Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

    • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities reflect the organization’s current business environment.
    • If you do not have an existing business capability map, complete this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of one another, and typically will have a defined business outcome.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Retail Banking

    Example business capability map for Retail Banking with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Higher Education

    Example business capability map for Higher Education with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Example business capability map for Local Government with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Example business capability map for Manufacturing with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Example business capability map – Retail

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Example business capability map for Retail with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.3 Categorize your organization’s key capabilities

    Input: Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

    Output: Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk) See next slide for an example

    Materials: Your existing business capability map or the business capability map derived in Activity 1.2.2

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Determine which capabilities are considered high priority in your organization.

    1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future-state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

    This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Example of business capabilities categorization or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

    Example: Retail

    Example business capability map for Retail with capabilities categorized into Cost Advantage Creators and Competitive Advantage creators via a legend. Value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.4 Develop a strategy map tied to data management

    Input: Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

    Output: A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and ultimately data programs

    Materials: Your existing business capability map or the one created in Activity 1.2.2, Business strategy (see next slide for an example)

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business–data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and ultimately data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Example of a strategy map tied to data management

    • Strategic objectives are the outcomes the organization is looking to achieve.
    • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap that will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip: Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

    Example: Retail

    Example of a strategy map tied to data management with diagram column headers 'Strategic Objectives' (are realized through...) 'Value Streams' (are enabled by...) 'Key Capabilities' (are driven by...) 'Data Capabilities and Initiatives'. Row headers are objectives and fields are composed of three examples of each column header.

    For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

    Step 1.3

    Build High-Value Use Cases for Data Management

    Activities

    1.3.1 Build high-value use cases

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.3.1 Build high-value use cases

    Input: Value streams and business capabilities as defined by business leaders, Business stakeholders’ subject area expertise, Data custodian systems, integration, and data knowledge

    Output: Use cases that articulate data-related challenges, needs, or opportunities that are tied to defined business capabilities and hence, if addressed, will deliver measurable value to the organization

    Materials: Your business capability map from Activity 1.2.2, Info-Tech’s Data Use Case Framework Template, Whiteboard or flip charts (or shared screen if working remotely), Markers/pens

    Participants: Key business stakeholders, Data stewards and business SMEs, Data custodians, Data leads and administrators

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech’s Data Use Case Framework Template as seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the use case worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Download Info-Tech’s Data Use Case Framework Template

    Data use cases

    Sample Data

    The following is the list of use cases as articulated by key stakeholders at [Organization Name].

    The stakeholders see these as areas that are relevant and highly valuable for delivering strategic value to [Organization Name].

    Use Case 1: Customer/Student/Patient/Resident 360 View

    Use Case 2: Project/Department Financial Performance

    Use Case 3: Vendor Lifecycle Management

    Use Case 4: Project Risk Management

    Prioritization of use cases

    Example table for use case prioritization. Column headers are 'Use Case', 'Order of Priority', and 'Comments'. Fields are empty.

    Use case 1

    Sample Data

    Problem statement:

    • We are not realizing our full growth potential because we do not have a unified 360 view of our customers/clients/[name of external stakeholder].
    • This impacts: our cross-selling; upselling; talent acquisition and retention; quality of delivery; ability to identify and deliver the right products, markets, and services...

    If we could solve this:

    • We would be able to better prioritize and position ourselves to meet evolving customer needs.
    • We would be able to optimize the use of our limited resources.

    Use case 1: challenges, risks, and opportunities

    Sample Data

    1. What is the number one risk you need to alleviate?
      • Loss of potential revenue, whether from existing or net new customers.
        • How?
          • By not maximizing opportunities with customers or even by losing customers; by not understanding or addressing their greatest needs
          • By not being able to win potential new customers because we don’t understand their needs
    2. What is the number one opportunity you wish to see happen?
      • The ability to better understand and anticipate the needs of both existing and potential customers.
    3. What is the number one pain point you have when working with data?
      • I can’t do my job with confidence because it’s not based on comprehensive, sound, reliable data. My group spends significant time reconciling data sets with little time left for data use and analysis.
    4. What are your challenges in performing the activity today?
      • I cannot pull together customer data in a timely manner due to having a high level of dependence on specific individuals with institutional knowledge rather than having easy access to information.
      • It takes too much time and effort to pull together what we know about a customer.
      • The necessary data is not consolidated or readily/systematically available for consumption.
      • These challenges are heightened when dealing with customers across markets.

    Use case 1 (cont'd)

    Sample Data

    1. What does “amazing” look like if we solve this perfectly?
      • Employees have immediate, self-service access to necessary information, leading to better and more timely decisions. This results in stronger business and financial growth.
    2. What other business unit activities/processes will be impacted/improved if we solve this?
      • Marketing/bid and proposal, staffing, procurement, and contracting strategy
    3. What compliance/regulatory/policy concerns do we need to consider in any solution?
      • PII, GDPR, HIPAA, CCPA, etc.
    4. What measures of success/change should we use to prove the value of the effort (KPIs/ROI)?
      • Win rate, number of services per customer, gross profit, customer retention, customer satisfaction scores, brand awareness, and net promoter score
    5. What are the steps in the process/activity today?
      • Manual aggregation (i.e. pull data from systems into Excel), reliance on unwritten knowledge, seeking IT support, canned reports

    Use case 1 (cont'd)

    Sample Data

    1. What are the applications/systems used at each step?
      • Salesforce CRM, Excel, personal MS Access databases, SharePoint
    2. What data elements (domains) are involved, created, used, or transformed at each step?
      • Bid and proposal information, customer satisfaction, forecast data, list of products, corporate entity hierarchy, vendor information, key staffing, recent and relevant news, and competitor intelligence

    Use case worksheet

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    1.

    What business capability (or capabilities) in your business area is this use case tied to?

    Examples: Demand Planning, Assortment Planning, Allocation & Replenishment, Fulfillment Planning, Customer Management
    2.

    What are your data-related challenges in performing this today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    3.

    What are the steps in the process/activity today?

    4.

    What are the applications/systems used at each step today?

    5.

    What data domains are involved, created, used, or transformed at each step today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    6.

    What does an ideal or improved state look like?

    7.

    What other business units, business capabilities, activities, or processes will be impacted and/or improved if this were to be solved?

    8.

    Who are the stakeholders impacted by these changes? Who needs to be consulted?

    9.

    What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    What compliance, regulatory, or policy concerns do we need to consider in any solution?

    11.

    What measures of success or change should we use to prove the value of the effort (KPIs/ROI)? What is the measurable business value of doing this?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    Conclusion: What are the data capabilities that need to be optimized, addressed, or improved to support or help realize the business capability (or capabilities) highlighted in this use case?

    (Tip: This will inform your future-state data capabilities optimization planning and roadmapping activities.)

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Challenges
    • Data is not suitable for analytics. It takes lot of effort to clean data.
    • Data intervals are not correct and other data quality issues.
    • The roles are not clearly defined.
    • Lack of communication between key stakeholders.
    • Inconsistent data/reporting/governance in the agencies. This has resulted in number of issues for Covid-19 emergency management. Not able to report accurately on number of cases, deaths, etc.
    • Data collection systems changed overtime (forms, etc.).
    • GIS has done all the reporting. However, why GIS is doing all the reporting is not clear. GIS provides critical information for location. Reason: GIS was ready with reporting solution ArcGIS.
    • Problem with data collection, consolidation, and providing hierarchical view.
    • Change in requirements, metrics – managing crisis by email and resulting in creating one dashboard after another. Not sure whether these dashboards being used.
    • There is a lot of manual intervention and repeated work.
    What Does Amazing Look Like?
    • One set of dashboards (or single dashboard) – too much time spend on measure development
    • Accurate and timely data
    • Automated data
    • Access to granular data (for researchers and other stakeholders)
    • Clear ownership of data and analytics
    • It would have been nice to have governance already prior to this crisis
    • Proper metrics to measure usage and value
    • Give more capabilities such as predictive analytics, etc.
    Related Processes/Impact
    • DPH
    • Schools
    • Business
    • Citizens
    • Resources & Funding
    • Data Integration & GIS
    • Data Management
    • Automated Data Quality
    Compliance
    • HIPAA, FERPA, CJIS, IRS
    • FEMA
    • State compliance requirement – data classification
    • CDC
    • Federal data-sharing agreements/restrictions
    Benefits/KPIs
    • Reduction in cases
    • Timely response to outbreak
    • Better use of resources
    • Economic impact
    • Educational benefits
    • Trust and satisfaction

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Current Steps in Process Activity (Systems)
    1. Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM
    2. KYEM stores this information/data
    3. Deduplicate data (emergency preparedness group)
    4. Generate dashboard using ArcGIS
    5. Map to monitor status of the update
    6. Error correction using web portal (QAQC)
    7. Download Excel/CVS after all 97 hospital reports
    8. Sent to federal platform (White House, etc.)
    9. Generate reports for epidemiologist (done manually for public reporting)
    Data Flow diagram

    Data flow diagram.

    SystemsData Management Dimensions
    1. Data Governance
    2. Data Quality
    3. Data Integrity
    4. Data Integration
    1. Data Architecture
    2. Metadata
    3. Data Warehouse, Reporting & Analytics
    4. Data Security

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    List Future Process Steps

    Prior to COVID-19 Emergency Response:

    • ArcGIS data integrated available in data warehouse/data lake.
    • KYEM data integrated and available in data warehouse/data lake.
    • CHFS data integrated and available in data warehouse/data lake.
    • Reporting standards and tools framework established.

    After COVID-19 Emergency Response:

    • Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM.
    • Error correction using web portal (QAQC).
    • Generate reports/dashboard/files as per reporting/analytical requirements:
      • Federal reporting
      • COVID dashboards
      • Epidemiologist reports
      • Lab reporting
    Future Process and Data Flow

    Data flow diagram with future processes.

    Step 1.4

    Create a Vision and Guiding Principles for Data Management

    Activities

    1.4.1 Craft a vision

    1.4.2 Create guiding principles

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.4.1 Craft a vision

    Input: Organizational vision and mission statements, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Vision and mission statements

    Materials: Markers and pens, Whiteboard, Online whiteboard, Vision samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Complete the vision statement to set the direction, the “why,” for the changes we’re making. The vision is a reference point that should galvanize everyone in the organization and set guardrails for technical and process decisions to follow.

    1. Bring together key business stakeholders (content owners, SMEs, and relevant IT custodians) to craft a data management vision statement.
    2. Start by brainstorming keywords, such as customer-focused, empower the business, service excellence, findable and manageable, protected, accessible, paperless.
    3. Highlight the keywords that resonate most with the group. Refer to example vision statements for ideas.

    Create a common data management vision that is consistently communicated to the organization

    A data management program should be an enterprise-wide initiative.

    • To create a strong vision for data management, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
    • Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
    • The data management program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
    Stock image of a megaphone with multiple icons pouring from its opening.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data management.
    • Brainstorm guiding principles for content and understand the overall value to the organization.

    Create compelling vision and mission statements for the organization’s future data management practice

    A vision represents the way your organization intends to be in the future.

    A clear vision statement helps align the entire organization to the same end goal.

    Your vision should be brief, concise, and inspirational; it is attempting to say a lot in a few words, so be very thoughtful and careful with the words you choose. Consider your strengths across departments – business and IT, the consumers of your services, and your current/future commitments to service quality.

    Remember that a vision statement is internally facing for other members of your company throughout the process.

    A mission expresses why you exist.

    While your vision is a declaration of where your organization aspires to be in the future, your mission statement should communicate the fundamental purpose of the data management practice.

    It identifies the function of the practice, what it produces, and its high-level goals that are linked to delivering timely, high-quality, relevant, and valuable data to business processes and end users. Consider if the practice is responsible for providing data for analytical and/or operational use cases.

    A mission statement should be a concise and clear statement of purpose for both internal and external stakeholders.

    “The Vision is the What, Where or Who you want the company to become. The Mission is the WHY the company exists, it is your purpose, passion or cause.” (Doug Meyer-Cuno, Forbes, 2021)

    Data Management Vision and Mission Statements: Draft

    Vision and mission statements crafted by the workshop participants. These statements are to be reviewed, refined into a single version, approved by members of the senior leadership team, and then communicated to the wider organization.

    Corporate

    Group 1

    Group 2

    Vision:
    Create and maintain an institution of world-class excellence.
    Vision: Vision:
    Mission:
    Foster an economic and financial environment conducive to sustainable economic growth and development.
    Mission: Mission:

    Information management framework

    The information management framework is a way to organize all the ECM program’s guidelines and artifacts

    Information management framework with 'Information Management Vision' above six principles. Below them are 'Information Management Policies' and 'Information Management Standards and Procedures.'

    The vision is a statement about the organization’s goals and provides a basis to guide decisions and rally employees toward a shared goal.

    The principles or themes communicate the organization’s priorities for its information management program.

    Policies are a set of official guidelines that determine a course of action. For example: Company is committed to safety for its employees.

    Procedures are a set of actions for doing something. For example: Company employees will wear protective gear while on the production floor.

    Craft your vision

    Use the insights you gathered from users and stakeholders to develop a vision statement
    • The beginning of a data management practice is a clear set of goals and key performance indicators (KPIs).
      A good set of goals takes time and input from senior leadership and stakeholders.
    • The data management program lead is selling a compelling vision of what is possible.
    • The vision also helps set the scope and expectations about what the data management program lead is and is not doing.
    • Be realistic about what you can do and how long it will take to see a difference.
    Table comparing the talk (mission statements, vision statements, and values) with the walk (strategies/goals, objectives, and tactical plans). Example vision statements:
    • The organization is dedicated to creating an enabling structure that helps the organization get the right information to the right people at the right time.
    • The organization is dedicated to creating a program that recognizes data as an asset, establishing a data-centric culture, and ensuring data quality and accessibility to achieve service excellence.
    The vision should be short, memorable, inspirational and draw a clear picture of what that future-state data management experience looks like.

    Is it modern and high end, with digital self-service?

    Is it a trusted and transparent steward of customer assets?

    1.4.2 Create guiding principles

    Input: Sample data management guiding principles, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Data management guiding principles

    Materials: Markers and pens, Whiteboard, Online whiteboard, Guiding principles samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Draft a set of guiding principles that express your program’s values as a framework for decisions and actions and keep the data strategy alive.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to craft a set of data management guiding principles.
    2. Refer to industry sample guiding principles for data management.
    3. Discuss what’s important to stakeholders and owners, e.g. security, transparency, integrity. Good guiding principles address real challenges.
    4. A helpful tip: Craft principles as “We will…” statements for the problems you’ve identified.

    Twelve data management universal principles

    [SAMPLE]
    Principle Definitions
    Data Is Accessible Data is accessible across the organization based on individuals’ roles and privileges.
    Treat Data as an Asset Treat data as a most valuable foundation to make right decisions at the right time. Manage the data lifecycle across organization.
    Manage Data Define strategic enterprise data management that defines, integrates, and effectively retrieves data to generate accurate, consistent insights.
    Define Ownership & Stewardship Organizations should clearly appoint data owners and data stewards and ensure all team members understand their role in the company’s data management system.
    Use Metadata Use metadata to ensure data is properly managed by tacking how data has been collected, verified, reported, and analyzed.
    Single Source of Truth Ensure the master data maintenance across the organization.
    Ensure Data Quality Ensure data integrity though out the lifecycle of data by establishing a data quality management program.
    Data Is Secured Classify and maintain the sensitivity of the data.
    Maximize Data Use Extend the organization’s ability to make the most of its data.
    Empower the Users Foster data fluency and technical proficiency through training to maximize optimal business decision making.
    Share the Knowledge Share and publish the most valuable insights appropriately.
    Consistent Data Definitions Establish a business data glossary that defines consistent business definitions and usage of the data.

    Create a Data Management Roadmap

    Phase 2

    Assess Data Management and Build Your Roadmap

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Understand your current data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify priority initiatives and planning timelines for data management improvements.

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data owners, records managers, regulatory subject matter experts (e.g. legal counsel, security)

    Step 2.1

    Assess Your Data Management Capabilities

    Activities

    2.1.1 Define current state of data management capabilities

    2.1.2 Set target state and identify gaps

    This step will guide you through the following activities:

    • Assess the current state of your data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify gaps and prioritize focus areas for improvement.

    Outcomes of this step

    • A prioritized set of improvement areas aligned with business value stream and drivers

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    Define current state

    The Data Management Assessment and Planning Tool will help you analyze your organization’s data requirements, identify data management strategies, and systematically develop a plan for your target data management practice.
    • Based on Info-Tech’s Data Management Framework, evaluate the current-state performance levels for your organization’s data management practice.
    • Use the CMMI maturity index to assign values 1 to 5 for each capability and enabler.

    A visualization of stairs numbered up from the bottom. Main headlines of each step are 'Initial and Reactive', 'Managed while developing DG capabilities', 'Defined DG capabilities', 'Quantitatively Managed by DG capabilities', and 'Optimized'.

    Sample of the 'Data Management Current State Assessment' form the Data Management Assessment and Planning Tool.

    2.1.1 Define current state

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map

    Output: Current-state data management capabilities

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g. Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign current-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 4, “Current State Assessment,” populate a current-state value for each item in the Data Management Capabilities worksheet.
    5. Once you’ve entered values in tab 4, a visual and summary report of the results will be generated on tab 5, “Current State Results.”

    2.1.2 Set target state and identify gaps

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map to identify priorities

    Output: Target-state data management capabilities, Gaps identification and analysis

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g., Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign target-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 6, “Target State & Gap Analysis,” enter maturity values in each item of the Capabilities worksheet in the Target State column.
    5. Once you’ve assigned both target-state and current-state values, the tool will generate a gap analysis chart on tab 7, “Gap Analysis Results,” where you can start to decide first- and second-line priorities.

    Step 2.2

    Build Your Data Management Roadmap

    Activities

    2.2.1 Describe gaps

    2.2.2 Define gap initiatives

    2.2.2 Build a data management roadmap

    This step will guide you through the following activities:

    • Identify and understand data management gaps.
    • Develop data management improvement initiatives.
    • Build a data management–prioritized roadmap.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.2.1 Describe gaps

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gaps result, describe the nature of the gap, which will lead to specific initiatives for the data management plan:

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, enter additional context about the nature and extent of each gap in the Gap Description column.
    2. Based on the best-practices framework we walked through in Phase 1, note the specific areas that are not fully developed in your organization; for example, we don’t have a model of our environment and its integrations, or there isn’t an established data quality practice with proactive monitoring and intervention.

    2.2.2 Define gap initiatives

    Input: Gaps analysis, Gaps descriptions

    Output: Data management initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gap analysis, start to define the data management initiatives that will close the gaps and help the organization achieve its target state.

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, note in the Gap Initiative column what actions you can take to address the gap for each item. For example, if we found through diagnostics and use cases that users didn’t understand the meaning of their data or reports, an initiative might be, “Build a standard enterprise business data catalog.”
    2. It’s an opportunity to brainstorm, to be creative, and think about possibilities. We’ll use the roadmap step to select initiatives from this list.
    3. There are things we can do right away to make a difference. Acknowledge the resources, talent, and leadership momentum you already have in your organization and leverage those to find activities that will work in your culture. For example, one company held a successful Data Day to socialize the roadmap and engage users.

    2.2.3 Build a data management roadmap

    Input: Gap initiatives, Target state and current-state assessment

    Output: Data management initiatives and roadmap

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Start to list tangible actions you will take to address gaps and achieve data objectives and business goals along with timelines and responsibility:

    1. With an understanding of your priority areas and specific gaps, and referring back to your use cases, draw up specific initiatives that you can track, measure, and align with your original goals.
    2. For example, in data governance, initiatives might include:
      • Assign data owners and stewards for all data assets.
      • Consolidate disparate business data catalogs.
      • Create a data governance charter or terms of reference.
    3. Alongside the initiatives, fill in other detail, especially who is responsible and timing (start and end dates). Assigning responsibility and some time markers will help to keep momentum alive and make the work projects real.

    Step 2.3

    Organize Business Data Domains

    Activities

    2.3.1 Define business data domains and assign owners

    This step will guide you through the following activities:

    • Identify business data domains that flow through and support the systems environment and business processes.
    • Define and organize business data domains with assigned owners, artifacts, and profiles.
    • Apply the domain map to building governance program.

    Outcomes of this step

    • Business data domain map with assigned owners and artifacts

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.3.1 Define business data domains

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Identify the key data domains for each line of business, where the data resides, and the main contact or owner.

    1. We have an understanding of what the business wants to achieve, e.g. build customer loyalty or comply with privacy laws. But where is the data that can help us achieve that? What systems is that data moving and living in and who, if anyone, owns it?
    2. Define the main business data domains apart from what system it may be spread over. Use the worksheet on the next slide as an example.
    3. Examples of business data domains: Customer, Product, Vendor.
    4. Each domain should have owners and associated business processes. Assign data domain owners, application owners, and business process owners.

    Business and data domains

    [SAMPLE]

    Business Domain App/Data Domains Business Stewards Application Owners Business Owners
    Client Experience and Sales Tech Salesforce (Sales, Service, Experience Clouds), Mulesoft (integration point) (Any team inputting data into the system)
    Quality and Regulatory Salesforce
    Operations Salesforce, Salesforce Referrals, Excel spreadsheets, SharePoint
    Finance Workday, Sage 300 (AccPac), Salesforce, Moneris Finance
    Risk/Legal Network share drive/SharePoint
    Human Resources Workday, Network share drive/SharePoint HR team
    Corporate Sales Salesforce (Sales, Service, Health, Experience Clouds),
    Sales and Client Success Mitel, Outlook, PDF intake forms, Workday, Excel. Sales & Client Success Director, Marketing Director CIO, Sales & Client Success Director, Marketing Director

    Embrace the technology

    Make the available data governance tools and technology work for you:
    • Data catalog
    • Business data glossary
    • Data lineage
    • Metadata management
    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.
    Array of logos of tech companies whose products are used for this type of work: Informatica, Collibra, Tibco, Alation, Immuta, TopQuadrant, and SoftwareReviews.

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
    Photo of an analyst.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    Sample of the Data Governance Strategy Map slide from earlier.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data management roadmap, aligning data management initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.
    Sample of a 'Data Management Enablers' table.

    Formulate a Plan to Get to Your Target State

    Develop a data management future-state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Stock image of people pointing to a tablet with a dashboard.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.
    Sample of the 'Data & Analytics Landscape' slide from earlier.

    Understand the Data and Analytics Landscape

    Optimize your data and analytics environment.
    Stock image of co-workers looking at the same thing.

    Build a Data Pipeline for Reporting and Analytics

    Data architecture best practices to prepare data for reporting and analytics.

    Research Contributors

    Name Position Company
    Anne Marie Smith Board of Directors DAMA International
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Mario Cantin Chief Data Strategist Prodago
    Martin Sykora Director NexJ Analytics
    Michael Blaha Author, Patterns of Data Modeling Consultant
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Ranjani Ranganathan Product Manager, Research – Workshop Delivery Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group

    Bibliography

    AIIM, “What is Enterprise Content Management (ECM)?” Intelligent Information Management Glossary, AIIM, 2021. Web.

    BABOK V3: A Guide to Business Analysis Body of Knowledge. IIBA, 2014. Web.

    Barton, Dominic, and David Court. "Three Keys To Building a Data-Driven Strategy." McKinsey and Company, 1 Mar. 2013. Web.

    Boston University Libraries. "Data Life Cycle » Research Data Management | Boston University." Research Data Management RSS. Boston University, n.d. Accessed Oct. 2015.

    Chang, Jenny. “97 Supply Chain Statistics You Must Know: 2020 / 2021 Market Share Analysis & Data.” FinancesOnline, 2021. Web.

    COBIT 5: Enabling Information. ISACA, 2013. Web.

    CSC (Computer Sciences Corporation), Big Data Infographic, 2012. Web.

    DAMA International. DAMA-DMBOK Guide. 1st ed., Technics Publications, 2009. Digital.

    DAMA International. “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK2 Guide).” 2nd ed., 2017. Accessed June 2017.

    Davenport, Thomas H. "Analytics in Sports: The New Science of Winning." International Institute for Analytics, 2014. Web.

    Department of Homeland Security. Enterprise Data Management Policy. Department of Homeland Security, 25 Aug. 2014. Web.

    Enterprise Data Management Data Governance Plan. US Federal Student Aid, Feb. 2007. Accessed Oct. 2015.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021.

    Fasulo, Phoebe. “6 Data Management Trends in Financial Services.” SecurityScorecard, 3 June 2021. Web.

    Georgia DCH Medicaid Enterprise – Data Management Strategy. Georgia Department of Community Health, Feb. 2015. Accessed Oct. 2015.

    Hadavi, Cyrus. “Use Exponential Growth of Data to Improve Supply Chain Operations.” Forbes, 5 Oct. 2021. Web.

    Harbert, Tam. “Tapping the power of unstructured data.” MIT Sloan, 1 Feb. 2021. Web.

    Hoberman, Steve, and George McGeachie. Data Modeling Made Simple with PowerDesigner. Technics Pub, 2011. Print.

    “Information Management Strategy.” Information Management – Alberta. Service Alberta, Nov.-Dec. 2013. Web.

    Jackson, Brian, et al. “2021 Tech Trends.” Info-Tech Research Group, 2021. Web.

    Jarvis, David, et al. “The hyperquantified athlete: Technology, measurement, and the business of sports.” Deloitte Insights, 7 Dec. 2020. Web.

    Bibliography

    Johnson, Bruce. “Leveraging Subject Area Models.” EIMInsight Magazine, vol. 3, no. 4, April 2009. Accessed Sept. 2015.

    Lewis, Larry. "How to Use Big Data to Improve Supply Chain Visibility." Talking Logistics, 14 Sep. 2014. Web.

    McAfee, Andrew, and Erik Brynjolfsson. “Big Data: The Management Revolution,” Harvard Business Review, vol. 90, no. 10, 2012, pp. 60-68.

    Meyer-Cuno, Doug. “Is A Vision Statement Important?” Forbes, 24 Feb. 2021. Web.

    MIT. “Big Data: The Management Revolution.” MIT Center for Digital Business, 29 May 2014. Accessed April 2014.

    "Open Framework, Information Management Strategy & Collaborative Governance.” MIKE2 Methodology RSS, n.d. Accessed Aug. 2015.

    PwC. “Asset Management 2020: A Brave New World.” PwC, 2014. Accessed April 2014.

    Riley, Jenn. Understanding Metadata: What is Metadata, and What is it For: A Primer. NISO, 1 Jan. 2017. Web.

    Russom, Philip. "TDWI Best Practices Report: Managing Big Data." TDWI, 2013. Accessed Oct. 2015.

    Schneider, Joan, and Julie Hall. “Why Most Product Launches Fail.” Harvard Business Review, April 2011. Web.

    Sheridan, Kelly. "2015 Trends: The Growth of Information Governance | Insurance & Technology." InformationWeek. UBM Tech, 10 Dec. 2014. Accessed Nov. 2015.

    "Sports Business Analytics and Tickets: Case Studies from the Pros." SloanSportsConference. Live Analytics – Ticketmaster, Mar. 2013. Accessed Aug. 2015.

    Srinivasan, Ramya. “Three Analytics Breakthroughs That Will Define Business in 2021.” Forbes, 4 May 2021. Web.

    Statista. “Amount of data created, consumed, and stored 2010-2020.” Statista, June 2021. Web.

    “Understanding the future of operations: Accenture Global Operations Megatrends research.” Accenture Consulting, 2015. Web.

    Vardhan, Harsh. “Why So Many Product Ideas Fail?” Medium, 26, Sept. 2020. Web.

    Applications Priorities 2022

    • Buy Link or Shortcode: {j2store}183|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy

    There is always more work than hours in the day. IT often feels understaffed and doesn’t know how to get it all done. Trying to satisfy all the requests results in everyone getting a small piece of the pie and in users being dissatisfied.

    Our Advice

    Critical Insight

    Focusing on one initiative will allow leaders to move the needle on what is important.

    Impact and Result

    Focus on the big picture, leveraging Info-Tech’s blueprints. By increasing maturity and efficiency, IT staff can spend more time on value-added activities.

    Applications Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Applications Priorities 2022 – A deck that discusses the five priorities we are seeing among Applications leaders.

    There is always more work than hours in the day. IT often feels understaffed and doesn’t know how to get it all done. Trying to satisfy all the requests results in everyone getting a small piece of the pie and in users being dissatisfied. Use Info-Tech's Applications Priorities 2022 to learn about the five initiatives that IT should prioritize for the coming year.

    • Applications Priorities Report for 2022
    [infographic]

    Find Value With Cloud Asset Management

    • Buy Link or Shortcode: {j2store}61|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Spending on cloud platforms and software-as-a-service (SaaS) is growing, and with spending comes waste.
    • The barriers are drastically lower for purchasing SaaS and cloud services as compared to traditional IT components.
    • Skills gap: IT asset managers tend not to have the skills to optimize spending on cloud platforms.
    • New space, new tools: The IT asset management market space is still developing cloud asset management and SaaS management capabilities. Practitioners must rely on cloud optimization tools in the meantime.

    Our Advice

    Critical Insight

    • IT asset managers are uniquely suited to provide value here. They already optimize costs and manage assets.
    • Scope creep is a killer. Focus first on your highest value, highest risk cloud instances.
    • Don’t completely centralize. Central oversight is powerful, but outsource some responsibility to the business.

    Impact and Result

    • Introduce governance: Work with developers, power business users, and infrastructure groups to define a governance approach to cloud assets and to SaaS.
    • Standardize high-impact, low-effort cloud services: Focus your efforts where they will have the most value and in places where you can provide early value.
    • Update your processes: Ensure that your asset registers and your configuration management database is up to date when cloud assets are provisioned and quiesced.

    Find Value With Cloud Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement IT asset management for cloud instances and SaaS, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define cloud asset management

    Define when a cloud instance is an asset, and what it means for the asset to be managed.

    • Find Value With Cloud Asset Management – Phase 1: Define Cloud Asset Management
    • Cloud Asset Management Standard Operating Procedures
    • Cloud Instance Provisioning Standards Checklist

    2. Build cloud asset management practices

    Develop an approach to auditing and optimizing cloud assets.

    • Find Value With Cloud Asset Management – Phase 2: Build Cloud Asset Management Practices
    • Cloud Asset Management Policy
    • Monthly Cloud Asset Optimization Checklist
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Build a Strategic Infrastructure Roadmap

    • Buy Link or Shortcode: {j2store}332|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $36,636 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Getting a seat at the table is your first objective in building a strategic roadmap. Knowing what the business wants to do and understanding what it will need in the future is a challenge for most IT departments.

    This could be a challenge such as:

    • Understanding the business vision
    • Clear communications on business planning
    • Insight into what the future state should look like
    • Understanding what the IT team is spending its time on day to day

    Our Advice

    Critical Insight

    • Having a clear vision of what the future state is and knowing that creating an IT Infrastructure roadmap is never finished will give your IT team an understanding of priorities, goals, business vision, and risks associated with not planning.
    • Understand what you are currently paying for and why.

    Impact and Result

    • Understanding of the business priorities, and vision of the future
    • Know what your budget is spent on: running the business, growth, or innovation
    • Increased communication with the right stakeholders
    • Better planning based on analysis of time study, priorities, and business goals

    Build a Strategic Infrastructure Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Strategic Infrastructure Roadmap Storyboard – Improve and align goals and strategy.

    In this section you will develop a vision and mission statement and set goals that align with the business vision and goals. The outcome will deliver your guiding principles and a list of goals that will determine your initiatives and their priorities.

    • Build Your Infrastructure Roadmap Storyboard
    • Strategic Infrastructure Roadmap Tool

    2. Financial Spend Analysis Template – Envision future and analyze constraints.

    Consider your future state by looking at technology that will help the business in the future. Complete an analysis of your past spending to determine your future spend. Complete a SWOT analysis to determine suitability.

    • Financial Spend Analysis Template

    3. Strategic Roadmap Initiative Template – Align and build the roadmap.

    Develop a risk framework that may slow or hinder your strategic initiatives from progressing and evaluate your technical debt. What is the current state of your infrastructure? Generate and prioritize your initiatives, and set dates for completion.

    • Strategic Roadmap Initiative Template

    4. Infrastructure and Strategy Executive Brief Template – Communicate and improve the process.

    After creating your roadmap, communicate it to your audience. Identify who needs to be informed and create an executive brief with the template download. Finally, create KPIs to measure what success looks like.

    • Infrastructure Strategy and Roadmap Executive Presentation Template
    • Infrastructure Strategy and Roadmap Report Template

    Infographic

    Further reading

    Build a Strategic Infrastructure Roadmap

    Align infrastructure investment to business-driven goals.

    Analysts' Perspectives

    Infrastructure roadmaps are an absolute necessity for all organizations. An organization's size often dictates the degree of complexity of the roadmap, but they all strive to paint the future picture of the organization's IT infrastructure.

    Infrastructure roadmaps typically start with the current state of infrastructure and work on how to improve. That thinking must change! Start with the future vision, an unimpeded vision, as if there were no constraints. Now you can see where you want to be.

    Look at your past to determine how you have been spending your infrastructure budget. If your past shows a trend of increased operational expenditures, that trend will likely continue. The same is true for capital spending and staffing numbers.

    Now that you know where you want to go, and how you ended up where you are, look at the constraints you must deal with and make a plan. It's not as difficult as it may seem, and even the longest journey begins with one step.

    Speaking of that first step, it should be to understand the business goals and align your roadmap with those same goals. Now you have a solid plan to develop a strategic infrastructure roadmap; enjoy the journey!

    There are many reasons why you need to build a strategic IT infrastructure roadmap, but your primary objectives are to set the long-term direction, build a framework for decision making, create a foundation for operational planning, and be able to explain to the business what you are planning. It is a basis for accountability and sets out goals and priorities for the future.

    Other than knowing where you are going there are four key benefits to building the roadmap.

    1. It allows you to be strategic and transformative rather than tactical and reactive.
    2. It gives you the ability to prioritize your tasks and projects in order to get them going.
    3. It gives you the ability to align your projects to business outcomes.
    4. Additionally, you can leverage your roadmap to justify your budget for resources and infrastructure.

    When complete, you will be able to communicate to your fellow IT teams what you are doing and get an understanding of possible business- or IT-related roadblocks, but overall executing on your roadmap will demonstrate to the business your competencies and ability to succeed.

    PJ Ryan

    PJ Ryan
    Research Director
    Infrastructure & Operations Practice
    Info-Tech Research Group

    John Donovan

    John Donovan
    Principal Research Director
    Infrastructure & Operations Practice
    Info-Tech Research Group

    Build a Strategic Infrastructure Roadmap

    Align infrastructure investment to business-driven goals.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    When it comes to building a strategic roadmap, getting a seat at the table is your first objective. Knowing what the business wants to do and understanding its future needs is a challenge for most IT organizations.

    Challenges such as:

    • Understanding the business vision
    • Clear communications on business planning
    • Insight into what the future state should look like

    Common Obstacles

    Fighting fires, keeping the lights on, patching, and overseeing legacy debt maintenance – these activities prevent your IT team from thinking strategically and looking beyond day-to-day operations. Issues include:

    • Managing time well
    • Building the right teams
    • Setting priorities

    Procrastinating when it comes to thinking about your future state will get you nowhere in a hurry.

    Info-Tech's Approach

    Look into your past IT spend and resources that are being utilized.

    • Analyze all aspects of the operation, and resources required.
    • Be realistic with your timelines.
    • Work from the future state backward.

    Build your roadmap by setting priorities, understanding risk and gaps both in finance and resources. Overall, your roadmap is never done, so don't worry if you get it wrong on the first pass.

    Info-Tech Insight

    Have a clear vision of what the future state is, and know that when creating an IT infrastructure roadmap, it is never done. This will give your IT team an understanding of priorities, goals, business vision, and risks associated with not planning. Understand what you are currently paying for and why.

    Insight Summary

    "Planning is bringing the future into the present so that you can do something about it now."
    Source: Alan Lakein, Libquotes

    Your strategic objectives are key to building a roadmap

    Many organizations' day-to-day IT operations are tactical and reactive. This needs to change; the IT team needs to become strategic and proactive in its planning and execution. Forward thinking bridges the gap from your current state, to what the organization is, to what it wants to achieve. Your strategic objectives need to align to the business vision and goals and keep it running.

    Your future state will determine your roadmap priorities

    Identify what the business needs to meet its goals; this should be reflected in your roadmap priorities. Then identify the tasks and projects that can get you there. Business alignment is key, as these projects require prioritization. Strategic initiatives that align to business outcomes will be your foundation for planning on those priorities. If you do not align your initiatives, you will end up spinning your wheels. A good strategic roadmap will have all the elements of forward thinking and planning to execute with the right resources, right priorities, and right funding to make it happen.

    Understand what you have been paying for the last few years

    Measure the cost of "keeping the lights on" as a baseline for your budget that is earmarked and already spent. Determine if your current spend is holding back innovation due to:

    1. The high cost of maintenance
    2. Resources in operations doing low-value work due to the effort required to do tasks related to break/fix on aging hardware and software

    A successful strategic roadmap will be determined when you have a good handle on your current spending patterns and planning for future needs that include resources, budget, and know-how. Without a plan and roadmap, that plan will not get business buy-in or funding.

    Top challenges reported by Info-Tech members

    Lack of strategic direction

    • Infrastructure leadership must discover the business goals.

    Time seepage

    • Project time is constantly being tracked incorrectly.

    Technical debt

    • Aging equipment is not proactively cycled out with newer enabling technologies.

    Case Study

    The strategic IT roadmap allows Dura to stay at the forefront of automotive manufacturing.

    INDUSTRY: Manufacturing
    SOURCE: Performance Improvement Partners

    Challenge

    Following the acquisition of Dura, MiddleGround aimed to position Dura as a leader in the automotive industry, leveraging the company's established success spanning over a century.

    However, prior limited investments in technology necessitated significant improvements for Dura to optimize its processes and take advantage of digital advancements.

    Solution

    MiddleGround joined forces with PIP to assess technology risks, expenses, and prospects, and develop a practical IT plan with solutions that fit MiddleGround's value-creation timeline.

    By selecting the top 15 most important IT projects, the companies put together a feasible technology roadmap aimed at advancing Dura in the manufacturing sector.

    Results

    Armed with due diligence reports and a well-defined IT plan, MiddleGround and Dura have a strategic approach to maximizing value creation.

    By focusing on key areas such as analysis, applications, infrastructure and the IT organization, Dura is effectively transforming its operations and shaping the future of the automotive manufacturing industry.

    How well do you know your business strategy?

    A mere 25% of managers
    can list three of the company's
    top five priorities.

    Based on a study from MIT Sloan, shared understanding of strategic directives barely exists beyond the top tiers of leadership.

    An image of a bar graph showing the percentage of leaders able to correctly list a majority of their strategic priorities.

    Take your time back

    Unplanned incident response is a leading cause of the infrastructure time crunch, but so too are nonstandard service requests and service requests that should be projects.

    29%

    Less than one-third of all IT projects finish on time.

    200%

    85% of IT projects average cost overruns of 200% and time overruns of 70%.

    70%

    70% of IT workers feel as though they have too much work and not enough time to do it.

    Source: MIT Sloan

    Inventory Assessment

    Lifecycle

    Refresh strategies are still based on truisms (every three years for servers, every seven years for LAN, etc.) more than risk-based approaches.

    Opportunity Cost

    Assets that were suitable to enable business goals need to be re-evaluated as those goals change.

    See Info-Tech's Manage Your Technical Debt blueprint

    an image of info-tech's Manage your technical debt.

    Key IT strategy initiatives can be categorized in three ways

    IT key initiative plan

    Initiatives collectively support the business goals and corporate initiatives, and improve the delivery of IT services.

    1. Business support
      • Support major business initiatives
      • Each corporate initiative is supported by a major IT project and each project has unique IT challenges that require IT support.
    2. IT excellence
      • Reduce risk and improve IT operational excellence
      • These projects will increase IT process maturity and will systematically improve IT.
    3. Innovation
      • Drive technology innovation
      • These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.

    Info-Tech Insight

    A CIO has three roles: enable business productivity, run an effective IT shop, and drive technology innovation. Your key initiative plan must reflect these three mandates and how IT strives to fulfill them.

    IT must accomplish many things

    Manage
    the lifecycle of aging equipment against current capacity and capability demands.

    Curate
    a portfolio of enabling technologies to meet future capacity and capability demands.

    Initiate
    a realistic schedule of initiatives that supports a diverse range of business goals.

    Adapt
    to executive feedback and changing business goals.

    an image of Info-Tech's Build your strategic roadmap

    Primary and secondary infrastructure drivers

    • Primary driver – The infrastructure component that is directly responsible for enabling change in the business metric.
    • Secondary driver – The infrastructure component(s) that primary drivers rely on.

    (Source: BMC)

    Sample primary and secondary drivers

    Business metric Source(s) Primary infrastructure drivers Secondary infrastructure drivers

    Sales revenue

    Online store

    Website/Server (for digital businesses)

    • Network
    • Data center facilities

    # of new customers

    Call center

    Physical plant cabling in the call center

    • PBX/VOIP server
    • Network
    • Data center facilities

    Info-Tech Insight

    You may not be able to directly influence the primary drivers of the business, but your infrastructure can have a major impact as a secondary driver.

    Info-Tech's approach

    1. Align strategy and goals
    • Establish the scope of your IT strategy by defining IT's mission and vision statements and guiding principles.
  • Envision future and analyze constraints
    • Envision and define your future infrastructure and analyze what is holding you back.
  • Align and build the roadmap
    • Establish a risk framework, identify initiatives, and build your strategic infrastructure roadmap.
  • Communicate and improve the process
    • Communicate the results of your hard work to the right people and establish the groundwork for continual improvement of the process.
  • Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Mission and Vision Statement
    Goal Alignment (Slide 28)

    Construct your vision and mission aligned to the business.

    Mission and Vision Statement

    Strategic Infrastructure Roadmap tool

    Build initiatives and prioritize them. Build the roadmap.

    Strategic Infrastructure Roadmap tool

    Infrastructure Domain Study

    What is stealing your time from getting projects done?

    Infrastructure Domain Study

    Initiative Templates Process Maps & Strategy

    Build templates for initiates, build process map, and develop strategies.

    Initiative Templates Process Maps & Strategy

    Key Deliverable

    it infrastructure roadmap template

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech's methodology for an infrastructure strategy and roadmap

    1. Align Strategy and Goals

    2. Envision Future and Analyze Constraints

    3. Align and Build the Roadmap

    4. Communicate and Improve the Process

    Phase steps

    1.1 Develop the infrastructure strategy

    1.2 Define the goals

    2.1 Define the future state

    2.2 Analyze constraints

    3.1 Align the roadmap

    3.2 Build the roadmap

    4.1 Identify the audience

    4.2 Improve the process

    Phase Outcomes

    • Vision statement
    • Mission statement
    • Guiding principles
    • List of goals
    • Financial spend analysis
    • Domain time study
    • Prioritized list of roadblocks
    • Future-state vision document
    • IT and business risk frameworks
    • Technical debt assessment
    • New technology analysis
    • Initiative templates
    • Initiative candidates
    • Roadmap visualization
    • Process schedule
    • Communications strategy
    • process map
    • Infrastructure roadmap report

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Define mission and vision statements and guiding principles to discuss strategy scope.
    Call #3: Brainstorm goals and definition.

    Call #4: Conduct a spend analysis and a time resource study.
    Call #5: Identify roadblocks.

    Call #6: Develop a risk framework and address technical debt.
    Call #7: Identify new initiatives and SWOT analysis.
    Call #8: Visualize and identify initiatives.
    Call #9: Complete shadow IT and initiative finalization.

    Call #10: Identify your audience and communicate.
    Call #11: Improve the process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 0 (Pre-workshop)

    Session 1

    Session 2

    Session 3

    Session 4

    Session 5 (Post-workshop)

    Elicit business context Align Strategy and Goals Envision Future and Analyze Constraints Align and Build the Roadmap Communicate and Improve the Process Wrap-up (offsite)

    0.1 Complete recommended diagnostic programs.
    0.2 Interview key business stakeholders, as needed, to identify business context: business goals, initiatives, and the organization's mission and vision.
    0.3 (Optional) CIO to compile and prioritize IT success stories.

    1.1 Infrastructure strategy.
    1.1.1 Review/validate the business context.
    1.1.2 Construct your mission and vision statements.
    1.1.3 Elicit your guiding principles and finalize IT strategy scope.

    1.2 Business goal alignment
    1.2.1 Intake identification and analysis.
    1.2.2 Survey results analysis.
    1.2.3 Brainstorm goals.
    1.2.4 Perform goal association and analysis.

    2.1 Define the future state.
    2.1.1 Conduct an emerging technology discussion.
    2.1.2 Document desired future state.
    2.1.3 Develop a new technology identification process.
    2.1.4 Compete SWOT analysis.

    2.2 Analyze your constraints
    2.2.1 Perform a historical spend analysis.
    2.2.2 Conduct a time study.
    2.2.3 Identify roadblocks.
    .

    3.1 Align the roadmap
    3.1.1 Develop a risk framework.
    3.1.2 Evaluate technical debt.

    3.2 Build the roadmap.
    3.2.1 Build effective initiative templates.
    3.2.2 Visualize.
    3.2.3 Generate new initiatives.
    3.2.4 Repatriate shadow IT initiatives.
    3.2.5 Finalize initiative candidates.

    4.2 Identify the audience
    4.1.1 Identify required authors and target audiences.
    4.1.2 Plan the process.
    4.1.2 Identify supporters and blockers.

    4.2 Improve the process
    4.2.1 Evaluate the value of each process output.
    4.2.2 Brainstorm improvements.
    4.2.3 Set realistic measures.

    5.1 Complete in-progress deliverables from previous four days.
    5.2 Set up time to review workshop deliverables and discuss next steps.

    1. SWOT analysis of current state
    2. Goals cascade
    3. Persona analysis
    1. Vision statement, mission statement, and guiding principles
    2. List of goals
    1. Spend analysis document
    2. Domain time study
    3. Prioritized list of roadblocks
    4. Future state vision document
    1. IT and business risk frameworks
    2. Technical debt assessment
    3. New technology analysis
    4. Initiative templates
    5. Initiative candidates
    1. Roadmap visualization
    2. Process schedule
    3. Communications strategy
    4. Process map
    1. Strategic Infrastructure Roadmap Report

    Phase 1

    Align Strategy and Goals

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • How to build IT mission and vision statements
    • How to elicit IT guiding principles
    • How to finalize and communicate your IT strategy scope

    This phase involves the following participants:

    • CIO
    • Senior IT Team

    Step 1.1

    Develop the Infrastructure Strategy

    Activities

    1.1.1 Review/validate the business context

    1.1.2 Construct your mission and vision statements

    1.1.3 Elicit your guiding principles and finalize IT strategy scope

    This step requires the following inputs:

    • Business Mission Statement
    • Business Vision Statement
    • Business Goals

    This step involves the following participants:

    • Roadmap team

    Outcomes of this step

    • IT mission statement
    • IT vision statement
    • Guiding principles

    To complete this phase, you will need:

    Infrastructure Strategy and Roadmap Report Template

    Infrastructure Strategy and Roadmap Report Template

    Use the IT Infrastructure Strategy and Roadmap Report Template to document the results from the following activities:

    • Mission and Vision Statements
    • Business impact
    • Roadmap

    IT must aim to support the organization's mission and vision

    A mission statement

    • Focuses on today and what an organization does to achieve the mission.
    • Drives the company.
    • Answers: What do we do? Who do we serve? How do we service them?

    "A mission statement focuses on the purpose of the brand; the vision statement looks to the fulfillment of that purpose."

    A vision statement

    • Focuses on tomorrow and what an organization ultimately wants to become.
    • Gives the company direction.
    • Answers: What problems are we solving? Who and what are we changing?

    "A vision statement provides a concrete way for stakeholders, especially employees, to understand the meaning and purpose of your business. However, unlike a mission statement – which describes the who, what, and why of your business – a vision statement describes the desired long-term results of your company's efforts."
    Source: Business News Daily, 2020

    Characteristics of mission and vision statements

    A strong mission statement has the following characteristics:

    • Articulates the IT function's purpose and reason for existence.
    • Describes what the IT function does to achieve its vision.
    • Defines the customers of the IT function.
    • Is:
      • Compelling
      • Easy to grasp
      • Sharply focused
      • Concise

    A strong vision statement has the following characteristics:

    • Describes a desired future achievement.
    • Focuses on ends, not means.
    • Communicates promise.
    • Is:
      • Concise; no unnecessary words
      • Compelling
      • Achievable
      • Measurable

    Derive the IT mission and vision statements from the business

    Begin the process by identifying and locating the business mission and vision statements.

    • Corporate websites
    • Business strategy documents
    • Business executives

    Ensure there is alignment between the business and IT statements.

    Note: Mission statements may remain the same unless the IT department's mandate is changing.

    an image showing Business mission, IT mission, Business Vision, and IT Vison.

    1.1.2 Construct mission and vision statements

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 1:

    1. Gather the IT strategy creation team and revisit your business context inputs, specifically the corporate mission statement.
    2. Begin by asking the participants:
        1. What is our job as a team?
        2. What's our goal? How do we align IT to our corporate mission?
        3. What benefit are we bringing to the company and the world?
      1. Ask them to share general thoughts in a check-in.

    Step 2:

    1. Share some examples of IT mission statements.
    2. Example: IT provides innovative product solutions and leadership that drives growth and
      success.
    3. Provide each participant with some time to write their own version of an IT mission statement.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 3:

    This step involves reviewing individual mission statements, combining them, and building one collective mission statement for the team.

    1. Consider the following approach to build a unified mission statement:

    Use the 20x20 rule for group decision-making. Give the group no more than 20 minutes to craft a collective team purpose with no more than 20 words.

    1. As a facilitator, provide guidelines on how to write for the intended audience. Business stakeholders need business language.
    2. Refer to the corporate mission statement periodically and ensure there is alignment.
    3. Document your final mission statement in your ITRG Infrastructure Strategy and Roadmap Report Template.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 4:

    1. Gather the IT strategy creation team and revisit your business context inputs, specifically the corporate vision statement.
    2. Share one or more examples of vision statements.
    3. Provide participants with sticky notes and writing materials and ask them to work individually for this step.
    4. Ask participants to brainstorm:
      1. What is the desired future state of the IT organization?
      2. How should we work to attain the desired state?
      3. How do we want IT to be perceived in the desired state?
    5. Provide participants with guidelines to build descriptive, compelling, and achievable statements regarding their desired future state.
    6. Regroup as a team and review participant answers.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    1 hour

    Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).

    Step 5:

    1. Ask the team to post their notes on the wall.
    2. Have the team group the words that have a similar meaning or feeling behind them; this will create themes.
    3. When the group is done categorizing the statements into themes, ask if there's anything missing. Did they ensure alignment to the corporate vision statement? Are there any elements missing when considering alignment back to the corporate vision statement?

    Step 6:

    1. Consider each category as a component of your vision statement.
    2. Review each category with participants; define what the behavior looks like when it is being met and what it looks like when it isn't.
    3. As a facilitator, provide guidelines on word-smithing and finessing the language.
    4. Refer to the corporate vision statement periodically and ensure there is alignment.
    5. Document your final mission statement in your IT Strategy Presentation Template.

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    1.1.2 Construct mission and vision statements (cont'd)

    Tips for online facilitation:

    • Pick an online whiteboard tool that allows participants to use a large, zoomable canvas.
    • Set up each topic at a different area of the board; spread them out just like you would do on the walls of a room.
    • Invite participants to zoom in and visit each section and add their ideas as sticky notes once you reach that section of the exercise.
    • If you're not using an online whiteboard, we'd recommend using a collaboration tool such as Google Docs or Teams Whiteboard to collect the information for each step under a separate heading. Invite everyone into the document but be very clear regarding editing rights.
    • Pre-create your screen deck and screen share this with your participants through your videoconferencing software. We'd also recommend sharing this so participants can go through the deck again during the reflection steps.
    • When facilitating group discussion, we'd recommend that participants use non-verbal means to indicate they'd like to speak. You can use tools like Teams' hand-raising tool, a reaction emoji, or have people put their hands up. The facilitator can then invite that person to talk.

    Source: Hyper Island

    Input

    • Business vision statement
    • Business mission statement

    Output

    • IT mission statement
    • IT vision statement

    Materials

    • Sticky notes
    • Markers
    • Whiteboard
    • Paper
    • Collaboration/brainstorming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    IT mission statements demonstrate IT's purpose

    The IT mission statement specifies the function's purpose or reason for being. The mission should guide each day's activities and decisions. The mission statements use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

    Strong IT mission statements have the following characteristics:

    • Articulate the IT function's purpose and reason for existence
    • Describe what the IT function does to achieve its vision
    • Define the customers of the IT function
    • Are:
      • Compelling
      • Easy to grasp
      • Sharply focused
      • Inspirational
      • Memorable
      • Concise

    Sample IT Mission Statements:

    • To provide infrastructure, support, and innovation in the delivery of secure, enterprise-grade information technology products and services that enable and empower the workforce at [Company Name].
    • To help fulfill organizational goals, the IT department is committed to empowering business stakeholders with technology and services that facilitate effective processes, collaboration, and communication.
    • The mission of the information technology (IT) department is to build a solid, comprehensive technology infrastructure; to maintain an efficient, effective operations environment; and to deliver high-quality, timely services that support the business goals and objectives of ABC Inc.
    • The IT department has operational, strategic, and fiscal responsibility for the innovation, implementation, and advancement of technology at ABC Inc. in three main areas: network administration and end-user support, instructional services, and information systems. The IT department provides leadership in long-range planning, implementation, and maintenance of information technology across the organization.
    • The IT group is customer-centered and driven by its commitment to management and staff. It oversees services in computing, telecommunications, networking, administrative computing, and technology training.

    Sample mission statements (cont'd)

    • To collaborate and empower our stakeholders through an engaged team and operational agility and deliver innovative technology and services.
    • To empower our stakeholders with innovative technology and services, through collaboration and agility.
    • To collaborate and empower our stakeholder, by delivering innovative technology and services, with an engaged team and operational agility.
    • To partner with departments and be technology leaders that will deliver innovative, secure, efficient, and cost-effective services for our citizens.
    • As a client-centric strategic partner, provide excellence in IM and IT services through flexible business solutions for achieving positive user experience and satisfaction.
    • Develop a high-performing global team that will plan and build a scalable, stable operating environment.
    • Through communication and collaboration, empower stakeholders with innovative technology and services.
    • Build a robust portfolio of technology services and solutions, enabling science-lead and business-driven success.
    • Guided by value-driven decision making, high-performing teams and trusted partners deliver and continually improve secure, reliable, scalable, and reusable services that exceed customer expectations.
    • Engage the business to grow capabilities and securely deliver efficient services to our users and clients.
    • Engage the business to securely deliver efficient services and grow capabilities for our users and clients.

    IT vision statements demonstrate what the IT organization aspires to be

    The IT vision statement communicates a desired future state of the IT organization. The statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

    Strong IT vision statements have the following characteristics:

    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Are:
      • Concise; no unnecessary words
      • Compelling
      • Achievable
      • Inspirational
      • Memorable

    Sample IT vision statements:

    • To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce.
    • The IT organization will strive to become a world-class value center that is a catalyst for innovation.
    • IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset.
    • Develop and maintain IT and an IT support environment that is secure, stable, and reliable within a dynamic environment.

    Sample vision statements (cont'd)

    • Alignment: To ensure that the IT organizational model and all related operational services and duties are properly aligned with all underlying business goals and objectives. Alignment reflects an IT operation "that makes sense," considering the business served, its interests and its operational imperatives.
    • Engagement: To ensure that all IT vision stakeholders are fully engaged in technology-related planning and the operational parameters of the IT service portfolio. IT stakeholders include the IT performing organization (IT Department), company executives and end-users.
    • Best Practices: To ensure that IT operates in a standardized fashion, relying on practical management standards and strategies properly sized to technology needs and organizational capabilities.
    • Commitment to Customer Service: To ensure that IT services are provided in a timely, high-quality manner, designed to fill the operational needs of the front-line end-users, working within the boundaries established by business interests and technology best practices.

    Quoted From ITtoolkit, 2020

    Case Study

    Acme Corp. was able to construct its IT mission and vison statements by aligning to its corporate mission and vision.

    INDUSTRY: Professional Services
    COMPANY: This case study is based on a real company but was anonymized for use in this research.

    Business

    IT

    Mission

    Vision

    Mission

    Vision

    We help IT leaders achieve measurable results by systematically improving core IT processes, governance, and critical technology projects.

    Acme Corp. will grow to become the largest research firm across the industry by providing unprecedented value to our clients.

    IT provides innovative product solutions and leadership that drives growth and success.

    We will relentlessly drive value to our customers through unprecedented innovation.

    IT guiding principles set the boundaries for your strategy

    Strategic guiding principles advise the IT organization on the boundaries of the strategy.

    Guiding principles are a priori decisions that limit the scope of strategic thinking to what is acceptable organizationally, from budgetary, people, and partnership standpoints. Guiding principles can cover other dimensions, as well.

    Organizational stakeholders are more likely to follow IT principles when a rationale is provided.

    After defining the set of IT principles, ensure that they are all expanded upon with a rationale. The rationale ensures principles are more likely to be followed because they communicate why the principles are important and how they are to be used. Develop the rationale for each IT principle your organization has chosen.

    IT guiding principles = IT strategy boundaries

    Consider these four components when brainstorming guiding principles

    Breadth

    of the IT strategy can span across the eight perspectives: people, process, technology, data, process, sourcing, location, and timing.

    Defining which of the eight perspectives is in scope for the IT strategy is crucial to ensuring the IT strategy will be comprehensive, relevant, and actionable.

    Depth

    of coverage refers to the level of detail the IT strategy will go into for each perspective. Info-Tech recommends that depth should go to the initiative level (i.e. individual projects).

    Organizational coverage

    will determine which part of the organization the IT strategy will cover.

    Planning horizon

    of the IT strategy will dictate when the target state should be reached and the length of the roadmap.

    Consider these criteria when brainstorming guiding principle statements

    Approach focused IT principles are focused on the approach, i.e. how the organization is built, transformed, and operated, as opposed to what needs to be built, which is defined by both functional and non-functional requirements.
    Business relevant Create IT principles that are specific to the organization. Tie IT principles to the organization's priorities and strategic aspirations.
    Long lasting Build IT principles that will withstand the test of time.
    Prescriptive Inform and direct decision-making with IT principles that are actionable. Avoid truisms, general statements, and observations.
    Verifiable If compliance can't be verified, the principle is less likely to be followed.
    Easily digestible IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren't a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.
    Followed

    Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously reinforced to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Review ten universal IT principles to determine if your organization wishes to adopt them

    IT principle name

    IT principle statement

    1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over engineering them.
    3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4. Reuse > buy > build We maximize reuse of existing assets. If we can't reuse, we procure externally. As a last resort, we build custom solutions.
    5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
    6. Controlled technical diversity We control the variety of technology platforms we use.
    7. Managed security We manage security enterprise-wide in compliance with our security governance policy.
    8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
    9. Innovation We seek innovative ways to use technology for business advantage.
    10. Customer centricity We deliver best experiences to our customers with our services and products.

    1.1.3 Elicit guiding principles

    1 hour

    Objective: Generate ideas for guiding principle statements with silent sticky note writing.

    1. Gather the IT strategy creation team and revisit your mission and vision statements.
    2. Ask the group to brainstorm answers individually, silently writing their ideas on separate sticky notes. Provide the brainstorming criteria from the previous slide to all team members. Allow the team to put items on separate notes that can later be shuffled and sorted as distinct thoughts.
    3. After a set amount of time, ask the members of the group to stick their notes to the whiteboard and quickly present them. Categorize all ideas into four major buckets: breadth, depth, organizational coverage, and planning horizon. Ideally, you want one guiding principle to describe each of the four components.
    4. If there are missing guiding principles in any category or anyone's items inspire others to write more, they can stick those up on the wall too, after everyone has presented.
    5. Discuss and finalize your IT guiding principles.
    6. Document your guiding principles in the IT Strategy Presentation Template in Section 1.

    Source: Hyper Island

    Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Four components for eliciting guiding principles
    • Mission and vision statements

    Output

    • IT guiding principles
    • IT strategy scope

    Materials

    • Sticky notes
    • Whiteboard
    • Paper
    • Collaboration/brain-storming tool (whiteboard, flip chart, digital equivalent)

    Participants

    • CIO
    • Senior IT Team

    Guiding principle examples

    • Alignment: Our IT decisions will align with [our organization's] strategic plan.
    • Resources: We will allocate cyber-infrastructure resources based on providing the greatest value and benefit for [the community].
    • User Focus: User needs will be a key component in all IT decisions.
    • Collaboration: We will work within and across organizational structures to meet strategic goals and identify opportunities for innovation and improvement.
    • Transparency: We will be transparent in our decision making and resource use.
    • Innovation: We will value innovative and creative thinking.
    • Data Stewardship: We will provide a secure but accessible data environment.
    • IT Knowledge and Skills: We will value technology skills development for the IT community.
    • Drive reduced costs and improved services
    • Deploy packaged apps – do not develop – retain business process knowledge expertise – reduce apps portfolio
    • Standardize/Consolidate infrastructure with key partners
    • Use what we sell, and help sell
    • Drive high-availability goals: No blunders
    • Ensure hardened security and disaster recovery
    • Broaden skills (hard and soft) across the workforce
    • Improve business alignment and IT governance

    Quoted From: Office of Information Technology, 2014; Future of CIO, 2013

    Case Study

    Acme Corp. elicited guiding principles that set the scope of its IT strategy for FY21.

    INDUSTRY: Professional Services
    COMPANY: Acme Corp.

    The following guiding principles define the values that drive IT's strategy in FY23 and provide the criteria for our 12-month planning horizon.

    • We will focus on big-ticket items during the next 12 months.
    • We will keep the budget within 5%+/- YOY.
    • We will insource over outsource.
    • We will develop a cloud-first technology stack.

    Finalize your IT strategy scope

    Your mission and vision statements and your guiding principles should be the first things you communicate on your IT strategy document.

    Why is this important?

    • Communicating these elements shows how IT supports the corporate direction.
    • The vision and mission statements will clearly articulate IT's aspirations and purpose.
    • The guiding principles will clearly articulate how IT plans to support the business strategically.
    • These elements set expectations with stakeholders for the rest of your strategy.

    Input information into the IT Strategy Presentation Template.

    an image showing the IT Strategy Scope.

    Summary of Accomplishment

    Established the scope of your IT strategy

    • Constructed the IT mission statement to communicate the IT organization's reason for being.
    • Constructed the IT vision statement to communicate the desired future state of the IT organization.
    • Elicited IT's guiding principles to communicate the overall scope and time horizon for the strategy.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Step 1.2

    Business Goal Alignment

    Activities

    1.2.1 Intake identification and analysis

    1.2.2 Survey results analysis

    1.2.3 Goal brainstorming

    1.2.4 Goal association and analysis

    This step requires the following inputs:

    • Last year's accomplished project list
    • Business unit input source list
    • Goal list
    • In-flight initiatives list

    This step involves the following participants:

    • Business leadership
    • Project Management Office
    • Service Desk
    • Business Relationship Management
    • Solution or Enterprise Architecture
    • Roadmap team

    Outcomes of this step

    • Intake analysis
    • Goal list
    • Initiative-to-goal map

    Identify who is expecting what from the infrastructure

    "Typically, IT thinks in an IT first, business second, way: 'I have a list of problems and if I solve them, the business will benefit.' This is the wrong way of thinking. The business needs to be thought of first, then IT."

    – Fred Chagnon, Infrastructure Director,
    Info-Tech Research Group

    Info-Tech Insight

    If you're not soliciting input from or delivering on the needs of the various departments in your company, then who is? Be explicit and track how you communicate with each individual unit within your company.

    Mature project portfolio management and enterprise architecture practices are no substitute for understanding your business clientele.

    It may not be a democracy, but listening to everyone's voice is an essential step toward generating a useful roadmap.

    Building good infrastructure requires an understanding of how it will be used. Explicit consultation with stakeholders maximizes a roadmap's usefulness and holds the enterprise accountable in future roadmap iterations as goals change.

    Who are the customers for infrastructure?

    Internal customer examples:

    • Network Operations manager
    • IT Systems manager
    • Webmaster
    • Security manager

    External customer examples:

    • Director of Sales
    • Operations manager
    • Applications manager
    • Clients
    • Partners and consultants
    • Regulators/government

    1.2.1 Intake identification and analysis

    1 hour

    The humble checklist is the single most effective tool to ensure we don't forget someone or something:

    1. Have everyone write down their top five completed projects from last year – one project per sticky note.
    2. Organize everyone's sticky notes on a whiteboard according to input source – did these projects come from the PMO? Directly from a BRM? Service request? VP or LoB management?
    3. Make a MECE list of these sources on the left-hand side of a whiteboard.
    4. On the right-hand side list all the departments or functional business units within the company.
    5. Draw lines from right to left indicating which business units use which input source to request work.
    6. Optional: Rate the efficacy of each input channel – what is the success rate of projects per channel in terms of time, budget, and functionality?

    Discussion:

    1. How clearly do projects and initiatives arrive at infrastructure to be acted on? Do they follow the predictable formal process with all the needed information or is it more ad hoc?
    2. Can we validate that business units are using the correct input channel to request the appropriate work? Does infrastructure have to spend more time validating the requests of any one channel?
    3. Can we identify business units that are underserved? How about overserved? Infrastructure initiatives tend to be near universal in effect – are we forgetting anyone?
    4. Are all these methods passive (order taking), or is there a process for infrastructure to suggest an initiative or project?

    Input

    • Last year's accomplished project list

    Output

    • Work requested workflow and map

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    Case Study

    Building IT governance and digital infrastructure for tech-enabled student experiences

    INDUSTRY: Education
    COMPANY: Collegis Education

    Challenge

    In 2019, Saint Francis University decided to expand its online program offering to reach students outside of its market.

    It had to first transform its operations to deliver a high-quality, technology-enabled student experience on and off campus. The remote location of the campus posed power outages, Wi-Fi issues, and challenges in attracting and retaining the right staff to help the university achieve its goals.

    It began working with an IT consulting firm to build a long-term strategic roadmap.

    Solution

    The consultant designed a strategic multi-year roadmap for digital transformation that would prioritize developing infrastructure to immediately improve the student experience and ultimately enable the university to scale its online programs. The consultant worked with school leadership to establish a virtual CIO to oversee the IT department's strategy and operations. The virtual CIO quickly became a key advisor to the president and board, identifying gaps between technology initiatives and enrollment and revenue targets. St. Francis staff also transitioned to the consultant's technology team, allowing the university to alleviate its talent acquisition and retention challenges.

    Results

    • $200,000 in funds reallocated to help with upgrades due to streamlined technology infrastructure
    • Updated card access system for campus staff and students
    • Active directory implementation for a secure and strong authentication technology
    • An uninterruptible power supply (UPS) backup is installed to ensure power continues in the event of a power outage
    • Upgrade to a reliable, campus-wide Wi-Fi network
    • Behind-the-scenes upgrades like state-of-the-art data centers to stabilize aging technology for greater reliability

    Track your annual activity by business unit – not by input source

    A simple graph showing the breakdown of projects by business unit is an excellent visualization of who is getting the most from infrastructure services.

    Show everyone in the organization that the best way to get anything done is by availing themselves of the roadmap process.

    An image of two bar graphs, # of initiatives requested
by customer; # of initiatives proposed to customer.

    Enable technology staff to engage in business storytelling by documenting known goals in a framework

    Without a goal framework

    Technology-focused IT staff are notoriously disconnected from the business process and are therefore often unable to explain the outcomes of their projects in terms that are meaningful to the business.

    With a goal framework

    When business, IT, and infrastructure goals are aligned, the business story writes itself as you follow the path of cascading goals upward.

    Info-Tech Best Practice

    So many organizations we speak with don't have goals written down. This rarely means that the goals aren't known, rather that they're not clearly communicated.

    When goals aren't clear, personal agendas can take precedence. This is what often leads to the disconnect between what the business wants and what IT is delivering.

    1.2.2 Survey and results analysis

    1 hour

    Infrastructure succeeds by effectively scaling shared resources for the common good. Sometimes that is a matter of aggregating similarities, sometimes by recognizing where specialization is required.

    1. Have every business unit provide their top three to five current goals or objectives for their department. Emphasize that you are requesting their operational objectives, not just the ones they think IT may be able to help them with.
    2. Put each goal on a sticky note (optional: use a unique sticky note or marker color for each department) and place them on a whiteboard.
    3. Group the sticky notes according to common themes.
    4. Rank each grouping according to number of occurrences.

    Discussion:

    1. This is very democratic. Do certain departments' goals carry more weight more than others?
    2. What is the current business prioritization process? Do the results of our activity match with the current published output of this process?
    3. Consider each business goal in the context of infrastructure activity or technology feature or capability. As infrastructure is a lift function existing only to serve the business, it is important to understand our world in context.

    Examples: The VP of Operations is looking to reduce office rental costs over the next three years. The VP of Sales is focused on increasing the number of face-to-face customer interactions. Both can potentially be served by IT activities and technologies that increase mobility.

    Input

    • Business unit input source list

    Output

    • Prioritized list of business goals

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    1.2.3 Goal brainstorming – Affinity diagramming exercise

    1 hour

    Clarify how well you understand what the business wants.

    1. Ask each participant to consider: "What are the top three priorities of the company [this period]?" They should consider not what they think the priorities should be, but their understanding of what business leadership's priorities actually are.
    2. Have each participant write down their three priorities on sticky notes – one per note.
    3. Select a moderator from the group – not the infrastructure leader or the CIO. The moderator will begin by placing (and explaining) their sticky notes on the whiteboard.
    4. Have each participant place and explain their sticky notes on the whiteboard.
    5. The moderator will assist each participant in grouping sticky notes together based on theme.
    6. Groups that become overly large may be broken into smaller, more precise themes.
    7. Once everyone has placed their sticky notes, and the groups have been arranged and rearranged, you should have a visual representation of infrastructure's understanding of the business' priorities.
    8. Let the infrastructure leader and/or CIO place their sticky notes last.

    Discussion:

    Is there a lot of agreement within the group? What does it mean if there are 10 or 15 groups with equal numbers of sticky notes? What does it mean if there are a few top groups and dozens of small outliers?

    How does the group's understanding compare with that of the Director and/or CIO?

    What mechanisms are in place for the business to communicate their goals to infrastructure? Are they effective? Does the team take the time to reimagine those goals and internalize them?

    What does it mean if infrastructure's understanding differs from the business?

    Input

    • Business unit input source list

    Output

    • Prioritized list of business goals

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    Additional Activity

    Now that infrastructure has a consensus on what it thinks the business' goals are, suggest a meeting with leadership to validate this understanding. Once the first picture is drawn, a 30-minute meeting can help clear up any misconceptions.

    Build your own framework or start with these three root value drivers

    With a framework of cascading goals in place, a roadmap is a Rosetta Stone. Being able to map activities back to governance objectives allows you to demonstrate value regardless of the audience you are addressing.

    An image of the framework for developing a roadmap using three root value drivers.

    (Info-Tech, Build a Business-Aligned IT Strategy 2022)

    1.2.4 Goal association exercise and analysis

    1 hour

    Wherever possible use the language of your customers to avoid confusion, but at least ensure that everyone in infrastructure is using a common language.

    1. Take your business strategy or IT strategy or survey response (Activity 1.2.3) or Info-Tech's fundamental goals list (strategic agility, improved cash flow, innovate product, safety, standardize end-user experience) and write them across the top of a whiteboard.
    2. Have everyone write, on a sticky note, their current in-flight initiatives – one per sticky note.
    3. Have each participant then place each of their sticky notes on the whiteboard and draw a line from the initiative to the goal it supports.
    4. The rest of the group should challenge any relationships that seem unsupported or questionable.

    Discussion:

    1. How many goals are you supporting? Are there too many? Are you doing enough to support the right goals?
    2. Is there a shared understanding of the business goals among the infrastructure staff? Or, do questions about meaning keep coming up?
    3. Do you have initiatives that are difficult to express in terms of business goals? Do you have a lot of them or just a few?

    Input

    • Goal list
    • In-flight initiatives list

    Output

    • Initiatives-to-goals map

    Materials

    • Whiteboard & markers

    Participants

    • Roadmap team

    Summary of Accomplishment

    Review performance from last fiscal year.

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 2

    Envision Future and Analyze Constraints

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • Determine from a greenfield perspective what the future state looks like.
    • Do SWOT analysis on technology you may plan to use in the future.
    • Complete a time study.

    This phase involves the following participants:

    • Roadmap team

    Step 2.1

    Define the future state

    Activities

    2.1.1 Define your future infrastructure vision

    2.1.2 Document desired future state

    2.1.3 Develop a new technology identification process

    2.1.4 Conduct a SWOT analysis

    This step requires the following inputs:

    • Emerging technology interest

    This step involves the following participants:

    • Roadmap team
    • External SMEs

    Outcomes of this step

    • Technology discovery process
    • Technology assessment process
    • Future state vision document

    Future state discussion

    "Very few of us are lucky enough to be one of the first few employees in a new organization. Those of you who get to plan the infrastructure with a blank slate and can focus all of your efforts on doing things right the first time."

    BMC, 2018

    "A company's future state is ultimately defined as the greater vision for the business. It's where you want to be, your long-term goal in terms of the ever-changing state of technology and how that applies to your present-day business."
    "Without a definitive future state, a company will often find themselves lacking direction, making it harder to make pivotal decisions, causing misalignment amongst executives, and ultimately hindering the progression and growth of a company's mission."
    Source: Third Stage Consulting

    "When working with digital technologies, it is imperative to consider how such technologies can enhance the solution. The future state should communicate the vision of how digital technologies will enhance the solutions, deliver value, and enable further development toward even greater value creation."
    Source: F. Milani

    Info-Tech Insight

    Define your infrastructure roadmap as if you had a blank slate – no constraints, no technical debt, and no financial limitations. Imagine your future infrastructure and let that vision drive your roadmap.

    Expertise is not innate; it requires effort and research

    Evaluating new enterprise technology is a process of defining it, analyzing it, and sourcing it.

    • Understand what a technology is in order to have a common frame of reference for discussion. Just as important, understand what it is not.
    • Conduct an internal and external analysis of the technology including an adoption case study.
    • Provide an overview of the vendor landscape, identifying the leading players in the market and how they differentiate their offerings.

    This is not intended to be a thesis grade research project, nor an onerous duty. Most infrastructure practitioners came to the field because of an innate excitement about technology! Harness that excitement and give them four to eight hours to indulge themselves.

    An output of approximately four slides per technology candidate should be sufficient to decided if moving to PoC or pilot is warranted.

    Including this material in the roadmap helps you control the technology conversation with your audience.

    Info-Tech Best Practices

    Don't start from scratch. Recall the original sources from your technology watchlist. Leverage vendors and analyst firms (such as Info-Tech) to give the broad context, letting you focus instead on the specifics relevant to your business.

    Channel emerging technologies to ensure the rising tide floats all boats rather than capsizing your business

    Adopting the wrong new technology can be even more dangerous than failing to adopt any new technology.

    Implementing every new promising technology would cost prodigious amounts of money and time. Know the costs before choosing what to invest in.

    The risk of a new technology failing is acceptable. The risk of that failure disrupting adjacent core functions is unacceptable. Vet potential technologies to ensure they can be safely integrated.

    Best practices for new technologies are nonexistent, standards are in flux, and use cases are fuzzy. Be aware of the unforeseen that will negatively affect your chances of a successful implementation.

    "Like early pioneers crossing the American plains, first movers have to create their own wagon trails, but later movers can follow in the ruts."
    Harper Business, 2014

    Info-Tech Insight

    The right technology for someone else can easily be the wrong technology for your business.

    Even with a mature Enterprise Architecture practice, wrong technology bets can happen. Minimize the chance of this occurrence by making selection an infrastructure-wide activity. Leverage the practical knowledge of the day-to-day operators.

    First Mover

    47% failure rate

    Fast Follower

    8% failure rate

    2.1.1 Create your future infrastructure vision

    1 hour

    Objective: Help teams define their future infrastructure state (assuming zero constraints or limitations).

    1. Ask each participant to ponder the question: "How would the infrastructure look if there were no limitations?" They should consider all aspects of their infrastructure but keep in mind the infrastructure vision and mission statements from phase one, as well as the business goals.
    2. Have each participant write down their ideas on sticky notes – one per note.
    3. Select a moderator and a scribe from the group – not the infrastructure leader or the CIO. The moderator will begin by placing (and explaining) their sticky notes on the whiteboard. The scribe will summarize the results in short statements at the end.
    4. Have each participant place and explain their sticky notes on the whiteboard.
    5. The moderator will assist each participant in grouping sticky notes together based on theme.
    6. Once everyone has placed their sticky notes and groups have been arranged and rearranged, you should have a visual representation of infrastructure's understanding of the business' priorities.
    7. Let the infrastructure leader and/or CIO place their sticky notes last.

    Discussion:

    1. Assume a blank slate as a starting point. No technical debt or financial constraints; nothing holding you back.
    2. Can SaaS, PaaS, or other cloud-based offerings play a role in this future utopia?
    3. Do vendors play a larger or smaller role in your future infrastructure vision?

    Download the IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.

    Input

    • Thoughts and ideas about how the future infrastructure should look.

    Output

    • Future state vision

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    2.1.1 Document your future state vision (cont'd)

    Objective: Help teams define their future infrastructure state (assuming zero constraints or limitations).

    1 hour

    Steps:

    1. The scribe will take the groups of suggestions and summarize them in a statement or two, briefly describing the infrastructure in that group.
    2. The statements should be recorded on Tab 2 of the Infrastructure Strategy and Roadmap Tool.

    Discussion:

    • Should the points be listed in any specific order?
    • Include all suggestions in the summary. Remember this is a blank slate with no constraints, and no idea is higher or lower in weight at this stage.
    Infrastructure Future State Vision
    Item Focus Area Future Vision
    1 Email Residing on Microsoft 365
    2 Servers Hosted in cloud - nothing on prem.
    3 Endpoints virtual desktops on Microsoft Azure
    4 Endpoint hardware Chromebooks
    5 Network internet only
    6 Backups cloud based but stored in multiple cloud services
    7

    Download Info-Tech's Infrastructure Strategy and Roadmap Tool and document your future state vision in the Infrastructure Future State tab.

    Input

    • Thoughts and ideas about how the future infrastructure should look.

    Output

    • Future state vision

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    2.1.2 Identification and association exercise

    1 hour

    Formalize what is likely an ad hoc process.

    1. Brainstorm with the group a list of external sources they are currently using to stay abreast of the market.
    2. Organize this list on the left-hand side of a whiteboard, in vendor and vendor-neutral groups.
      1. For each item in the list ask a series of questions:
      2. Is this a push or pull source?
      3. Is this source suited to individual or group consumption?
      4. What is the frequency of this source?
    3. What is the cost of this source to the company?
    4. On the right-hand side of the whiteboard brainstorm a list of internal mechanisms for sharing new technology information. Ask about the audience, distribution mode, and frequency for each of those mechanisms.
    5. Map which of the external sources make it over to internal distribution.

    Discussion:

    1. Are we getting the most value out of our high-cost conferences? Does that information make it from the attendees to the rest of the team?
    2. Do we share information only within our domains? Or across the whole infrastructure practice?
    3. Do we have sufficient diversity of sources? Are we in danger of believing one vendor's particular market interpretation?
    4. How do we select new technologies to explore further? Make it fun – upvotes, for example.

    Input

    • Team knowledge
    • Conference notes
    • Expense reports

    Output

    • Internal socialization process
    • Tech briefings & repository

    Materials

    • Whiteboard & markers

    Participants

    • Roadmap team

    Info-Tech Best Practices

    It is impractical for everyone to present their tech briefing at the monthly meeting. But you want to avoid a one-to-many exercise. Keep the presenter a secret until called on. Those who do not present live can still contribute their material to the technology watchlist database.

    Analyze new technologies for your future state

    Four to eight hours of research per technology can uncover a wealth of relevant information and prepare the infrastructure team for a robust discussion. Key research elements include:

    • Précis: A single page or slide that describes the technology, outlines some of the vendors, and explores the value proposition.
    • SWOT Analysis:
      • Strengths and weaknesses: What does the technology inherently do well (e.g. lots of features) and what does it do poorly (e.g. steep learning curve)?
      • Opportunities and threats: What capabilities can the technology enable (e.g. build PCs faster, remote sensing)? Why would we not want to exploit this technology (e.g. market volatility, M&As)

    a series of four screenshots from the IT Infrastructure Strategy and Roadmap Report Template

    Download the IT Infrastructure Strategy and Roadmap Report Template slides 21, 22, 23 for sample output.

    Position infrastructure as the go-to source for information about new technology

    One way or another, tech always seems to finds its way into infrastructure's lap. Better to stay in front and act as stewards rather than cleanup crew.

    Beware airline magazine syndrome!

    Symptoms

    Pathology
    • Leadership speaking in tech buzzwords
    • Urgent meetings to discuss vaguely defined topics
    • Fervent exclamations of "I don't care how – just get it done!"
    • Management showing up on at your doorstep needing help with their new toy

    Outbreaks tend to occur in close proximity to

    • Industry trade shows
    • Excessive executive travel
    • Vendor BRM luncheons or retreats with leadership
    • Executive golf outings with old college roommates

    Effective treatment options

    1. Targeted regular communication with a technology portfolio analysis customized to the specific goals of the business.
    2. Ongoing PoC and piloting efforts with detailed results reporting.

    While no permanent cure exists, regular treatment makes this chronic syndrome manageable.

    Keep your roadmap horizon in mind

    Technology doesn't have to be bleeding edge. New-to-you can have plenty of value.

    You want to present a curated landscape of technologies, demonstrating that you are actively maintaining expertise in your chosen field.

    Most enterprise IT shops buy rather than develop their technology, which means they want to focus effort on what is market available. The outcome is that infrastructure sponsors and delivers new technologies whose capabilities and features will help the business achieve its goals on this roadmap.

    If you want to think more like a business disruptor or innovator, we suggest working through the blueprint Exploit Disruptive Infrastructure Technology.
    Explore technology five to ten years into the future!

    a quadrant analysis comparing innovation and transformation, as well as two images from Exploit Disruptive Infrastructure Technology.

    Info-Tech Insight

    The ROI of any individual effort is difficult to justify – in aggregate, however, the enterprise always wins!
    Money spent on Google Glass in 2013 seemed like vanity. Certainly, this wasn't enterprise-ready technology. But those early experiences positioned some visionary firms to quickly take advantage of augmented reality in 2018. Creative research tends to pay off in unexpected and unpredictable ways.
    .

    2.1.3 Working session, presentation, and feedback

    1 hour

    Complete a SWOT analysis with future state technology.

    The best research hasn't been done in isolation since the days of da Vinci.

    1. Divide the participants into small groups of at least four people.
    2. Further split those groups into two teams – the red team and the white team.
    3. Assign a technology candidate from the last exercise to each group. Ideally the group should have some initial familiarity with the technology and/or space.
    4. The red team from each group will focus on the weaknesses and threats of the technology. The white team will focus on the strengths and opportunities of the technology.
    5. Set a timer and spend the next 30-40 minutes completing the SWOT analysis.
    6. Have each group present their analysis to the larger team. Encourage conversation and debate. Capture and refine the understanding of the analysis.
    7. Reset with the next technology candidate. Have the participants switch teams within their groups.
    8. Continue until you've exhausted your technology candidates.

    Discussion:

    1. Does working in a group make for better research? Why?
    2. Do you need specific expertise in order to evaluate a technology? Is an outsider (non-expert) view sometimes valuable?
    3. Is it easier to think of the positive or the negative qualities of a technology? What about the internal or external implications?

    Input

    • Technology candidates

    Output

    • Technology analysis including SWOT

    Materials

    • Projector
    • Templates
    • Laptops & internet

    Participants

    • Roadmap team

    Step 2.2

    Constraints analysis

    Activities

    2.2.1 Historical spend analysis

    2.2.2 Conduct a time study

    2.2.3 Identify roadblocks

    This step requires the following inputs:

    • Historical spend and staff numbers
    • Organizational design identification and thought experiment
    • Time study
    • Roadblock brainstorming session
    • Prioritization exercise

    This step involves the following participants:

    • Financial leader
    • HR Leader
    • Roadmap team

    Outcomes of this step

    • OpEx, CapEx, and staffing trends
    • Domain time study
    • Prioritized roadblock list

    2.2.1 Historical spend analysis

    "A Budget is telling your money where to go, instead of wondering where it went."
    -David Ramsay

    "Don't tell me where your priorities are. Show me where you spend your money and I'll tell you what they are"
    -James Frick, Due.com

    Annual IT budgeting aligns with business goals
    a circle showing 68%, broken down into 50% and 18%

    50% of businesses surveyed see that improvements are necessary for IT budgets to align to business goals, while 18% feel they require significant improvements to align to business goals
    Source: ITRG Diagnostics 2022

    Challenges in IT spend visibility

    68%

    Visibility of all spend data for on-prem, SaaS and cloud environments
    Source: Flexera

    The challenges that keep IT leaders up at night

    47%

    Lack of visibility in resource usage and cost
    Source: BMC, 2021

    2.2.1 Build a picture of your financial spending and staffing trends

    Follow the steps below to generate a visualization so you can start the conversation:

    1 hour

    1. Open the Info-Tech Infrastructure Roadmap Financial Spend Analysis Tool.
    2. The Instructions tab will provide guidance, or you can follow the instructions below.
    3. Insert values into the appropriate uncolored blocks in the first 4 rows of the Spend Record Entry tab to reflect the amount spent on IT OpEx, IT CapEx, or staff numbers for the present year (budgeted) as well as the previous five years.
    4. Data input populates cells in subsequent rows to quickly reveal spending ratios.

    an image of the timeline table from the Infrastructure Roadmap Financial Analysis Tool

    Download the Infrastructure Roadmap Financial Analysis Tool
    ( additional Deep Dive available if required)

    Input

    • Historical spend and staff numbers

    Output

    • OpEx, CapEx, and staffing trends for your organization

    Materials

    • Info-Tech's Infrastructure Roadmap Financial Spend Analysis Tool

    Participants

    • Infrastructure leader
    • Financial leader
    • HR leader

    2.2.1 Build a picture of your financial spending and staffing trends (cont'd)

    Continue with the steps below to generate a visualization so you can start the conversation.

    1 hour

    1. Select tab 3 (Results) to reveal a graphical analysis of your data.
    2. Trends are shown in graphs for OpEx, CapEx, and staffing levels as well as comparative graphs to show broader trends between multiple spend and staffing areas.
    3. Some observations worth noting may include the following:
      • Is OpEx spending increasing over time or decreasing?
      • Is CapEx increasing or decreasing?
      • Are OpEx and CapEx moving in the same directions?
      • Are IT staff to total staff ratios increasing or decreasing?
      • Trends will continue in the same direction unless changes are made.

    Download the Infrastructure Roadmap Financial Analysis Tool
    ( additional Deep Dive available if required)

    Input

    • Historical spend and staff numbers

    Output

    • OpEx, CapEx, and staffing trends for your organization

    Materials

    • Info-Tech's Infrastructure Roadmap Financial Spend Analysis Tool

    Participants

    • Infrastructure leader
    • Financial leader
    • HR leader

    Consider perceptions held by the enterprise when dividing infrastructure into domains

    2.2.2 Conduct a time study

    Internal divisions that seem important to infrastructure may have little or even negative value when it comes to users accessing their services.

    Domains are the logical divisions of work within an infrastructure practice. Historically, the organization was based around physical assets: servers, storage, networking, and end-user devices. Staff had skills they applied according to specific best practices using physical objects that provided functionality (computing power, persistence, connectivity, and interface).

    Modern enterprises may find it more effective to divide according to activity (analytics, programming, operations, and security) or function (customer relations, learning platform, content management, and core IT). As a rule, look to your organizational chart; managers responsible for buying, building, deploying, or supporting technologies should each be responsible for their own domain.

    Regardless of structure, poor organization leads to silos of marginally interoperable efforts working against each other, without focus on a common goal. Clearly defined domains ensure responsibility and allow for rapid, accurate, and confident decision making.

    • Server
    • Network
    • Storage
    • End User
    • DevOps
    • Analytics
    • Core IT
    • Security

    Info-Tech Insight

    The medium is the message. Do stakeholders talk about switches or storage or services? Organizing infrastructure to match its external perception can increase communication effectiveness and improve alignment.

    Case Study

    IT infrastructure that makes employees happier

    INDUSTRY: Services
    SOURCE: Network Doctor

    Challenge

    Atlas Electric's IT infrastructure was very old and urgently needed to be refreshed. Its existing server hardware was about nine years old and was becoming unstable. The server was running Windows 2008 R2 server operating systems that was no longer supported by Microsoft; security updates and patches were no longer available. They also experienced slowdowns on many older PCs.

    Recommendations for an upgrade were not approved due to budgetary constraints. Recommendations for upgrading to virtual servers were approved following a harmful phishing attack.

    Solution

    The following improvements to their infrastructure were implemented.

    • Installing a new physical host server running VMWare ESXi virtualization software and hosting four virtual servers.
    • Migration of data and applications to new virtual servers.
    • Upgrading networking equipment and deploying new relays, switches, battery backups, and network management.
    • New server racks to host new hardware.

    Results

    Virtualization, consolidating servers, and desktops have made assets more flexible and simpler to manage.

    Improved levels of efficiency, reliability, and productivity.

    Enhanced security level.

    An upgraded backup and disaster recovery system has improved risk management.

    Optimize where you spend your time by doing a time study

    Infrastructure activity is limited generally by only two variables: money and time. Money is in the hands of the CFO, which leaves us a single variable to optimize.

    Not all time is spent equally, nor is it equally valuable. Analysis lets us communicate with others and gives us a shared framework to decide where our priorities lie.

    There are lots of frameworks to help categorize our activities. Stephen Covey (Seven Habits of Highly Effective People) describes a four-quadrant system along the axes of importance and urgency. Gene Kim, through his character Erik in The Phoenix Project,speaks instead of business projects, internal IT projects, changes, and unplanned work.

    We propose a similar four-category system.

    Project Maintenance

    Administrative

    Reactive

    Planned activity spent pursuing a business objective

    Planned activity spent on the upkeep of existing IT systems

    Planned activity required as a condition of employment

    Unplanned activity requiring immediate response

    This is why we are valuable to our company

    We have it in our power to work to reduce these three in order to maximize our time available for projects

    Survey and analysis

    Perform a quick time study.

    Verifiable data sources are always preferred but large groups can hold each other's inherent biases in check to get a reasonable estimate.

    1 hour

    1. Organize the participants into the domain groups established earlier.
    2. On an index card have each participant independently write down the percentage of time they think their entire domain (not themselves personally) spends during the average month, quarter, or year on:
      1. Admin
      2. Reactive work
      3. Maintenance
    3. Draw a matrix on the whiteboard; collect the index cards and transcribe the results from participants into the matrix.
    4. Add up the three reported time estimates and subtract from 100 – the result is the percentage of time available for/spent on project work.

    Discussion

    1. Certain domains should have higher percentages of reactive work (think Service Desk and Network Operations Center) – can we shift work around to optimize resources?
    2. Why is reactive work the least desirable type? Could we reduce our reactive work by increasing our maintenance work?
    3. From a planning perspective, what are the implications of only having x% of time available for project work?
    4. Does it feel like backing into the project work from adding the other three together provides a reasonable assessment?

    Input

    • Domain groups

    Output

    • Time study

    Materials

    • Whiteboard & markers
    • Index cards

    Participants

    • Roadmap team

    Quickly and easily evaluate all your infrastructure

    Strategic Infrastructure Roadmap Tool, Tab 2, Capacity Analysis

    In order to quickly and easily build some visualizations for the eventual final report, Info-Tech has developed the Strategic Infrastructure Roadmap Tool.

    • Up to five infrastructure domains are supported.
      • For practices that cannot be reasonably collapsed into five domains, multiple copies of the tool can be used and manually stitched together.
    • The tool can be used in either an absolute (total number) or relative mode (percentage of available).
    • By design we specifically don't ask for a project work figure but rather calculate it based on other values.
    • For everything but miscellaneous duties, hard data sources can (and where appropriate should) be leveraged.
      • Reactive work – service desk tool
      • Project work – project management tool
      • Maintenance work – logs or ITSM tool
    • Individual domains' values are calculated, as well as the overall breakdown for the infrastructure practice.
    • Even these rough estimates will be useful during the planning steps throughout the rest of the roadmap process.

    an image of the source capacity analysis page from tab 2 of the Strategic Infrastructure Roadmap Tool

    Please note that this tool requires Microsoft's Power Pivot add-in to be installed if you are using Excel 2010 or 2013. The scatter plot labels on tabs 5 and 8 may not function correctly in Excel 2010.

    Build your roadmap from both the top and the bottom for best results

    Strong IT strategy favors top-down: activities enabling clearly dictated goals. The bottom-up approach aggregates ongoing activities into goals.

    Systematic approach

    External stakeholders prioritize a list of goals requiring IT initiatives to achieve.

    Roadblocks:

    • Multitudes of goals easily overwhelm scant IT resources.
    • Unglamorous yet vital maintenance activities get overlooked.
    • Goals are set without awareness of IT capacity or capabilities.

    Organic approach

    Practitioners aggregate initiatives into logical groups and seek to align them to one or more business goals.

    Roadblocks:

    • Pet initiatives can be perpetuated based on cult of personality rather than alignment to business goals.
    • Funding requests can fall flat when competing against other business units for executive support.

    A successful roadmap respects both approaches.

    an image of two arrows, intersecting with the words Infrastructure Roadmap with the top arrow labeled Systematic, and the bottom arrow being labeled Organic.

    Info-Tech Insight

    Perfection is anathema to practicality. Draw the first picture and not only expect but welcome conflicting feedback! Socialize it and drive the conversation forward to a consensus.

    2.2.3 Brainstorming – Affinity diagramming

    Identify the systemic roadblocks to executing infrastructure projects

    1 hour

    Affinity diagramming is a form of structured brainstorming that works well with larger groups and provokes discussion.

    1. Have each participant write down their top five impediments to executing their projects from last year – one roadblock per sticky note.
    2. Once everyone has written their top five, select a moderator from the group. The moderator will begin by placing (and explaining) their five sticky notes on the whiteboard.
    3. Have each participant then place and explain their sticky notes on the whiteboard.
    4. The moderator will assist participants in grouping sticky notes together based on theme.
    5. Groups that have become overly large may be broken into smaller, more precise themes.
    6. Once everyone has placed their sticky notes, you should be able to visually identify the greatest or most common roadblocks the group perceives.

    Discussion

    Categorize each roadblock identified as either internal or external to infrastructure's control.

    Attempt to understand the root cause of each roadblock. What would you need to ask for in order to remove the roadblock?

    Additional Research

    Also called the KJ Method (after its inventor, Jiro Kawakita, a 1960s Japanese anthropologist), this activity helps organize large amounts of data into groupings based on natural relationships while reducing many social biases.

    Input

    • Last years initiatives and their roadblocks

    Output

    • List of refined Roadblocks

    Materials

    • Sticky notes
    • Whiteboard & markers

    Participants

    • Roadmap team

    2.2.4 Prioritization exercise – Card sorting

    Choose your priorities wisely.

    Which roadblocks do you need to work on? How do you establish a group sense of these priorities? This exercise helps establish priorities while reducing individual bias.

    1 hour

    1. Distribute index cards that have been prepopulated with the roadblocks identified in the previous activity – one full set of cards to each participant.
    2. Have each participant sort their set-in order of perceived priority, highest on top.
    3. Where n=number of cards in the stack, take the n-3 lowest priority cards and put a tick mark in the upper-right-hand corner. Pass these cards to the person on the left, who should incorporate them into their pile (if you start with eight cards you're ticking and passing five cards). Variation: On the first pass, allow everyone to take the most important and least important cards, write "0th" and "NIL" on them, respectively, and set them aside.
    4. Repeat steps 2 and 3 for a total of n times. Treat duplicates as a single card in your hand.
    5. After the final pass, ask each participant to write the priority in the upper-left-hand corner of their top three cards.
    6. Collect all the cards, group by roadblock, count the number of ticks, and take note of the final priority.

    Discussion

    Total the number of passes (ticks) for each roadblock. A large number indicates a notionally low priority. No passes indicates a high priority.

    Are the internal or external roadblocks of highest priority? Were there similarities among participants' 0th and NILs compared to each other or to the final results?

    Input

    • Roadblock list

    Output

    • Prioritized roadblocks

    Materials

    • Index cards

    Participants

    • Roadmap team

    Summary of Accomplishment

    Review performance from last fiscal year

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 3

    Align and Build the Roadmap

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • Elicit business context from the CIO & IT team
    • Identify key initiatives that support the business
    • Identify key initiatives that enable IT excellence
    • Identify initiatives that drive technology innovation
    • Build initiative profiles
    • Construct your strategy roadmap

    This phase involves the following participants:

    • Roadmap Team

    Step 3.1

    Drive business alignment

    Activities

    3.1.1 Develop a risk framework

    3.1.2 Evaluate technical debt

    This step requires the following inputs:

    • Intake identification and analysis
    • Survey results analysis
    • Goal brainstorming
    • Goal association and analysis

    This step involves the following participants:

    • Business leadership
    • Project Management Office
    • Service Desk
    • Business Relationship Management
    • Solution or Enterprise Architecture
    • Roadmap team

    Outcomes of this step

    • Intake analysis
    • Goal list
    • Initiative-to-goal map

    Speak for those with no voice – regularly review your existing portfolio of IT assets and services

    A chain is only as strong as its weakest link; while you'll receive no accolades for keeping the lights on, you'll certainly hear about it if you don't!

    Time has been a traditional method for assessing the fitness of infrastructure assets – servers are replaced every five years, core switches every seven, laptops and desktops every three. While quick, this framework of assessment is overly simplistic for most modern organizations.

    Building one that is instead based on the likelihood of asset failure plotted against the business impact of that failure is not overly burdensome and yields more practical results. Infrastructure focuses on its strength (assessing IT risk) and validates an understanding with the business regarding the criticality of the service(s) enabled by any given asset.

    Rather than fight on every asset individually, agree on a framework with the business that enables data-driven decision making.

    IT Risk Factors
    Age, Reliability, Serviceability, Conformity, Skill Set

    Business Risk Factors
    Suitability, Capacity, Safety, Criticality

    Info-Tech Insight

    Infrastructure in a cloud-enabled world: As infrastructure operations evolve it is important to keep current with the definition of an asset. Software platforms such as hypervisors and server OS are just as much an asset under the care and control of infrastructure as are cloud services, managed services from third-party providers, and traditional racks and switches.

    3.1.1 Develop a risk framework – Classification exercise

    While it's not necessary for each infrastructure domain to view IT risk identically, any differences should be intensely scrutinized.

    1 hour

    1. Divide the whiteboard along the axes of IT Risk and
      Business Risk (criticality) into quadrants:
      1. High IT Risk & High Biz Risk (upper right)
      2. Low IT Risk & Low Biz Risk (bottom left)
      3. Low IT Risk & High Biz Risk (bottom right)
      4. High IT Risk & Low Biz Risk (upper left)
    2. Have each participant write the names of two or three infrastructure assets or services they are responsible or accountable for – one name per sticky note.
    3. Have each participant come one-at-a-time and place their sticky notes in one quadrant.
    4. As each additional sticky note is placed, verify with the group that the relative positioning of the others is still accurate.

    Discussion:

    1. Most assets should end up in the lower-right quadrant, indicating that IT has lowered the risk of failure commensurate to the business consequences of a failure. What does this imply about assets in the other three quadrants?
    2. Infrastructure is foundational; do we properly document and communicate all dependencies for business-critical services?
    3. What actions can infrastructure take to adjust the risk profile of any given asset?

    Input

    • List of infrastructure assets

    Output

    • Notional risk analysis

    Materials

    • Whiteboard & markers
    • Sticky notes

    Participants

    • Roadmap team

    3.1.2 Brainstorming and prioritization exercise

    Identify the key elements that make up risk in order to refine your framework.

    A shared notional understanding is good, but in order to bring the business onside a documented defensible framework is better.

    1 hour

    1. Brainstorm (possibly using the affinity diagramming technique) the component elements of IT risk.
    2. Ensure you have a non-overlapping set of risk elements. Ensure that all the participants are comfortable with the definitions of each element. Write them on a whiteboard.
    3. Give each participant an equal number (three to five) of voting dots.
    4. As a group have the participants go the whiteboard and use their dots to cast their votes for what they consider to be the most important risk element(s). Participants are free to place any number of their dots on a single element.
    5. Based on the votes cast select a reasonable number of elements with which to proceed.
    6. For each element selected, brainstorm up to six tiers of the risk scale. You can use numbers or words, whichever is most compelling.
      • E.g. Reliability: no failures, >1 incident per year, >1 incident per quarter, >1 incident per month, frequent issues, unreliable.
    7. Repeat the above except with the components of business risk. Alternately, rely on existing business risk documentation, possibly from a disaster recovery or business continuity plan.

    Discussion
    How difficult was it to agree on the definitions of the IT risk elements? What about selecting the scale? What was the voting distribution like? Were there tiers of popular elements or did most of the dots end up on a limited number of elements? What are the implications of having more elements in the analysis?

    Input

    • Notional risk analysis

    Output

    • Risk elements
    • Scale dimensions

    Materials

    • Whiteboard & markers
    • Voting dots

    Participants

    • Roadmap team

    3.1.3 Forced ranking exercise

    Alternate: Identify the key elements that make up risk in order to refine your framework

    A shared notional understanding is good, but in order to bring the business onside a documented defensible framework is better.

    1 hour

    1. Brainstorm (possibly using the affinity diagramming technique) the component elements of IT risk.
    2. Ensure you have a non-overlapping set of risk elements. Ensure that all the participants are comfortable with the definitions of each element. Write them on a whiteboard.
    3. Distribute index cards (one per participant) with the risk elements written down one side.
    4. Ask the participants to rank the elements in order of importance, with 1 being the most important.
    5. Collect the cards and write the ranking results on the whiteboard.
    6. Look for elements with high variability. Also look for the distribution of 1, 2, and 3 ranks.
    7. Based on the results select a reasonable number of elements with which to proceed.
    8. Follow the rest of the procedure from the previous activity.

    Discussion:

    What was the total number of elements required in order to contain the full set of every participant's first-, second-, and third-ranked risks? Does this seem a reasonable number?

    Why did some elements contain both the lowest and highest rankings? Was one (or more) participant thinking consistently different from the rest of the group? Are they seeing something the rest of the group is overlooking?

    This technique automatically puts the focus on a smaller number of elements – is this effective? Or is it overly simplistic and reductionist?

    Input

    • Notional risk analysis

    Output

    • Risk elements

    Materials

    • Whiteboard & markers
    • Index cards

    Participants

    • Roadmap team

    3.1.4 Consensus weighting

    Use your previous notional assessment to inform your risk weightings:

    1 hour

    1. Distribute index cards that have been prepopulated with the risk elements from the previous activity.
    2. Have the participants independently assign a weighting to each element. The assigned weights must add up to 100.
    3. Collect the cards and transcribe the results into a matrix on the whiteboard.
    4. Look for elements with high variability in the responses.
    5. Discuss and come to a consensus figure for each element's weighting.
    6. Select a variety of assets and services from the notional assessment exercise. Ensure that you have representation from all four quadrants.
    7. Using your newly defined risk elements and associated scales, evaluate as a group the values you'd suggest for each asset. Aim for a plurality of opinion rather than full consensus.
    8. Use Info-Tech's Strategic Infrastructure Roadmap Tool to document the elements, weightings, scales, and asset analysis.
    9. Compare the output generated by the tool (Tab 4) with the initial notional assessment.

    Discussion:

    How much framework is too much? Complexity and granularity do not guarantee accuracy. What is the right balance between effort and result?

    Does your granular assessment match your notional assessment? Why or why not? Do you need to go back and change weightings? Or reduce complexity?

    Is this a more reasonable and valuable way of periodically evaluating your infrastructure?

    Input

    • Notional risk analysis

    Output

    • Weighted risk framework

    Materials

    • Whiteboard & markers
    • Index cards
    • Strategic Infrastructure Roadmap Tool

    Participants

    • Roadmap team

    3.1.5 Platform assessment set-up

    Hard work up front allows for year-over-year comparisons

    The value of a risk framework is that once the heavy lifting work of building it is done, the analysis and assessment can proceed very quickly. Once built, the framework can be tweaked as necessary, rather than recreated every year.

    • Open Info-Tech's Strategic Infrastructure Roadmap Tool, Tab 3.
    • Up to eight elements each of IT and business risk can be captured.
      • IT risk elements of end-of-life and dependencies are mandatory and do not count against the eight customizable elements.
    • Every element can have up to six scale descriptors. Populate them from left to right in increasing magnitude of risk.
      • Scale descriptors must be input as string values and not numeric.
    • Each element's scale can be customized from linear to a risk-adverse or risk-seeking curve. We recommend linear.

    an image of the Platform Assessment Setup Page from Info-Tech's Strategic Infrastructure Roadmap Tool,

    IT platform assessment

    Quickly and easily evaluate all your infrastructure.

    Once configured, individual domain teams can spend surprisingly little time answering reasonably simple questions to assess their assets. The common framework lets results be compared between teams and produces a valuable visualization to communication with the business.

    • Open the Strategic Infrastructure Roadmap Tool, Tab 4.
    • The tool has been tested successfully with up to 2,000 asset items. Don't necessarily list every asset; rather, think of the logical groups of assets you'd cycle in or out of your environment.
    • Each asset must be associated with one and only one infrastructure domain and have a defined End of Service Life date.
    • With extreme numbers of assets an additional filter can be useful – the Grouping field allows you to set any number of additional tags to make sorting and filtering easier.
    • Drop-down menus for each risk element are prepopulated with the scale descriptors from Tab 3. Unused elements are greyed out.
    • Each asset can be deemed dependent on up to four additional assets or services. Use this to highlight obscure or undervalued relationships between assets. It is generally not useful to be reminded that everything relies on Cat 6 cabling.

    A series of screenshots from the IT Platform Assessment.

    Prioritized upgrades

    Validate and tweak your framework with the business

    Once the grunt work of inputting all the assets and the associated risk data has been completed, you can tweak the risk profile and sort the data to whatever the business may require.

    • Open Info-Tech's Strategic Infrastructure Roadmap Tool, Tab 5.
    • IT platforms in the upper-right quadrant have an abundance of IT risk and are critical to the business.
    • The visualization can be sorted by selecting the slicers on the left. Sort by:
      • Infrastructure domain
      • Customized grouping tag
      • Top overall risk platforms
    • With extreme numbers of assets an additional filter can be useful. The Grouping field allows you to set any number of additional tags to make sorting and filtering easier.
    • Risk weightings can be individually adjusted to reflect changing business priorities or shared infrastructure understanding of predictive power.
      • In order to make year-over-year comparisons valuable it is recommended that changing IT risk elements should be avoided unless absolutely necessary.

    An image of a scatter plot graph titled Prioritized Upgrades.

    Step 3.2

    Build the roadmap

    Activities

    3.2.1 Build templates and visualize

    3.2.2 Generate new initiatives

    3.2.3 Repatriate shadow IT initiatives

    3.2.4 Finalize initiative candidates

    This step requires the following inputs:

    • Develop an initiative template
    • Restate the existing initiatives with the template
    • Visualize the existing initiatives
    • Brainstorm new initiatives
    • Initiative ranking
    • Solicit, evaluate, and refine shadow IT initiatives
    • Resource estimation

    This step involves the following participants:

    • Roadmap team

    Outcomes of this step

    • Initiative communication template
    • Roadmap visualization diagram

    Tell them what they really need to know

    Templates transform many disparate sources of data into easy-to-produce, easy-to-consume, business-ready documents.

    Develop a high-level document that travels with the initiative from inception through executive inquiry and project management, and finally to execution. Understand an initiative's key elements that both IT and the business need defined and that are relatively static over its lifecycle.

    Initiatives are the waypoints along a roadmap leading to the eventual destination, each bringing you one step closer. Like steps, initiatives need to be discrete: able to be conceptualized and discussed as a single largely independent item. Each initiative must have two characteristics:

    • Specific outcome: Describe an explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.

    "Learn a new skill"– not an effective initiative statement.

    "Be proficient in the new skill by the end of the year" – better.

    "Use the new skill to complete a project and present it at a conference by Dec 15" – best!

    Info-Tech Insight

    Bundle your initiatives for clarity and manageability.
    Ruthlessly evaluate if an initiative should stand alone or can be rolled up with another. Fewer initiatives increases focus and alignment, allowing for better communication.

    3.2.1 Develop impactful templates to sell your initiative upstream

    Step 1: Open Info-Tech's Strategic Roadmap Initiative Template. Determine and describe the goals that the initiative is enabling or supporting.
    Step 2: State the current pain points from the end-user or business perspective. Do not list IT-specific pain points here, such as management complexity.
    Step 3: List both the tangible (quantitative) and ancillary (qualitative) benefits of executing the project. These can be pain relievers derived from the pain points, or any IT-specific benefit not captured in Step 1.
    Step 4: List any enabled capability that will come as an output of the project. Avoid technical capabilities like "Application-aware network monitoring." Instead, shoot for business outcomes like "Ability to filter network traffic based on application type."

    An image of the Move to Office 365, with the numbers 1-4 superimposed over the image.  These correspond to steps 1-4 above.

    Info-Tech Insight

    Sell the project to the mailroom clerk! You need to be able to explain the outcome of the project in terms that non-IT workers can appreciate. This is done by walking as far up the goals cascade as you have defined, which gets to the underlying business outcome that the initiative supports.

    Develop impactful templates to sell your initiative upstream (cont'd)

    Strategic Roadmap Initiative Template, p. 2

    Step 5: State the risks to the business for not executing the project (and avoid restating the pain points).
    Step 6: List any known or anticipated roadblocks that may come before, during, or after executing the project. Consider all aspects of people, process, and technology.
    Step 7: List any measurable objectives that can be used to gauge the success of the projects. Avoid technical metrics like "number of IOPS." Instead think of business metrics such as "increased orders per hour."
    Step 8: The abstract is a short 50-word project description. Best to leave it as the final step after all the other aspects of the project (risks and rewards) have been fully fleshed out. The abstract acts as an executive summary – written last, read first.

    An image of the Move to Office 365, with the numbers 5-8 superimposed over the image.  These correspond to steps 5-8 above.

    Info-Tech Insight

    Every piece of information that is not directly relevant to the interests of the audience is a distraction from the value proposition.

    Working session, presentation, and feedback

    Rewrite your in-flight initiatives to ensure you're capturing all the required information:

    1 hour

    1. Have each participant select an initiative they are responsible or accountable for.
    2. Introduce the template and discuss any immediate questions they might have.
    3. Take 15-20 minutes and have each participant attempt to fill out the template for their initiative.
    4. Have each participant present their initiative to the group.
    5. The group should imagine themselves business leaders and push back with questions or clarification when IT jargon is used.
    6. Look to IT leadership in the room for cues as to what hot button items they've encountered from the business executives.
    7. Debate the merits of each section in the template. Adjust and customize as appropriate.

    Discussion:
    Did everyone use the goal framework adopted earlier? Why not?
    Are there recurring topics or issues that business leaders always seem concerned about?
    Of all the information available, what consistently seems to be the talking points when discussing an initiative?

    Input

    • In-flight initiatives

    Output

    • Completed initiatives templates

    Materials

    • Templates
    • Laptops & internet

    Participants

    • Roadmap team

    3.2.2 Visual representations are more compelling than text alone

    Being able to quickly sort and filter data allows you to customize the visualization and focus on what matters to your audience. Any data that is not immediately relevant to them risks becoming a distraction.

    1. Open the Strategic Infrastructure Roadmap Tool, Tabs 6 and 7.
    2. Up to ten goals can be supported. Input the goals into column F of the tool. Be explicit but brief.
    3. Initiatives and Obstacles can be independently defined, and the tool supports up to five subdivisions of each. Initiative by origin source makes for an interesting analysis but initially we recommend simplicity.
    4. Every Initiative and Obstacle must be given a unique name in column H. Context-sensitive drop-downs let you define the subtype and responsible infrastructure domain.
    5. Three pieces of data are captured for each initiative: Business Impact is the qualitative value to the business; Risk is the qualitative likelihood of failure – entirely or partially (e.g. significantly over budget or delayed); and Effort is a relative measure of magnitude ($ or time). Only the value for Effort must be specified.
    6. Every initiative can claim to support one or many goals by placing an "x" in the appropriate column(s).
    7. On Tab 7 you must select the initiative end date (go-live date). You can also document start date, owner, and manager if required. Remember, though, that the tool does not replace proper project management tools.

    A series of screenshots of tables, labeled A-F

    Decoding your visualization

    Strategic Infrastructure Roadmap Tool, Tab 8, "Roadmap"

    Visuals aren't always as clear as we assume them to be.

    An example of a roadmap visualization found in the Strategic Infrastructure Roadmap Tool

    If you could suggest one thing, what would it be?

    The roadmap is likely the best and most direct way to showcase our ideas to business leadership – take advantage of it.

    We've spent an awful lot of time setting the stage, deciding on frameworks so we agree on what is important. We know how to have an effective conversation – now what do we want to say?

    an image of a roadmap, including inputs passing through infrastructure & Operations; to the Move to Office 365 images found earlier in this blueprint.

    Creative thinking, presentation, and feedback

    Since we're so smart – how could we do it better?

    1 hour

    1. Introduce the Roadmap Initiative Template and discuss any immediate questions the participants might have.
    2. Take 15-20 minutes and have each participant attempt to fill out the template for their initiative candidate.
    3. Have each author present their initiative to the group.
    4. The group should imagine themselves business leaders and push back with questions or clarification when IT jargon is used.
    5. Look to IT leadership in the room for cues as to what hot button items they've encountered from the business executives
    6. Debate the merits of each section in the template. Adjust and customize as appropriate.

    Discussion:
    Did everyone use the goal framework adopted earlier? Why not?
    Do we think we can find business buy-in or sponsorship? Why or why not?
    Are our initiatives at odds with or complementary to the ones proposed through the normal channels?

    Input

    • Everything we know

    Output

    • Initiative candidates

    Materials

    • Info-Tech's Infrastructure Roadmap Initiatives Template
    • Laptops & internet

    Participants

    • Roadmap team

    Forced Ranking Exercise

    Showcase only your best and brightest ideas:

    1 hour

    1. Write the initiative titles from the previous exercise across the top of a whiteboard.
    2. Distribute index cards (one per participant) with the initiative titles written down one side.
    3. Ask each participant to rank the initiatives in order of importance, with 1 being the most important.
    4. Collect the cards and write the ranking results on the whiteboard.
    5. Look at the results with an eye toward high variability. Also look for the distribution of 1, 2, and 3 ranks.
    6. Based on the results, select (through democratic vote or authoritarian fiat – Director or CIO) a reasonable number of initiatives.
    7. Refine the selected initiative templates for inclusion in the roadmap.

    Discussion:
    Do participants tend to think their idea is the best and rank it accordingly?
    If so, then is it better to look at the second, third, and fourth rankings for consensus instead?
    What is a reasonable number of initiatives to suggest? How do we limit ourselves?

    Input

    • Infrastructure initiative candidates

    Output

    • Infrastructure initiatives

    Materials

    • Index cards

    Participants

    • Roadmap team

    Who else might be using technology to solve business problems?

    Shadow IT operates outside of the governance and control structure of Enterprise IT and so is, by definition, a problem. an opportunity!

    Except for that one thing they do wrong, that one small technicality, they may well do everything else right.

    Consider:

    1. Shadow IT evolves to solve a problem or enable an activity for a specific group of users.
    2. This infers that because stakeholders spend their own resources resolving a problem or enabling an action, it is a priority.
    3. The technology choices they've made have been based solely on functionality for value, unrestrained by any legacy of previous decisions.
    4. Staffing demands and procedural issues must be modest or nonexistent.
    5. The users must be engaged, receptive to change, and tolerant of stutter steps toward a goal.

    In short, shadow IT can provide fully vetted infrastructure initiatives that with a little effort can be turned into easy wins on the roadmap.

    Info-Tech Insight

    Shadow IT can include business-ready initiatives, needing only minor tweaking to align with infrastructure's best practices.

    3.2.3 Survey and hack-a-thon

    Negotiate amnesty with shadow IT by evaluating their "hacks" for inclusion on the roadmap.

    1 hour

    1. Put out an open call for submissions across the enterprise. Ask "How do you think technology could help you solve one of your pain points?" Be specific.
    2. Gather the responses into a presentable format and assemble the roadmap team.
    3. Use voting dots (three per person) to filter out a shortlist.
    4. Invite the original author to come in and work with a roadmap team member to complete the template.
    5. Reassemble the roadmap team and use the forced ranking exercise to select initiatives to move forward.

    Discussion:
    Did you learn anything from working directly with in-the-trenches staff? Can those learnings be used elsewhere in infrastructure? Or in larger IT?

    Input

    • End-user ideas

    Output

    • Roadmap initiatives

    Materials

    • Whiteboard & markers
    • Voting dots
    • Index cards
    • Templates

    Participants

    • Enthusiastic end users
    • Roadmap team
    • Infrastructure leader

    3.2.4 Consensus estimation

    Exploit the wisdom of groups to develop reasonable estimates.

    1 hour

    Also called scrum poker (in Agile software circles), this method reduces anchoring bias by requiring all participants to formulate and submit their estimates independently and simultaneously.

    Equipment: A typical scrum deck shows the Fibonacci sequence of numbers, or similar progression, with the added values of ∞ (project too big and needs to be subdivided), and a coffee cup (need a break). Use of the (mostly) Fibonacci sequence helps capture the notional uncertainty in estimating larger values.

    1. The infrastructure leader, who will not play, moderates the activity. A "currency" of estimation is selected. This could be person, days, or weeks, or a dollar value in the thousands or tens of thousands – whatever the group feels they can speak to authoritatively.
    2. The author of each initiative gives a short overview, and the participants are given the chance to ask questions and clarify assumptions and risks.
    3. Participants lay a card representing their estimate face down on the table. Estimates are revealed simultaneously.
    4. Participants with the highest and lowest estimates are given a soapbox to offer justification. The author is expected to provide clarifications. The moderator drives the conversation.
    5. The process is repeated until consensus is reached (decided by the moderator).
    6. To structure discussion, the moderator can impose time limits between rounds.

    Discussion:

    How often was the story unclear? How often did participants have to ask for additional information to make their estimate? How many rounds were required to reach consensus?
    Does number of person, days, or weeks, make more sense than dollars? Should we estimate both independently?
    Source: Scrum Poker

    Input

    • Initiative candidates from previous activity

    Output

    • Resourcing estimates

    Materials

    • Scrum poker deck

    Participants

    • Roadmap team

    Hard work up front allows for year-over-year comparisons

    Open the Strategic Infrastructure Roadmap Tool, Tab 6, "Initiatives & Goals" and Tab 7, "Timeline"

    Add your ideas to the visualization.

    • An initiative subtype can be useful here to differentiate infrastructure-sponsored initiatives from traditional ones.
    • Goal alignment is as important as always – ideally you want your sponsored initiatives to fill gaps or support the highest-priority business goals.
    • The longer-term roadmap is an excellent parking lot for ideas, especially ones the business didn't even know they wanted. Make sure to pull those ideas forward, though, as you repeat the process periodically.

    An image containing three screenshots of timeline tables from the Strategic Infrastructure Roadmap Tool

    Pulling it all together – the published report

    We started with eight simple questions. Logically, the answers suggest sections for a published report. Developing those answers in didactic method is effective and popular among technologists as answers build upon each other. Business leaders and journalists, however, know never to bury the lead.

    Report Section Title Roadmap Activity or Step
    Sunshine diagram Visualization
    Priorities Understand business goals
    Who we help Evaluate intake process
    How we can help Create initiatives
    What we're working on Review initiatives
    How you can help us Assess roadblocks
    What is new Assess new technology
    How we spend our day Conduct a time study
    What we have Assess IT platform
    We can do better! Identify process optimizations

    Summary of Accomplishment

    Review performance from last fiscal year

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 4

    Communicate and Improve the Process

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Infrastructure strategy

    1.2 Goal alignment

    2.1 Define your future

    2.2 Conduct constraints analysis

    3.1 Drive business alignment

    3.2. Build the roadmap

    4.1 Identify the audience

    4.2 Process improvement

    and measurements

    This phase will walk you through the following activities:

    • Identify authors and target audiences
    • Understand the planning process
    • Identify if the process outputs have value
    • Set up realistic KPIs

    This phase involves the following participants:

    • CIO
    • Roadmap team

    Step 4.1

    Identify the audience

    Activities

    4.1.1 Identify required authors and target audiences

    4.1.2 Planning the process

    4.1.3 Identifying supporters and blockers

    This step requires the following inputs:

    • Identify required authors and target audiences
    • Plan the process
    • Identify supporters and blockers

    This step involves the following participants:

    • CIO
    • Roadmap team

    Outcomes of this step

    • Process schedule
    • Communication strategy

    Again! Again!

    And you thought we were done. The roadmap is a process. Set a schedule and pattern to the individual steps.

    Publishing an infrastructure roadmap once a year as a lead into budget discussion is common practice. But this is just the last in a long series of steps and activities. Balance the effort of each activity against its results to decide on a frequency. Ensure that the frequency is sufficient to allow you to act on the results if required. Work backwards from publication to develop the schedule.

    an image of a circle of questions around the Infrastructure roadmap.

    A lot of work has gone into creating this final document. Does a single audience make sense? Who else may be interested in your promises to the business? Look back at the people you've asked for input. They probably want to know what this has all been about. Publish your roadmap broadly to ensure greater participation in subsequent years.

    4.1.1 Identify required authors and target audiences

    1 hour

    Identification and association

    Who needs to hear (and more importantly believe) your message? Who do you need to hear from? Build a communications plan to get the most from your roadmap effort.

    1. Write your eight roadmap section titles in the middle of a whiteboard.
    2. Make a list of everyone who answered your questions during the creation of this roadmap. Write these names on a single color of sticky notes and place them on the left side.
    3. Make a list of everyone who would be (or should be) interested in what you have to say. Write these names on a different single color of sticky notes and place them on the right side.
    4. Draw lines between the stickies and the relevant section of the roadmap. Solid lines indicate a must have communication while dashed lines indicate a nice-to-have communication.
    5. Come to a consensus.

    Discussion:

    How many people appear in both lists? What are the implications of that?

    Input

    • Roadmap sections

    Output

    • Roadmap audience and contributors list

    Materials

    • Whiteboard & markers
    • Sticky notes

    Participants

    • Roadmap team

    4.1.2 Planning the process and scheduling

    The right conversation at the right time

    Due Date (t) Freq Mode Participants Infrastructure Owner
    Update & Publish

    Start of Budget Planning

    Once

    Report

    IT Steering Committee

    Infrastructure Leader or CIO

    Evaluate Intakes

    (t) - 2 months

    (t) - 8 months

    Biannually

    Review

    PMO

    Service Desk

    Domain Heads

    Assess Roadblocks

    (t) - 2 months

    (t) - 5 months

    (t) - 8 months

    (t) - 11 months

    Quarterly

    Brainstorming & Consensus

    Domain Heads

    Infrastructure Leader

    Time Study

    (t) - 1 month

    (t) - 4 months

    (t) - 7 months

    (t) - 10 months

    Quarterly

    Assessment

    Domain Staff

    Domain Heads

    Inventory Assessment

    (t) - 2 months

    Annually

    Assessment

    Domain Staff

    Domain Heads

    Business Goals

    (t) - 1 month

    Annually

    Survey

    Line of Business Managers

    Infrastructure Leader or CIO

    New Technology Assessment

    monthly

    (t) - 2 months

    Monthly/Annually

    Process

    Domain Staff

    Infrastructure Leader

    Initiative Review

    (t) - 1 month

    (t) - 4 months

    (t) - 7 months

    (t) - 10 months

    Quarterly

    Review

    PMO

    Domain Heads

    Infrastructure Leader

    Initiative Creation

    (t) - 1 month

    Annually

    Brainstorming & Consensus

    Roadmap Team

    Infrastructure Leader

    The roadmap report is just a point-in-time snapshot, but to be most valuable it needs to come at the end of a full process cycle. Know your due date, work backwards, and assign responsibility.

    Discussion:

    1. Do each of the steps make sense? Is the outcome clear and does it flow naturally to where it will be useful?
    2. Is the effort required for each step commensurate with its value? Are we doing to much for not enough return?
    3. Are we acting on the information we're gathering? Is it informing or changing decisions throughout the year or period?

    Input

    • Roadmap sections

    Output

    • Roadmap process milestones

    Materials

    • Whiteboard & markers
    • Template

    Participants

    • Roadmap team

    Tailor your messaging to secure stakeholders' involvement and support

    If your stakeholders aren't on board, you're in serious trouble.

    Certain stakeholders will not only be highly involved and accountable in the process but may also be responsible for approving the roadmap and budget, so it's essential that you get their buy-in upfront.

    an image of a quadrant analysis, comparing levels of influence and support.

    an image of a quadrant analysis, comparing levels of influence and support.

    4.1.3 Identifying supporters and blockers

    Classification and Strategy

    1 hour

    You may want to restrict participation to senior members of the roadmap team only.

    This activity requires a considerable degree of candor in order to be effective. It is effectively a political conversation and as such can be sensitive.

    Steps:

    1. Review your sticky notes from the earlier activity (list of input and output names).
    2. Place each name in the corresponding quadrant of a 2x2 matrix like the one on the right.
    3. Come to a consensus on the placement of each sticky note.

    Input

    • Roadmap audience and contributors list

    Output

    • Communications strategy & plan

    Materials

    • Whiteboard & markers
    • Sticky notes

    Participants

    • Senior roadmap team

    Step 4.2

    Process improvement

    Activities

    4.2.1 Evaluating the value of each process output

    4.2.2 Brainstorming improvements

    4.2.3 Setting realistic measures

    This step requires the following inputs:

    • Evaluating the efficacy of each process output
    • Brainstorming improvements
    • Setting realistic measures

    This step involves the following participants:

    • Roadmap team

    Outcomes of this step

    • Process map
    • Process improvement plan

    Continual improvement

    Not just for the DevOps hipsters!

    You started with a desire – greater satisfaction with infrastructure from the business. All of the inputs, processes, and outputs exist only, and are designed solely, to serve the attainment of that outcome.

    The process outlined is not dogma; no element is sacrosanct. Ruthlessly evaluate the effectiveness of your efforts so you can do better next time.

    You would do no less after a server migration, network upgrade, or EUC rollout.

    Consider these four factors to help make your infrastructure roadmap effort more successful.

    Leadership
    If infrastructure leaders aren't committed, then this will quickly become an exercise of box-checking rather than candid communication.

    Data
    Quantitative or qualitative – always try to go where the data leads. Reduce unconscious bias and be surprised by the insight uncovered.

    Metrics
    Measurement allows management but if you measure the wrong thing you can game the system, cheating yourself out of the ultimate prize.

    Focus
    Less is sometimes more.

    4.2.1 Evaluating the value of each process output

    Understanding why and how individual steps are effective (or not) is how we improve the outcome of any process.

    1 hour

    1. List each of the nine roadmap steps on the left-hand side of a whiteboard.
    2. Ask the participants "Why was this step included? Did it accomplish its objective?" Consider using a reduced scale affinity diagramming exercise for this step.
    3. Consider the priority characteristics of each step; try to be as universal as possible (every characteristic will ideally apply to each step).
    4. Include two columns at the far right: "Improvement" and "Expected Change."
    5. Populate the table. If this is your first time, brainstorm reasonable objectives for your left-hand columns. Otherwise, document the reality of last year and focus on brainstorming the right-hand columns.
    6. Optional: Conduct a thought experiment and brainstorm tension metrics to establish whether the process is driving the outcomes we desire.
    7. Optional: Consider Info-Tech's assertion about the four things a roadmap can do. Brainstorm KPIs that you can measure yearly. What else would you want the roadmap to be able to do?

    Discussion:

    Did the group agree on the intended outcome of each step? Did the group think the step was effective? Was the outcome clear and did it flow naturally to where it was useful?
    Is the effort required for each step commensurate with its value? Are we doing too much for not enough return?
    Are we acting on the information we're gathering? Is it informing or changing decisions throughout the year or period?

    Input

    • Roadmap process steps

    Output

    • Process map
    • Improvement targets & metrics

    Materials

    • Whiteboard & markers
    • Sticky notes
    • Process Map Template (see next slide)

    Participants

    • Roadmap team

    Process map template

    Replace the included example text with your inputs.

    Freq.MethodMeasuresSuccess criteria

    Areas for improvement

    Expected change

    Evaluate intakesBiannuallyPMO Intake & Service RequestsProjects or Initiatives% of departments engaged

    Actively reach out to underrepresented depts.

    +10% engagement

    Assess roadblocksQuarterlyIT All-Staff MeetingRoadblocks% of identified that have been resolved

    Define expected outcomes of removing roadblock

    Measurable improvements

    Time studyQuarterly IT All-Staff MeetingTimeConfidence value of data

    Real data sources (time sheets, tools, etc.)

    85% of sources defensible

    Legacy asset assessmentAnnuallyDomain effortAsset Inventory Completeness of Inventory
    • Compare against Asset Management database
    • Track business activity by enabling asset(s)
    • > 95% accuracy/
      completeness
    • Easier business risk framework conversations
    Understand business goalsAnnuallyRoadmap MeetingGoal listGoal specificity

    Survey or interview leadership directly

    66% directly attributable participation

    New technology assessmentMonthly/AnnuallyTeam/Roadmap MeetingTechnologies Reviewed IT staff participation/# SWOTs

    Increase participation from junior members

    50% presentations from junior members

    Initiative review

    Quarterly

    IT All-Staff Meeting

    • Status Review
    • Template usage
    • Action taken upon review
    • Template uptake
    • Identify predictive factors
    • Improve template
    • 25% of yellow lights to green
    • -50% requests for additional info

    Initiative creation

    Annually Roadmap MeetingInitiatives# of initiatives proposedBusiness uptake+25% sponsorship in 6 months (biz)

    Update and publish

    AnnuallyPDF reportRoadmap Final ReportLeadership engagement Improve audience reach+15% of LoB managers have read the report

    Establish baseline metrics

    Baseline metrics will improve through:

    1. Increased communication. More information being shared to more people who need it.
    2. Better planning. More accurate information being shared.
    3. Reduced lead times. Less due diligence or discovery work required as part of project implementations.
    4. Faster delivery times. Less less-valuable work, freeing up more time to project work.
    Metric description Current metric Future goal
    # of critical incidents resulting from equipment failure per month
    # of service provisioning delays due to resource (non-labor) shortages
    # of projects that involve standing up untested (no prior infrastructure PoC) technologies
    # of PoCs conducted each year
    # of initiatives proposed by infrastructure
    # of initiatives proposed that find business sponsorship in >1yr
    % of long-term projects reviewed as per goal framework
    # of initiatives proposed that are the only ones supporting a business goal
    # of technologies deployed being used by more than the original business sponsor
    # of PMO delays due to resource contention

    Insight Summary

    Insight 1

    Draw the first picture.

    Highly engaged and effective team members are proactive rather than reactive. Instead of waiting for clear inputs from the higher ups, take what you do know, make some educated guesses about the rest, and present that to leadership. Where thinking diverges will be crystal clear and the necessary adjustments will be obvious.

    Insight 2

    Infrastructure must position itself as the broker for new technologies.

    No man is an island; no technology is a silo. Infrastructure's must ensure that everyone in the company benefits from what can be shared, ensure those benefits are delivered securely and reliably, and prevent the uninitiated from making costly technological mistakes. It is easier to lead from the front, so infrastructure must stay on top of available technology.

    Insight 3

    The roadmap is a process that is business driven and not a document.

    In an ever-changing world the process of change itself changes. We know the value of any specific roadmap output diminishes quickly over time, but don't forget to challenge the process itself from time to time. Striving for perfection is a fool's game; embrace constant updates and incremental improvement.

    Insight 4

    Focus on the framework, not the output.

    There usually is no one right answer. Instead make sure both the business and infrastructure are considering common relevant elements and are working from a shared set of priorities. Data then, rather than hierarchical positioning or a d20 Charisma roll, becomes the most compelling factor in making a decision. But since your audience is in hierarchical ascendency over you, make the effort to become familiar with their language.

    4.2.3 Track metrics throughout the project to keep stakeholders informed

    An effective strategic infrastructure roadmap should help to:

    1. Initiate a schedule of infrastructure projects to achieve business goals.
    2. Adapt to feedback from executives on changing business priorities.
    3. Curate a portfolio of enabling technologies that align to the business whether growing or stabilizing.
    4. Manage the lifecycle of aging equipment in order to meet capacity demands.
    Metric description

    Metric goal

    Checkpoint 1

    Checkpoint 2

    Checkpoint 3

    # of critical incidents resulting from equipment failure per month >1
    # of service provisioning delays due to resource (non-labor) shortages >5
    # of projects that involve standing up untested (no prior infrastructure PoC) technologies >10%
    # of PoCs conducted each year 4
    # of initiatives proposed by infrastructure 4
    # of initiatives proposed that find business sponsorship in >1 year 1
    # of initiatives proposed that are the only ones supporting a business goal 1
    % of long-term projects reviewed as per goal framework 100%

    Summary of Accomplishment

    Review performance from last fiscal year

    • Analyzed and communicated the benefits and value realized from IT's strategic initiatives in the past fiscal year.
    • Analyzed and prioritized diagnostic data insights to communicate IT success stories.
    • Elicited important retrospective information such as KPIs, financials, etc. to build IT's credibility as a strategic business partner.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Related Info-Tech Research

    Build a Business-Aligned IT Strategy
    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Document your Cloud Strategy
    A cloud strategy might seem like a big project, but it's just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas.

    Develop an IT Asset Management Strategy
    ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there's no value in data for data's sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service provider.

    Infrastructure & Operations Research Center
    Practical insights, tools, and methodologies to systematically improve IT Infrastructure & Operations.

    Summary of Accomplishment

    Knowledge gained

    • Deeper understanding of business goals and priorities
    • Key data the business requires for any given initiative
    • Quantification of risk
    • Leading criteria for successful technology adoption

    Processes optimized

    • Infrastructure roadmap
    • Initiative creation, estimation, evaluation, and prioritization
    • Inventory assessment for legacy infrastructure debt
    • Technology adoption

    Deliverables completed

    • Domain time study
    • Initiative intake analysis
    • Prioritized roadblock list
    • Goal listing
    • IT and business risk frameworks
    • Infrastructure inventory assessment
    • New technology analyzes
    • Initiative templates
    • Initiative candidates
    • Roadmap visualization
    • Process schedule
    • Communications strategy
    • Process map
    • Roadmap report

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Bibliography

    "10 Essential KPIs for the IT Strategic Planning Process." Apptio Inc, Dec. 2021. Accessed Nov. 2022.
    Amos, Justin. "8 areas your 2022 IT Infrastructure roadmap should cover." Soma, 24 Jan 2022 Accessed Nov. 2022
    Ahmed, Anam. "Importance of Mission Vision in Organizational Strategy." Chron, 14 March 2019. Accessed 10 May 2021. ."
    Barker, Joel A. "Joel A Barker Quote about Vision." Joel A Barker.com. Accessed 10 Nov 2022
    Bhagwat, Swapnil ."Top IT Infrastructure Management Strategies For 2023 , Atlas Systems, 23 Oct 2022. Accessed Nov. 2022.
    Blank, Steve. "You're Better Off Being A Fast Follower Than An Originator." Business Insider. 5 Oct. 2010. Web.
    Bridges, Jennifer . "IT Risk Management Strategies and Best Practices." Project Manager, 6 Dec 2019. Accessed Nov. 2022.
    "Building a Technology Roadmap That Stabilizes and Transforms." Collegis Education. Accessed Dec 2022.
    Collins, Gavin. "WHY AN IT INFRASTRUCTURE ROAD MAP?." Fifth Step, Date unknown. Accessed Nov. 2022.
    "Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint - ResearchAndMarkets.com." Business Wire, 1 Feb. 2018. Accessed 9 June 2021.
    De Vos, Colton. “Well-Developed IT Strategic Plan Example." Resolute Tech Solutions, 6 Jan 2020. Accessed Nov. 2022.
    Gray, Dave. "Post-Up." Gamestorming, 15 Oct. 2010. Accessed 10 Nov 2022
    Helm, Clay. "Majority of Surveyed Companies are Not Prepared for IT Needs of the Future." IBM Study, 4 Jan 2021. Accessed Nov. 2022.
    Hertvik, Joe. "8 Components of A Great IT Strategy, BMC Blogs, 29 May. 2020. Accessed Nov. 2022.
    ISACA, "Effective governance at your Fingertips". COBIT Framework, Accessed Dec 2022
    "IT Guiding Principles." Office of Information Technology, NC State University, 2014-2020. Accessed 9 Nov 2022.
    ""IT Infrastructure That Makes Employees Happier." Network Doctor, 2021. Accessed Dec 2022
    "IT Road mapping Helps Dura Remain at the Forefront of Auto Manufacturing." Performance Improvement Partners, ND. Accessed Dec 2022.
    ITtoolkit.com. "The IT Vision: A Strategic Path to Lasting IT Business Alignment." ITtoolkit Magazine, 2020. Accessed 9 June 2021.
    Kark, Khalid. "Survey: CIOs Are CEOs' Top Strategic Partner." CIO Journal, The Wall Street Journal, 22 May 2020. Accessed 11 May 2021.
    Kimberling, Eric. "What is "Future State" and Why is it Important?" Third Stage Consulting, 11 June 2021. Accessed Nov. 2022.
    Kishore. "The True Cost of Keeping the Lights On." Optanix, 1 Feb. 2017. Accessed Nov. 2022.
    Lakein, Alan. Libquotes.
    Mindsight. "THE ULTIMATE GUIDE TO CREATING A TECHNOLOGY ROADMAP" Mind sight, 12 Dec 2021. Accessed Nov. 2022.
    Milani, F. (2019). Future State Analysis. In: Digital Business Analysis. Springer, Cham. https://doi.org/10.1007/978-3-030-05719-0_13
    Newberry, Dennis. "Meeting the Challenges of Optimizing IT Cost and Capacity Management." BMC, 2021, Accessed 12 Nov 2022.
    Peek, Sean. "What Is a Vision Statement?" Business News Daily, 7 May 2020. Accessed 10 Nov 2022.
    Ramos, Diana. "Infrastructure Management 101: A Beginner's Guide to IT Infrastructure Management." Smartsheet.com. 30 Nov 2021. Accessed 09 Dec 2022.
    Ramsey, Dave. "Dave Rant: How to Finally Take Control of Your Money." Ramseysolutions. 26 Aug 2021. Accessed 10 Nov 2022.
    Richards-Gustafson, Flora. "5 Core Operational Strategies." Chron, 8 Mar 2019. Accessed 9 June 2021.
    Richardson, Nigel. "What are the differences between current and future state maps?." Nexus, 18 Oct 2022. Accessed Nov. 2022.
    Roush, Joe. "IT Infrastructure Planning: How To Get Started." BMC. 05 January, 2018. Accessed 24 Jan 2023.
    Shields, Corey. "A Complete Guide to IT Infrastructure Management." Ntiva, 15 Sept. 2020. Accessed 28 Nov. 2022.
    Snow, Shane. "Smartcuts: How Hackers, Innovators, and Icons Accelerate Success." Harper Business, 2014.
    Strohlein, Marc. "The CIO's Guide to Aligning IT Strategy with the Business." IDC, 2019. Accessed Nov 2022.
    Sull, Sull, and Yoder. "No One Knows Your Strategy — Not Even Your Top Leaders." MIT Sloan. 12 Feb 2018. Accessed 26 Jan 2023.
    "Team Purpose & Culture." Hyper Island. Accessed 10 Nov. 2022
    "Tech Spend Pulse, 2022." Flexera, Jan 2022, Accessed 15 Nov 2022
    "Tech Spend Pulse." Flexera, Dec. 2022. Accessed Nov. 2022.
    "The Definitive Guide to Developing an IT Strategy and Roadmap" CIO Pages.com , 5 Aug 13 2022. Accessed 30 Nov. 2022.
    Wei, Jessica. "Don't Tell Me Where Your Priorities Are – James W. Frick." Due.com, 21 Mar 2022. Accessed 23 Nov 2022.
    Zhu, Pearl. "How to Set Guiding Principles for an IT Organization." Future of CIO, 1 July 2013. Accessed 9 June 2021.

    Build a Value Measurement Framework

    • Buy Link or Shortcode: {j2store}182|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $82,374 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Rapid changes in today’s market require rapid, value-based decisions, and organizations that lack a shared definition of value fail to maintain their competitive advantage.
    • Different parts of an organization have different value drivers that must be given balanced consideration.
    • Focusing solely on revenue ignores the full extent of value creation in your organization and does not necessarily result in the right outcomes.

    Our Advice

    Critical Insight

    • Business is the authority on business value. While IT can identify some sources of value, business stakeholders must participate in the creation of a definition that is meaningful to the whole organization.
    • It’s about more than profit. Organizations must have a definition that encompasses all of the sources of value or they risk making short-term decisions with long-term negative impacts.
    • Technology creates business value. Treating IT as a cost center makes for short-sighted decisions in a world where every business process is enabled by technology.

    Impact and Result

    • Standardize your definition of business value. Work with your business partners to define the different sources of business value that are created through technology-enabled products and services.
    • Weigh your value drivers. Ensure that business and IT understand the relative weight and priority of the different sources of business value you have identified.
    • Use a balanced scorecard to understand value. Use the different value drivers to understand and prioritize different products, applications, projects, initiatives, and enhancements.

    Build a Value Measurement Framework Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why building a consistent and aligned framework to measure the value of your products and services is vital for setting priorities and getting the business on board.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your value drivers

    This phase will help you define and weigh value drivers based on overarching organizational priorities and goals.

    • Build a Value Measurement Framework – Phase 1: Define Your Value Drivers
    • Value Calculator

    2. Measure value

    This phase will help you analyze the value sources of your products and services and their alignment to value drivers to produce a value score that you can use for prioritization.

    • Build a Value Measurement Framework – Phase 2: Measure Value
    [infographic]

    Further reading

    Build a Value Measurement Framework

    Focus product delivery on business value–driven outcomes.

    ANALYST PERSPECTIVE

    "A meaningful measurable definition of value is the key to effectively managing the intake, prioritization, and delivery of technology-enabled products and services."

    Cole Cioran,

    Senior Director, Research – Application Development and Portfolio Management

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs who need to understand the value IT creates
    • Application leaders who need to make good decisions on what work to prioritize and deliver
    • Application and project portfolio managers who need to ensure the portfolio creates business value
    • Product owners who are accountable for delivering value

    This Research Will Help You:

    • Define quality in your organization’s context from both business and IT perspectives.
    • Define a repeatable process to understand the value of a product, application, project, initiative, or enhancement.
    • Define value sources and metrics.
    • Create a tool to make it easier to balance different sources of value.

    This Research Will Also Assist:

    • Product and application delivery teams who want to make better decisions about what they deliver
    • Business analysts who need to make better decisions about how to prioritize their requirements

    This Research Will Help Them:

    • Create a meaningful relationship with business partners around what creates value for the organization.
    • Enable better understanding of your customers and their needs.

    Executive summary

    Situation

    • Measuring the business value provided by IT is critical for improving the relationship between business and IT.
    • Rapid changes in today’s market require rapid, value-based decisions.
    • Every organization has unique drivers that make it difficult to see the benefits based on time and impact approaches to prioritization.

    Complication

    • An organization’s lack of a shared definition of value leads to politics and decision making that does not have a firm, quantitative basis.
    • Different parts of an organization have different value drivers that must be given balanced consideration.
    • Focusing solely on revenue does not necessarily result in the right outcomes.

    Resolution

    • Standardize your definition of business value. Work with your business partners to define the different sources of business value that are created through technology-enabled products and services.
    • Weigh your value drivers. Ensure business and IT understand the relative weight and priority of the different sources of business value you have identified.
    • Use a balanced scorecard to understand value. Use the different value drivers to understand and prioritize different products, applications, projects, initiatives, and enhancements.

    Info-Tech Insight

    1. Business is the authority on business value. While IT can identify some sources of value, business stakeholders must participate in the creation of a definition that is meaningful to the whole organization.
    2. It’s about more than profit. Organizations must have a definition that encompasses all of the sources of value, or they risk making short-term decisions with long-term negative impacts.
    3. Technology creates business value. Treating IT as a cost center makes for short-sighted decisions in a world where every business process is enabled by technology.

    Software is not currently creating the right outcomes

    Software products are taking more and more out of IT budgets.

    38% of spend on IT employees goes to software roles.

    Source: Info-Tech’s Staffing Survey

    18% of opex is spent on software licenses.

    Source: SoftwareReviews.com

    33% of capex is spent on new software.

    However, the reception and value of software products do not justify the money invested.

    Only 34% of software is rated as both important and effective by users.

    Source: Info-Tech’s CIO Business Vision

    IT benchmarks do not help or matter to the business. Focus on the metrics that represent business outcomes.

    A pie chart is shown as an example to show how benchmarks do not help the business.

    IT departments have a tendency to measure only their own role-based activities and deliverables, which only prove useful for selling practice improvement services. Technology doesn’t exist for technology's sake. It’s in place to generate specific outcomes. IT and the business need to be aligned toward a common goal of enabling business outcomes, and that’s the important measurement.

    "In today’s connected world, IT and business must not speak different languages. "

    – Cognizant, 2017

    CxOs stress the importance of value as the most critical area for IT to improve reporting

    A bar graph is shown to demonstrate the CxOs importance of value. Business value metrics are 32% of significant improvement necessary, and 51% where some improvement is necessary.

    N=469 CxOs from Info-Tech’s CEO/CIO Alignment Diagnostic

    Key stakeholders want to know how you and your products or services help them realize their goals.

    While the basics of value are clear, few take the time to reach a common definition and means to measure and apply value

    Often, IT misses the opportunity to become a strategic partner because it doesn’t understand how to communicate and measure its value to the business.

    "Price is what you pay. Value is what you get."

    – Warren Buffett

    Being able to understand the value context will allow IT to articulate where IT spend supports business value and how it enables business goal achievement.

    Value is...

    Derived from business context

  • What is our business context?
  • Enabled through governance and strategy

  • Who sees the strategy through?
  • The underlying context for decision making

  • How is value applied to support decisions?
  • A measure of achievement

  • How do I measure?
  • Determine your business context by assessing the goals and defining the unique value drivers in your organization

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of sources of value. Dissecting value by the benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    A business value matrix is shown. It shows the relationship between reading customers, increase revenue, reduce costs, and enhance services.

    Financial Benefits vs. Improved Capabilities

    Financial Benefits refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible. Human Benefits refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduction of overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not been put in place.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    See your strategy through by involving both IT and the business

    Buy-in for your IT strategy comes from the ability to showcase value. IT needs to ensure it has an aligned understanding of what is valuable to the organization.

    Business value needs to first be established by the business. After that, IT can build a partnership with the business to determine what that value means in the context of IT products and services.

    The Business

    What the Business and IT have in common

    IT

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the products along with those most familiar with the capabilities or processes enabled by technology.

    Business Value of Products and Services

    Technical subject matter experts of the products and services they deliver and maintain. Each IT function works together to ensure quality products and services are delivered up to stakeholder expectations.

    Measure your product or services with Info-Tech’s Value Measurement Framework (VMF) and value scores

    The VMF provides a consistent and less subjective approach to generating a value score for an application, product, service, or individual feature, by using business-defined value drivers and product-specific value metrics.

    Info-Tech's Value Measurement Framework is shown.

    A consistent set of established value drivers, sources, and metrics gives more accurate comparisons of relative value

    Value Drivers

    Value Sources

    Value Fulfillment Metrics

    Broad categories of values, weighed and prioritized based on overarching goals

    Instances of created value expressed as a “business outcome” of a particular function

    Units of measurement and estimated targets linked to a value source

    Reach Customers

    Customer Satisfaction

    Net Promoter Score

    Customer Loyalty

    # of Repeat Visits

    Create Revenue Streams

    Data Monetization

    Dollars Derived From Data Sales

    Leads Generation

    Leads Conversation Rate

    Operational Efficiency

    Operational Efficiency

    Number of Interactions

    Workflow Management

    Cycle Time

    Adhere to regulations & compliance

    Number of Policy Exceptions

    A balanced and weighted scorecard allows you to measure the various ways products generate value to the business

    The Info-Tech approach to measuring value applies the balanced value scorecard approach.

    Importance of value source

    X

    Impact of value source

    = Value Score

    Which is based on…

    Which is based on…

    Alignment to value driver

    Realistic targets for the KPI

    Which is weighed by…

    Which is estimated by…

    A 1-5 scale of the relative importance of the value driver to the organization

    A 1-5 scale of the application or feature’s ability to fulfill that value source

    +

    Importance of Value Source

    X

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    =

    Balanced Business Value Score

    Value Score1 + VS2 + … + VSN = Overall Balance Value Score

    Value scores help support decisions. This blueprint looks specifically at four use cases for value scores.

    A value score is an input to the following activities:

    1. Prioritize Your Product Backlog
    2. Estimate the relative value of different product backlog items (i.e. epics, features, etc.) to ensure the highest value items are completed first.

      This blueprint can be used as an input into Info-Tech’s Build a Better Backlog.

    3. Prioritize Your Project Backlog
    4. Estimate the relative value of proposed new applications or major changes or enhancements to existing applications to ensure the right projects are selected and completed first.

      This blueprint can be used as an input into Info-Tech’s Optimize Project Intake, Approval, and Prioritization.

    5. Rationalize Your Applications
    6. Gauge the relative value from the current use of your applications to support strategic decision making such as retirement, consolidation, and further investments.

      This blueprint can be used as an input into Info-Tech’s Visualize Your Application Portfolio Strategy With a Business Value-Driven Roadmap.

    7. Categorize Application Tiers
    8. Gauge the relative value of your existing applications to distinguish your most to least important systems and build tailored support structures that limit the downtime of key value sources.

      This blueprint can be used as an input into Info-Tech’s Streamline Application Maintenance.

    The priorities, metrics, and a common understanding of value in your VMF carry over to many other Info-Tech blueprints

    Transition to Product Delivery

    Build a Product Roadmap

    Modernize Your SDLC

    Build a Strong Foundation for Quality

    Implement Agile Practices That Work

    Use Info-Tech’s Value Calculator

    The Value Calculator facilitates the activities surrounding defining and measuring the business value of your products and services.

    Use this tool to:

    • Weigh the importance of each Value Driver based on established organizational priorities.
    • Create a repository for Value Sources to provide consistency throughout each measurement.
    • Produce an Overall Balanced Value Score for a specific item.

    Info-Tech Deliverable

    A screenshot of Info-Tech's Value Calculator is shown.

    Populate the Value Calculator as you complete the activities and steps on the following slides.

    Limitations of the Value Measurement Framework

    "All models are wrong, but some are useful."

    – George E.P. Box, 1979

    Value is tricky: Value can be intangible, ambiguous, and cause all sorts of confusion, with the multiple, and often conflicting, priorities any organization is sure to have. You won’t likely come to a unified understanding of value or an agreement on whether one thing is more valuable than something else. However, this doesn’t mean you shouldn’t try. The VMF provides a means to organize various priorities in a meaningful way and to assess the relative value of a product or service to guide managers and decision makers on the right track and keep alignment with the rest of the organization.

    Relative value vs. ROI: This assessment produces a score to determine the value of a product or service relative to other products or services. Its primary function is to prioritize similar items (projects, epics, requirements, etc.) as opposed to producing a monetary value that can directly justify cost and make the case for a positive ROI.

    Apply caution with metrics: We live in a metric-crazed era, where everything is believed to be measurable. While there is little debate over recent advances in data, analytics, and our ability to trace business activity, some goals are still quite intangible, and managers stumble trying to link these goals to a quantifiable data source.

    In applying the VMF Info-Tech urges you to remember that metrics are not a magical solution. They should be treated as a tool in your toolbox and are sometimes no more than a rough gauge of performance. Carefully assign metrics to your products and services and do not disregard the informed subjective perspective when SMART metrics are unavailable.

    "One of the deadly diseases of management is running a company on visible figures alone."

    – William Edwards Deming, 1982

    Info-Tech’s Build a Value Measurement Framework glossary of terms

    This blueprint discusses value in a variety of ways. Use our glossary of terms to understand our specific focus.

    Value Measurement Framework (VMF)

    A method of measuring relative value for a product or service, or the various components within a product or service, through the use of metrics and weighted organizational priorities.

    Value Driver

    A board organizational goal that acts as a category for many value sources.

    Value Source

    A specific business goal or outcome that business and product or service capabilities are designed to fulfill.

    Value Fulfillment

    The degree to which a product or service impacts a business outcome, ideally linked to a metric.

    Value Score

    A measurement of the value fulfillment factored by the weight of the corresponding value driver.

    Overall Balanced Value Score

    The combined value scores of all value sources linked to a product or service.

    Relative Value

    A comparison of value between two similar items (i.e. applications to applications, projects to projects, feature to feature).

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Value Measurement Framework – project overview

    1. Define Your Value Drivers

    2. Measure Value

    Best-Practice Toolkit

    1.1 Identify your business value authorities.

    2.1 Define your value drivers.

    2.2 Weigh your value drivers.

    • Identify your product or service SMEs.
    • List your products or services items and components.
    • Identify your value sources.
    • Align to a value driver.
    • Assign metrics and gauge value fulfillment.

    Guided Implementations

    Identify the stakeholders who should be the authority on business value.

    Identify, define, and weigh the value drivers that will be used in your VMF and all proceeding value measurements.

    Identify the stakeholders who are the subject matter experts for your products or services.

    Measure the value of your products and services with value sources, fulfillment, and drivers.

    Outcome:

    • Value drivers and weights

    Outcome:

    • An initial list of reusable value sources and metrics
    • Value scores for your products or services

    Phase 1

    Define Your Value Drivers

    First determine your value drivers and add them to your VMF

    One of the main aspects of the VMF is to apply consistent and business-aligned weights to the products or services you will evaluate.

    This is why we establish your value drivers first:

    • Get the right executive-level “value authorities” to establish the overarching weights.
    • Build these into the backbone of the VMF to consistently apply to all your future measurements.
    An image of the Value Measure Framework is shown.

    Step 1.1: Identify Value Authorities

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your authorities on business value.

    This step involves the following participants:

    • Owners of your value measurement framework

    Outcomes of this step

    • Your list of targeted individuals to include in Step 2.1

    Business value is best defined and measured by the combined effort and perspective of both IT and the business

    Buy-in for your IT strategy comes from the ability to showcase value. IT needs to ensure it has an aligned understanding of what is valuable to the organization. First, priorities need to be established by the business. Second, IT can build a partnership with the business to determine what that value means in the context of IT products and services.

    The Business

    What the Business and IT have in common

    IT

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the products along with those most familiar with the capabilities or processes enabled by technology.

    Business Value of Products and Services

    Technical subject matter experts of the products and services they deliver and maintain. Each IT function works together to ensure quality products and services are delivered up to stakeholder expectations.

    Engage key stakeholders to reach a consensus on organizational priorities and value drivers

    Engage these key players to create your value drivers:

    CEO: Who better holds the vision or mandate of the organization than its leader? Ideally, they are front and center for this discussion.

    CIO: IT must ensure that technical/practical considerations are taken into account when determining value.

    CFO: The CFO or designated representative will ensure that estimated costs and benefits can be used to manage the budgets.

    VPs: Application delivery and mgmt. is designed to generate value for the business. Senior management from business units must help define what that value is.

    Evaluators (PMO, PO, APM, etc.): Those primarily responsible for applying the VMF should be present and active in identifying and carefully defining your organization’s value drivers.

    Steering Committee: This established body, responsible for the strategic direction of the organization, is really the primary audience.

    Identify your authorities of business value to identify, define, and weigh value drivers

    1.1 Estimated Time: 15 minutes

    The objective of this exercise is to identify key business stakeholders involved in strategic decision making at an organizational level.

    1. Review your organization’s governance structure and any related materials.
    2. Identify your key business stakeholders. These individuals are the critical business strategic partners.
      1. Target those who represent the business at an organizational level and often comprise the organization’s governing bodies.
      2. Prioritize a product backlog – include product owners and product managers who are in tune with the specific value drivers of the product in question.

    INFO-TECH TIP

    If your organization does not have a formal governance structure, your stakeholders would be the key players in devising business strategy. For example:

    • CEO
    • CFO
    • BRMs
    • VPs

    Leverage your organizational chart, governing charter, and senior management knowledge to better identify key stakeholders.

    INPUT

    • Key decision maker roles

    OUTPUT

    • Targeted individuals to define and weigh value drivers

    Materials

    • N/A

    Participants

    • Owner of the value measurement framework

    Step 1.2: Define Value Drivers

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Define your value drivers.
    • Weigh your value drivers.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Authorities of business value

    Outcomes of this step

    • A list of your defined and weighted value drivers

    Value is based on business needs and vision

    Value is subjective. It is defined through the organization’s past achievement and its future objectives.

    Purpose & Mission

    Past Achievement & Current State

    Vision & Future State

    Culture & Leadership

    There must be a consensus view of what is valuable within the organization, and these values need to be shared across the enterprise. Instead of maintaining siloed views and fighting for priorities, all departments must have the same value and purpose in mind. These factors – purpose and mission, past achievement and current state, vision and future state, and culture and leadership – impact what is valuable to the organization.

    Value derives from the mission and vision of an organization; therefore, value is unique to each organization

    Business value represents what the business needs to do to achieve its target state. Establishing the mission and vision helps identify that target state.

    Mission

    Vision

    Business Value

    Why does the company exist?

    • Specify the company’s purpose, or reason for being, and use it to guide each day’s activities and decisions.

    What does the organization see itself becoming?

    • Identify the desired future state of the organization. The vision articulates the role the organization strives to play and the way it wants to be perceived by the customer.
    • State the ends, rather than the means, to get to the future state.

    What critical factors fulfill the mission and vision?

    • Articulate the important capabilities the business should have in order to achieve its objectives. All business activities must enable business value.
    • Communicate the means to achieve the mission and vision.

    Understand the many types of value your products or services produce

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of value sources. Dissecting value by the benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    A business value matrix is shown. It shows the relationship between reading customers, increase revenue, reduce costs, and enhance services.

    Financial Benefits vs. Improved Capabilities

    Financial Benefits refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible. Human Benefits refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations. Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduction of overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not been put in place.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Expand past Info-Tech’s high-level value quadrants and identify the value drivers specific to your organization

    Different industries have a wide range of value drivers. Consider the difference between public and private entities with respect to generating revenue or reaching their customers or other external stakeholders. Even organizations in the same industry may have different values. For example, a mature, well-established manufacturer may view reputation and innovation as its highest-priority values, whereas a struggling manufacturer will see revenue or market share growth as its main drivers.

    Value Drivers

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    • Revenue growth
    • Data monetization
    • Cost optimization
    • Labor reduction
    • Collaboration
    • Risk and compliance
    • Customer experience
    • Trust and reputation

    You do not need to dissect each quadrant into an exhaustive list of value drivers. Info-Tech recommends defining distinct value drivers only for the areas you’ve identified as critical to your organization’s core goals and objectives.

    Understand value drivers that enable revenue growth

    Direct Revenue

    This value driver is the ability of a product or service to directly produce revenue through core revenue streams.

    Can be derived from:

    • Creating revenue
    • Improving the revenue generation of an existing service
    • Preventing the loss of a revenue stream

    Be aware of the differences between your products and services that enable a revenue source and those that facilitate the flow of capital.

    Funding

    This value driver is the ability of a product or service to enable other types of funding unrelated to core revenue streams.

    Can be derived from:

    • Tax revenue
    • Fees, fines, and ticketing programs
    • Participating in government subsidy or grant programs

    Be aware of the difference between your products and services that enable a revenue source and those that facilitate the flow of capital.

    Scale & Growth

    In essence, this driver can be viewed as the potential for growth in market share or new developing revenue sources.

    Does the product or service:

    • Increase your market share
    • Help you maintain your market share

    Be cautious of which items you identify here, as many innovative activities may have some potential to generate future revenue. Stick to those with a strong connection to future revenue and don’t qualify for other value driver categories.

    Monetization of Assets

    This value driver is the ability of your products and services to generate additional assets.

    Can be derived from:

    • Sale of data
    • Sale of market or customer reports or analysis
    • Sale of IP

    This value source is often overlooked. If given the right attention, it can lead to a big win for IT’s role in the business.

    Understand value drivers that reduce costs

    Cost Reduction

    A cost reduction is a “hard” cost saving that is reflected as a tangible decrease to the bottom line.

    This can be derived from reduction of expenses such as:

    • Salaries and wages
    • Hardware/software maintenance
    • Infrastructure

    Cost reduction plays a critical role in an application’s ability to increase efficiency.

    Cost Avoidance

    A cost avoidance is a “soft” cost saving, typically achieved by preventing a cost from occurring in the first place (i.e. risk mitigation). Cost avoidance indirectly impacts the bottom line.

    This can be derived from prevention of expenses by:

    • Mitigating a business outage
    • Mitigating another risk event
    • Delaying a price increase

    Understand the value drivers that enhance your services

    Enable Core Operations

    Some applications are in place to facilitate and support the structure of the organization. These vary depending on the capabilities of your organization but should be assessed in relation to the organization’s culture and structure.

    • Enables a foundational capability
    • Enables a niche capability

    This example is intentionally broad, as “core operations” should be further dissected to define different capabilities with ranging priority.

    Compliance

    A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

    In this case, the product or service is required in order to:

    • Prevent fines
    • Allow the organization to operate within a specific jurisdiction
    • Remediate audit gaps
    • Provide information required to validate compliance

    Internal Improvement

    An application’s ability to create value outside of its core operations and facilitate the transfer of information, insights, and knowledge.

    Value can be derived by:

    • Data analytics
    • Collaboration
    • Knowledge transfer
    • Organizational learning

    Innovation

    Innovation is typically an ill-defined value driver, as it refers to the ability of your products and services to explore new value streams.

    Consider:

    • Exploration into new markets and products
    • New methods of organizing resources and processes

    Innovation is one of the more divisive value drivers, as some organizations will strive to be cutting edge and others will want no part in taking such risks.

    Understand business value drivers that connect the business to your customers

    Policy

    Products and services can also be assessed in relation to whether they enable and support policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

    Policy value can be derived from:

    • The service or initiative will produce outcomes in line with our core organizational values.
    • Products that enable sustainability and corporate social responsibility

    Experience

    Applications are often designed to improve the interaction between customer and product. This value type is most closely linked to product quality and user experience. Customers, in this sense, can also include any stakeholders who consume core offerings.

    Customer experience value can be derived from:

    • Improving customer satisfaction
    • Ease of use
    • Resolving a customer issue or identified pain point
    • Providing a competitive advantage for your customers

    Customer Information

    Understanding demand and customer trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

    Customer information value can be achieved when an app:

    • Addresses strategic opportunities or threats identified through analyzing trends
    • Prevents failures due to lack of capacity to meet demand
    • Connects resources to external sources to enable learning and growth within the organization

    Trust & Reputation

    Products and services are designed to enable goals of digital ethics and are highly linked to your organization’s brand strategy.

    Trust and reputation can also be described as:

    • Customer loyalty and sustainability
    • Customer privacy and digital ethics

    Prioritizing this value source is critical, as traditional priorities can often come at the expense of trust and reputation.

    Define your value drivers

    1.2 Estimated Time: 1.5 hours

    The objective of this exercise is to establish a common understanding of the different values of the organization.

    1. Place your business value authorities at the center of this exercise.
    2. Collect all the documents your organization has on the mission and vision, strategy, governance, and target state, which may be defined by enterprise architecture.
    3. Identify the company mission and vision. Simply transfer the information from the mission and vision document into the appropriate spaces in the business value statement.
    4. Determine the organization’s business value drivers. Use the mission and vision, as well as the information from the collected documents, to formulate your own idea of business values.
    5. Use value driver template on the next slide to define the value driver, including:
    • Value Driver Name
    • Description
    • Related Business Capabilities – If available, review business architecture materials, such as business capability maps.
    • Established KPI and Targets – If available, include any organization-wide established KPIs related to your value driver. These KPIs will likely be used or influence the metrics eventually assigned to your applications.

    INPUT

    • Mission, vision, value statements

    OUTPUT

    • List and description of value drivers

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business value authorities
    • Owner of value measurement framework

    Example Value Driver

    Value Driver Name

    Reach Customers

    Value Driver Description

    Our organization’s ability to provide quality products and experience to our core customers

    Value Driver Weight

    10/10

    Related Business Capabilities

    • Customer Services
    • Marketing
      • Customer Segmentation
      • Customer Journey Mapping
    • Product Delivery
      • User Experience Design
      • User Acceptance Testing

    Key Business Outcomes, KPIs, and Targets

    • Improved Customer Satisfaction
      • Net Promotor Score: 80%
    • Improved Loyalty
      • Repeat Sales: 30%
      • Customer Retention: 25%
      • Customer Lifetime Value: $2,500
    • Improved Interaction
      • Repeat Visits: 50%
      • Account Conversation Rates: 40%

    Weigh your value drivers

    1.3 Estimated Time: 30 minutes

    The objective of this exercise is to prioritize your value drivers based on their relative importance to the business.

    1. Again, place the business value authorities at the center of this exercise.
    2. In order to determine priority, divide 100% among your value drivers, allocating a percentage to each based on its relative importance to the organization.
    3. Normalize those percentages on to a scale of 1 to 10, which will act as the weights for your value drivers.

    INPUT

    • Mission, vision, value statements

    OUTPUT

    • Weights for value drivers

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business value authorities
    • Owner of value measurement framework

    Weigh your value drivers

    1.3 Estimated Time: 30 minutes

    Value Driver

    Percentage Allocation

    1 to 10 Weight

    Revenue and other funding

    24%

    9

    Cost reduction

    8%

    3

    Compliance

    5%

    2

    Customer value

    30%

    10

    Operations

    13%

    7

    Innovation

    5%

    2

    Sustainability and social responsibility

    2%

    1

    Internal learning and development

    3%

    1

    Future growth

    10%

    5

    Total

    100%

    Carry results over to the Value Calculator

    1.3

    Document results of this activity in the “Value Drivers” tab of the Value Calculator.

    A screenshot of Info-Tech's Value Calculator is shown.

    List your value drivers.

    Define or describe your value drivers.

    Use this tool to create a repository for value sources to reuse and maintain consistency across your measurements.

    Enter the weight of each value driver in terms of importance to the organization.

    Phase 2

    Measure Value

    Step 2.1: Identify Product or Service SMEs

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your product or service SMEs.
    • List your product or services items and components.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Product or service SMEs

    Outcomes of this step

    • Your list of targeted individuals to include in Step 2.2

    Identify the products and services you are evaluating and break down their various components for the VMF

    In order to get a full evaluation of a product or service you need to understand its multiple facets, functions, features capabilities, requirements, or any language you use to describe its various components.

    An image of the value measure framework is shown.

    Decompose a product or service:

    • Get the right subject matter experts in place who know the business and technical aspects of the product or service.
    • Decompose the product or service to capture all necessary components.

    Before beginning, consider how your use case will impact your value measurement approach

    This table looks at how the different use cases of the VMF call for variations of this analysis, is directed at different roles, and relies on participation from different subject matter experts to provide business context.

    Use Case (uses of the VMF applied in this blueprint)

    Value (current vs. future value)

    Item (the singular entity you are producing a value score for)

    Components (the various facets of that entity that need to be considered)

    Scope (# of systems undergoing analysis)

    Evaluator (typical role responsible for applying the VMF)

    Cadence (when and why do you apply the VMF)

    Information Sources (what documents, tools, etc., do you need to leverage)

    SMEs (who needs to participate to define and measure value)

    1. Prioritize Your Product Backlog

    You are estimating future value of proposed changes to an application.

    Product backlog items (epic, feature, etc.) in your product backlog

    • Features
    • User stories
    • Enablers

    A product

    Product owner

    Continuously apply the VMF to prioritize new and changing product backlog items.

    • Epic hypothesis, documentation
    • Lean business case

    Product manager

    ????

    2. Prioritize Your Project Backlog

    Proposed projects in your project backlog

    • Benefits
    • Outcomes
    • Requirements

    Multiple existing and/or new applications

    Project portfolio manager

    Apply the VMF during your project intake process as new projects are proposed.

    • Completed project request forms
    • Completed business case forms
    • Project charters
    • Business requirements documents

    Project manager

    Product owners

    Business analysts

    3. Application Rationalization

    You are measuring current value of existing applications and their features.

    An application in your portfolio

    The uses of the application (features, function, capabilities)

    A subset of applications or the full portfolio

    Application portfolio manager

    During an application rationalization initiative:

    • Iteratively collect information and perform value measurements.
    • Structure your iterations based on functional areas to target the specific SMEs who can speak to a particular subset of applications.
    • Business capability maps

    Business process owners

    Business unit representatives

    Business architects

    Application architects

    Application SMEs

    4. Application Categorization

    The full portfolio

    Application maintenance or operations manager

    • SLAs
    • Business capability maps

    Identify your product or service SMEs

    2.1 Estimated Time: 15 minutes

    The objective of this exercise is to identify specific business stakeholders who can speak to the business outcomes of your applications at a functional level.

    1. Review your related materials that reference the stakeholders for the scoped products and services (i.e. capability maps, org charts, stakeholder maps).
    2. Identify your specific business stakeholders and application SMEs. These individuals represent the business at a functional level and are in tune with the business outcomes of their operations and the applications that support their operations.
      1. Use Case 1 – Product Owner, Product Manager
      2. Use Case 2 – Project Portfolio Manager, Project Manager, Product Owners, Business Process Owners, Appropriate Business Unit Representatives
      3. Use Case 3 – Application Portfolio Manager, Product Owners, Business Analysts, Application SMEs, Business Process Owners, Appropriate Business Unit Representatives
      4. Use Case 4 – Application Maintenance Manager, Operations Managers, Application Portfolio Manager, Product Owners, Application SMEs, Business Process Owners, Appropriate Business Unit Representatives

    INPUT

    • Specific product or service knowledge

    OUTPUT

    • Targeted individuals to measure specific products or services

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework

    Use Case 1: Collect and review all of the product backlog items

    Prioritizing your product backlog (epics, features, etc.) requires a consistent method of measuring the value of your product backlog items (PBIs) to continuously compare their value relative to one another. This should be treated as an ongoing initiative as new items are added and existing items change, but an initial introduction of the VMF will require you to collect and analyze all of the items in your backlog.

    Regardless of producing a value score for an epic, feature, or user story, your focus should be on identifying their various value sources. Review your product’s artifact documentation, toolsets, or other information sources to extract the business outcomes, impact, benefits, KPIs, or any other description of a value source.

    High

    Epics

    Carefully valuated with input from multiple stakeholders, using metrics and consistent scoring

    Level of valuation effort per PBI

    User Stories

    Collaboratively valuated by the product owner and teams based on alignment and traceability to corresponding epic or feature

    Low

    Raw Ideas

    Intuitively valuated by the product owner based on alignment to product vision and organization value drivers

    What’s in your backlog?

    You may need to create standards for defining and measuring your different PBIs. Traceability can be critical here, as defined business outcomes for features or user stories may be documented at an epic level.

    Additional Research

    Build a Better Backlog helps you define and organize your product backlog items.

    Use Case 2: Review the scope and requirements of the project to determine all of the business outcomes

    Depending on where your project is in your intake process, there should be some degree of stated business outcomes or benefits. This may be a less refined description in the form of a project request or business case document, or it could be more defined in a project charter, business requirements document/toolset, or work breakdown structure (WBS). Regardless of the information source, to make proper use of the VMF you need a clear understanding of the various business outcomes to establish the new or improved value sources for the proposed project.

    Project

    User Requirements

    Business Requirements

    System Requirements

    1

    1

    1

    2

    2

    2

    3

    3

    4

    Set Metrics Early

    Good project intake documentation begins the discussion of KPIs early on. This alerts teams to the intended value and gives your PMO the ability to integrate it into the workload of other proposed or approved projects.

    Additional Research

    Optimize Project Intake, Approval, and Prioritization provides templates to define proposed project benefits and outcomes.

    Use Cases 3 & 4: Ensure you’ve listed all of each application’s uses (functions, features, capabilities, etc.) and user groups

    An application can enable multiple capabilities, perform a variety of functions, and have a range of different user groups. Therefore, a single application can produce multiple value sources, which range in type, impact, and significance to the business’ overarching priorities. In order to effectively measure the overall value of an application you need to determine all of the ways in which that application is used and apply a business-downward view of your applications.

    Business Capability

    • Sub-capability
    • Process
    • Task

    Application

    • Module
    • Feature
    • Function

    Aim for Business Use

    Simply listing the business capabilities of an app can be too high level. Regardless of your organization’s terminology, you need to establish all of the different uses and users of an application to properly measure all of the facets of its value.

    Additional Research

    Discover Your Applications helps you identify and define the business use and features of your applications.

    List your product or services items and components

    2.2 Estimated Time: 15 minutes

    The objective of this exercise is to produce a list of the different items that you are scoring and ensure you have considered all relevant components.

    1. List each item you intend to produce a value score for:
      1. Use Case 1 – This may be the epics in your product backlog.
      2. Use Case 2 – This may be the projects in your project backlog.
      3. Use Cases 3 & 4 – This may be the applications in your portfolio. For this approach Info-Tech strongly recommends iteratively assessing the portfolio to produce a list of a subset of applications.
    2. For each item list its various components:
      1. Use Case 1 – This may be the features or user stories of an epic.
      2. Use Case 2 – This may be the business requirements of a project.
      3. Use Cases 3 & 4 – This may be the modules, features, functions, capabilities, or subsystems of an application.

    Item

    Components

    Add Customer Portal (Epic)

    User story #1: As a sales team member I need to process customer info.

    User story #2: As a customer I want access to…

    Transition to the Cloud (Project)

    Requirement #1: Build Checkout Cart

    NFR – Build integration with data store

    CRM (Application)

    Order Processing (module), Returns & Claims (module), Analytics & Reporting (Feature)

    INPUT

    • Product or service knowledge

    OUTPUT

    • Detailed list of items and components

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Use Cases 3 & 4: Create a functional view of your applications (optional)

    2.3 Estimated Time: 1 hour

    The objective of this exercise is to establish the different use cases of an application.

    1. Recall the functional requirements and business capabilities for your applications.
    2. List the various actors who will be interacting with your applications and list the consumers who will be receiving the information from the applications.
    3. Based on your functional requirements, list the use cases that the actors will perform to deliver the necessary information to consumers. Each use case serves as a core function of the application. See the diagram below for an example.
    4. Sometimes several use cases are completed before information is sent to consumers. Use arrows to demonstrate the flow of information from one use case to another.

    Example: Ordering Products Online

    Actors

    Order Customer

    Order Online

    Search Products

    Consumers

    Submit Delivery Information

    Order Customer

    Pay Order

    Bank

    INPUT

    • Product or service knowledge

    OUTPUT

    • Product or service function

    Materials

    • Whiteboard
    • Markers

    Participants

    • Application architect
    • Enterprise architect
    • Business and IT stakeholders
    • Business analyst
    • Development teams

    Use Cases 3 & 4: Create a functional view of your applications (optional) (cont’d.)

    2.3 Estimated Time: 1 hour

    5. Align your application’s use cases to the appropriate business capabilities and stakeholder objectives.

    Example:

    Stakeholder Objective: Automate Client Creation Processes

    Business Capability: Account Management

    Function: Create Client Profile

    Function: Search Client Profiles

    Business Capability: Sales Transaction Management

    Function: Order Online

    Function: Search Products Function: Search Products

    Function: Submit Delivery Information

    Function: Pay Order

    Step 2.2: Measure Value

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your value sources.
    • Align to a value driver.
    • Assign metrics and gauge value fulfillment.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Product or service SMEs

    Outcomes of this step

    • An initial list of reusable value sources and metrics
    • Value scores for your products or services

    Use your VMF and a repeatable process to produce value scores for all of your items

    With your products or services broken down, you can then determine a list of value sources, as well as their alignment to a value driver and a gauge of their value fulfillment, which in turn indicate the importance and impact of a value source respectively.

    A image of the value measure framework is shown.

    Lastly, we produce a value score for all items:

    • Determine business outcomes and value sources.
    • Align to the appropriate value driver.
    • Use metrics as the gauge of value fulfillment.
    • Collect your score.
    • Repeat.

    The business outcome is the impact the product or service has on the intended business activity

    Business outcomes are the business-oriented results produced by organization’s capabilities and the applications that support those capabilities. The value source is, in essence, “How does the application impact the outcome?” and this can be either qualitative or quantitative.

    Quantitative

    Qualitative

    Key Words

    Examples

    Key Words

    Examples

    Faster, cheaper

    Deliver faster

    Better

    Better user experience

    More, less

    More registrations per week

    Private

    Enhanced privacy

    Increase, decrease

    Decrease clerical errors

    Easier

    Easier to input data

    Can, cannot

    Can access their own records

    Improved

    Improved screen flow

    Do not have to

    Do not have to print form

    Enjoyable

    Enjoyable user experience

    Compliant

    Complies with regulation 12

    Transparent

    Transparent progress

    Consistent

    Standardized information gathered

    Richer

    Richer data availability

    Adapted from Agile Coach Journal.

    Measure value – Identify your value sources

    2.4 Estimated Time: 30 minutes

    The objective of this exercise is to establish the different value sources of a product or service.

    1. List the items you are producing an overall balance value score for. These can be products, services, projects, applications, product backlog items, epics, etc.
    2. For each item, list its various business outcomes in the form of a description that includes:
      1. The item being measured
      2. Business capability or activity
      3. How the item impacts said capability or activity

    Consider applying the user story format for future value sources or a variation for current value sources.

    As a (user), I want to (activity) so that I get (impact)

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • List of value sources

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Measure value – Align to a value driver

    2.5 Estimated Time: 30 minutes

    The objective of this exercise is to determine the value driver for each value source.

    1. Align each value source to a value driver. Choose between options A and B.
      1. Using a whiteboard, draw out a 2 x 2 business value matrix or an adapted version based on your own organizational value drivers. Place each value source in the appropriate quadrant.
        1. Increase Revenue
        2. Reduce Costs
        3. Enhance Services
        4. Reach Customers
      2. Using a whiteboard or large sticky pads, create a section for each value driver. Place each value source with the appropriate value driver.

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • Value driver weight

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Brainstorm the different sources of business value (cont’d.)

    2.5

    Example:

    An example of activity 2.5 is shown.

    Carry results over to the Value Calculator

    2.5

    Document results of this activity in the Value Calculator in the Item {#} tab.

    A screenshot of the Value Calculator is shown.

    List your Value Sources

    Your Value Driver weights will auto-populate

    Aim, but do not reach, for SMART metrics

    Creating meaningful metrics

    S pecific

    M easureable

    A chievable

    R ealisitic

    T ime-based

    Follow the SMART framework when adding metrics to the VMF.

    The intention of SMART goals and metrics is to make sure you have chosen a gauge that will:

    • Reflect the actual business outcome or value source you are measuring.
    • Ensure all relevant stakeholders understand the goals or value you are driving towards.
    • Ensure you actually have the means to capture the performance.

    Info-Tech Insight

    Metrics are NOT a magical solution. They should be treated as a tool in your toolbox and are sometimes no more than a rough gauge of performance. Carefully assign metrics to your products and services and do not disregard the informed subjective perspective when SMART metrics are unavailable.

    Info-Tech Best Practice

    One last critical consideration here is the degree of effort required to collect the metric compared to the value of the analysis you are performing. Assessing whether or not to invest in a project should apply the rigor of carefully selecting and measuring value. However, performing a rationalization of the full app portfolio will likely lead to analysis paralysis. Taking an informed subjective perspective may be the better route.

    Measure value – Assign metrics and gauge value fulfillment

    2.6 30-60 minutes

    The objective of this exercise is to determine an appropriate metric for each value source.

    1. For each value source assign a metric that will be the unit of measurement to gauge the value fulfilment of the application.
    2. Review the product or services performance with the metric
      1. Use case 1&2 (Proposed Applications and/or Features) - You will need to estimate the degree of impact the product or services will have on your selected metric.
      2. Use case 3&4 (Existing Applications and/or Features) – You can review historically how the product or service has performed with your selected metric
    3. Determine a value fulfillment on a scale of 1 – 10.
    4. 10 = The product or service far exceeds expectations and targets on the metric.

      5 = the product or service meets expectations on this metric.

      1 = the product or service underperforms on this metric.

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • Value driver weight

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Carry results over to the Value Calculator

    2.6

    Document results of this activity in the Value Calculator in the Item {#} tab.

    A screenshot of Info-Tech's Value Calculator is shown.

    Assign Metrics.

    Consider using current or estimated performance and targets.

    Assess the impact on the value source with the value fulfillment.

    Collect your Overall Balanced Value Score

    Appendix

    Bibliography

    Brown, Alex. “Calculating Business Value.” Agile 2014 Orlando – July 13, 2014. Scrum Inc. 2014. Web. 20 Nov. 2017.

    Brown, Roger. “Defining Business Value.” Scrum Gathering San Diego 2017. Agile Coach Journal. Web.

    Curtis, Bill. “The Business Value of Application Internal Quality.” CAST. 6 April 2009. Web. 20 Nov. 2017.

    Fleet, Neville, Joan Lasselle, and Paul Zimmerman. “Using a Balance Scorecard to Measure the Productivity and Value of Technical Documentation Organizations.” CIDM. April 2008. Web. 20 Nov. 2017.

    Harris, Michael. “Measuring the Business Value of IT.” David Consulting Group. 20 Nov. 2017.

    Intrafocus. “What is a Balanced Scorecard?” Intrafocus. Web. 20 Nov. 2017

    Kerzner, Harold. Project Management: A Systems Approach to Planning, Scheduling, and Controlling. 12th ed., Wiley, 2017.

    Lankhorst, Marc., et al. “Architecture-Based IT Valuation.” Via Nova Architectura. 31 March 2010. Web. 20 Nov. 2017.

    Rachlin, Sue, and John Marshall. “Value Measuring Methodology.” Federal CIO Council, Best Practices Committee. October 2002. Web. April 2019.

    Thiagarajan, Srinivasan. “Bridging the Gap: Enabling IT to Deliver Better Business Outcomes.” Cognizant. July 2017. Web. April 2019.

    Explore the Secrets of IBM Software Contracts to Optimize Spend and Reduce Compliance Risk

    • Buy Link or Shortcode: {j2store}141|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • IBM customers want to make effective use of their paid-up licenses to avoid overspending and stay compliant with agreements.
    • Each IBM software product is subject to different rules.
    • Clients control and have responsibility for aligning usage and payments. Over time, the usage of the software may be out of sync with what the client has paid for, resulting in either overspending or violation of the licensing agreement.
    • IBM audits software usage in order to generate revenue from non-compliant customers.

    Our Advice

    Critical Insight

    • You have a lot of work to do if you haven’t been paying attention to your IBM software.
    • Focus on needs first. Conduct and document a thorough requirements assessment. Well-documented needs will be your core asset in negotiation.
    • Know what’s in IBM’s terms and conditions. Failure to understand these can lead to major penalties after an audit.
    • Review your agreements and entitlements quarterly. IBM may have changed the rules, and you have almost certainly changed your usage.

    Impact and Result

    • Establish clear licensing requirements.
    • Maintain an effective process for managing your IBM license usage and compliance.
    • Identify any cost-reduction opportunities.
    • Prepare for penalty-free IBM audits.

    Explore the Secrets of IBM Software Contracts to Optimize Spend and Reduce Compliance Risk Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you need to invest effort in managing usage and licensing of your IBM software.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review terms and conditions for your IT contract

    Use Info-Tech’s licensing best practices to avoid the common mistakes of overspending on IBM licensing or failing an IBM audit.

    • IBM Passport Advantage Software RFQ Template
    • IBM 3-Year Bundled Price Analysis Tool
    [infographic]

    Become a Strategic CIO

    • Buy Link or Shortcode: {j2store}80|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a CIO, you are currently operating in a stable and trusted IT environment, but you would like to advance your role to strategic business partner.
    • CIOs are often overlooked as a strategic partner by their peers, and therefore face the challenge of proving they deserve a seat at the table.

    Our Advice

    Critical Insight

    • To become a strategic business partner, you must think and act as a business person that works in IT, rather than an IT person that works for the business.
    • Career advancement is not a solo effort. Building relationships with your executive business stakeholders will be critical to becoming a respected business partner.

    Impact and Result

    • Create a personal development plan and stakeholder management strategy to accelerate your career and become a strategic business partner. For a CIO to be considered a strategic business partner, he or she must be able to:
      • Act as a business person that works in IT, rather than an IT person that works for the business. This involves meeting executive stakeholder expectations, facilitating innovation, and managing stakeholder relationships.
      • Align IT with the customer. This involves providing business stakeholders with information to support stronger decision making, keeping up with disruptive technologies, and constantly adapting to the ever-changing end-customer needs.
      • Manage talent and change. This involves performing strategic workforce planning, and being actively engaged in identifying opportunities to introduce change in your organization, suggesting ways to improve, and then acting on them.

    Become a Strategic CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should become a strategic CIO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Analyze strategic CIO competencies and assess business stakeholder satisfaction with IT using Info-Tech's CIO Business Vision Diagnostic and CXO-CIO Alignment Program.

    • Become a Strategic CIO – Phase 1: Launch

    2. Assess

    Evaluate strategic CIO competencies and business stakeholder relationships.

    • Become a Strategic CIO – Phase 2: Assess
    • CIO Strategic Competency Evaluation Tool
    • CIO Stakeholder Power Map Template

    3. Plan

    Create a personal development plan and stakeholder management strategy.

    • Become a Strategic CIO – Phase 3: Plan
    • CIO Personal Development Plan
    • CIO Stakeholder Management Strategy Template

    4. Execute

    Develop a scorecard to track personal development initiatives.

    • Become a Strategic CIO – Phase 4: Execute
    • CIO Strategic Competency Scorecard
    [infographic]

    Workshop: Become a Strategic CIO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Competencies & Stakeholder Relationships

    The Purpose

    Gather and review information from business stakeholders.

    Assess strategic CIO competencies and business stakeholder relationships.

    Key Benefits Achieved

    Gathered information to create a personal development plan and stakeholder management strategy.

    Analyzed the information from diagnostics and determined the appropriate next steps.

    Identified and prioritized strategic CIO competency gaps.

    Evaluated the power, impact, and support of key business stakeholders.

    Activities

    1.1 Conduct CIO Business Vision diagnostic

    1.2 Conduct CXO-CIO Alignment program

    1.3 Assess CIO competencies

    1.4 Assess business stakeholder relationships

    Outputs

    CIO Business Vision results

    CXO-CIO Alignment Program results

    CIO competency gaps

    Executive Stakeholder Power Map

    2 Take Control of Your Personal Development

    The Purpose

    Create a personal development plan and stakeholder management strategy.

    Track your personal development and establish checkpoints to revise initiatives.

    Key Benefits Achieved

    Identified personal development and stakeholder engagement initiatives to bridge high priority competency gaps.

    Identified key performance indicators and benchmarks/targets to track competency development.

    Activities

    2.1 Create a personal development plan

    2.2 Create a stakeholder management strategy

    2.3 Establish key performance indicators and benchmarks/targets

    Outputs

    Personal Development Plan

    Stakeholder Management Strategy

    Strategic CIO Competency Scorecard

    Develop an Availability and Capacity Management Plan

    • Buy Link or Shortcode: {j2store}500|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $2,840 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Availability & Capacity Management
    • Parent Category Link: /availability-and-capacity-management
    • It is crucial for capacity managers to provide capacity in advance of need to maximize availability.
    • In an effort to ensure maximum uptime, organizations are overprovisioning (an average of 59% for compute, and 48% for storage). With budget pressure mounting (especially on the capital side), the cost of this approach can’t be ignored.
    • Half of organizations have experienced capacity-related downtime, and almost 60% wait more than three months for additional capacity.

    Our Advice

    Critical Insight

    • All too often capacity management is left as an afterthought. The best capacity managers bake capacity management into their organization’s business processes, becoming drivers of value.
    • Communication is key. Build bridges between your organization’s silos, and involve business stakeholders in a dialog about capacity requirements.

    Impact and Result

    • Map business metrics to infrastructure component usage, and use your organization’s own data to forecast demand.
    • Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.
    • Establish infrastructure as a driver of business value, not a “black hole” cost center.

    Develop an Availability and Capacity Management Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a capacity management plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop an Availability and Capacity Management Plan – Phases 1-4

    1. Conduct a business impact analysis

    Determine the most critical business services to ensure availability.

    • Develop an Availability and Capacity Management Plan – Phase 1: Conduct a Business Impact Analysis
    • Business Impact Analysis Tool

    2. Establish visibility into core systems

    Craft a monitoring strategy to gather usage data.

    • Develop an Availability and Capacity Management Plan – Phase 2: Establish Visibility into Core Systems
    • Capacity Snapshot Tool

    3. Solicit and incorporate business needs

    Integrate business stakeholders into the capacity management process.

    • Develop an Availability and Capacity Management Plan – Phase 3: Solicit and Incorporate Business Needs
    • Capacity Plan Template

    4. Identify and mitigate risks

    Identify and mitigate risks to your capacity and availability.

    • Develop an Availability and Capacity Management Plan – Phase 4: Identify and Mitigate Risks

    [infographic]

    Workshop: Develop an Availability and Capacity Management Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Conduct a Business Impact Analysis

    The Purpose

    Determine the most important IT services for the business.

    Key Benefits Achieved

    Understand which services to prioritize for ensuring availability.

    Activities

    1.1 Create a scale to measure different levels of impact.

    1.2 Evaluate each service by its potential impact.

    1.3 Assign a criticality rating based on the costs of downtime.

    Outputs

    RTOs/RPOs

    List of gold systems

    Criticality matrix

    2 Establish Visibility Into Core Systems

    The Purpose

    Monitor and measure usage metrics of key systems.

    Key Benefits Achieved

    Capture and correlate data on business activity with infrastructure capacity usage.

    Activities

    2.1 Define your monitoring strategy.

    2.2 Implement your monitoring tool/aggregator.

    Outputs

    RACI chart

    Capacity/availability monitoring strategy

    3 Develop a Plan to Project Future Needs

    The Purpose

    Determine how to project future capacity usage needs for your organization.

    Key Benefits Achieved

    Data-based, systematic projection of future capacity usage needs.

    Activities

    3.1 Analyze historical usage trends.

    3.2 Interface with the business to determine needs.

    3.3 Develop a plan to combine these two sources of truth.

    Outputs

    Plan for soliciting future needs

    Future needs

    4 Identify and Mitigate Risks

    The Purpose

    Identify potential risks to capacity and availability.

    Develop strategies to ameliorate potential risks.

    Key Benefits Achieved

    Proactive approach to capacity that addresses potential risks before they impact availability.

    Activities

    4.1 Identify capacity and availability risks.

    4.2 Determine strategies to address risks.

    4.3 Populate and review completed capacity plan.

    Outputs

    List of risks

    List of strategies to address risks

    Completed capacity plan

    Further reading

    Develop an Availability and Capacity Management Plan

    Manage capacity to increase uptime and reduce costs.

    ANALYST PERSPECTIVE

    The cloud changes the capacity manager’s job, but it doesn’t eliminate it.

    "Nobody doubts the cloud’s transformative power. But will its ascent render “capacity manager” an archaic term to be carved into the walls of datacenters everywhere for future archaeologists to puzzle over? No. While it is true that the cloud has fundamentally changed how capacity managers do their jobs , the process is more important than ever. Managing capacity – and, by extent, availability – means minimizing costs while maximizing uptime. The cloud era is the era of unlimited capacity – and of infinite potential costs. If you put the infinity symbol on a purchase order… well, it’s probably not a good idea. Manage demand. Manage your capacity. Manage your availability. And, most importantly, keep your stakeholders happy. You won’t regret it."

    Jeremy Roberts,

    Consulting Analyst, Infrastructure Practice

    Info-Tech Research Group

    Availability and capacity management transcend IT

    This Research Is Designed For:

    ✓ CIOs who want to increase uptime and reduce costs

    ✓ Infrastructure managers who want to deliver increased value to the business

    ✓ Enterprise architects who want to ensure stability of core IT services

    ✓ Dedicated capacity managers

    This Research Will Help You:

    ✓ Develop a list of core services

    ✓ Establish visibility into your system

    ✓ Solicit business needs

    ✓ Project future demand

    ✓ Set SLAs

    ✓ Increase uptime

    ✓ Optimize spend

    This Research Will Also Assist:

    ✓ Project managers

    ✓ Service desk staff

    This Research Will Help Them:

    ✓ Plan IT projects

    ✓ Better manage availability incidents caused by lack of capacity

    Executive summary

    Situation

    • IT infrastructure leaders are responsible for ensuring that the business has access to the technology needed to keep the organization humming along. This requires managing capacity and availability.
    • Dependencies go undocumented. Services are provided on an ad hoc basis, and capacity/availability are managed reactively.

    Complication

    • Organizations are overprovisioning an average of 59% for compute, and 48% for storage. This is expensive. With budget pressure mounting, the cost of this approach can’t be ignored.
    • Lead time to respond to demand is long. Half of organizations have experienced capacity-related downtime, and almost 60% wait 3+ months for additional capacity. (451 Research, 3)

    Resolution

    • Conduct a business impact analysis to determine which of your services are most critical, and require active capacity management that will reap more in benefits than it produces in costs.
    • Establish visibility into your system. You can’t track what you can’t see, and you can’t see when you don’t have proper monitoring tools in place.
    • Develop an understanding of business needs. Use a combination of historical trend analyses and consultation with line of business and project managers to separate wants from needs. Overprovisioning used to be necessary, but is no longer required.
    • Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.

    Info-Tech Insight

    1. Components are critical. The business doesn’t care about components. You, however, are not so lucky…
    2. Ask what the business is working on, not what they need. If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs.
    3. Cloud shmoud. The role of the capacity manager is changing with the cloud, but capacity management is as important as ever.

    Save money and drive efficiency with an effective availability and capacity management plan

    Overprovisioning happens because of the old style of infrastructure provisioning (hardware refresh cycles) and because capacity managers don’t know how much they need (either as a result of inaccurate or nonexistent information).

    According to 451 Research, 59% of enterprises have had to wait 3+ months for new capacity. It is little wonder, then, that so many opt to overprovision. Capacity management is about ensuring that IT services are available, and with lead times like that, overprovisioning can be more attractive than the alternative. Fortunately there is hope. An effective availability and capacity management plan can help you:

    • Identify your gold systems
    • Establish visibility into them
    • Project your future capacity needs

    Balancing overprovisioning and spending is the capacity manager’s struggle.

    Availability and capacity management go together like boots and feet

    Availability and capacity are not the same, but they are related and can be effectively managed together as part of a single process.

    If an IT department is unable to meet demand due to insufficient capacity, users will experience downtime or a degradation in service. To be clear, capacity is not the only factor in availability – reliability, serviceability, etc. are significant as well. But no organization can effectively manage availability without paying sufficient attention to capacity.

    "Availability Management is concerned with the design, implementation, measurement and management of IT services to ensure that the stated business requirements for availability are consistently met."

    – OGC, Best Practice for Service Delivery, 12

    "Capacity management aims to balance supply and demand [of IT storage and computing services] cost-effectively…"

    – OGC, Business Perspective, 90

    Integrate the three levels of capacity management

    Successful capacity management involves a holistic approach that incorporates all three levels.

    Business The highest level of capacity management, business capacity management, involves predicting changes in the business’ needs and developing requirements in order to make it possible for IT to adapt to those needs. Influx of new clients from a failed competitor.
    Service Service capacity management focuses on ensuring that IT services are monitored to determine if they are meeting pre-determined SLAs. The data gathered here can be used for incident and problem management. Increased website traffic.
    Component Component capacity management involves tracking the functionality of specific components (servers, hard drives, etc.), and effectively tracking their utilization and performance, and making predictions about future concerns. Insufficient web server compute.

    The C-suite cares about business capacity as part of the organization’s strategic planning. Service leads care about their assigned services. IT infrastructure is concerned with components, but not for their own sake. Components mean services that are ultimately designed to facilitate business.

    A healthcare organization practiced poor capacity management and suffered availability issues as a result

    CASE STUDY

    Industry: Healthcare

    Source: Interview

    New functionalities require new infrastructure

    There was a project to implement an elastic search feature. This had to correlate all the organization’s member data from an Oracle data source and their own data warehouse, and pool them all into an elastic search index so that it could be used by the provider portal search function. In estimating the amount of space needed, the infrastructure team assumed that all the data would be shared in a single place. They didn’t account for the architecture of elastic search in which indexes are shared across multiple nodes and shards are often split up separately.

    Beware underestimating demand and hardware sourcing lead times

    As a result, they vastly underestimated the amount of space that was needed and ended up short by a terabyte. The infrastructure team frantically sourced more hardware, but the rush hardware order arrived physically damaged and had to be returned to the vendor.

    Sufficient budget won’t ensure success without capacity planning

    The project’s budget had been more than sufficient to pay for the extra necessary capacity, but because a lack of understanding of the infrastructure impact resulted in improper forecasting, the project ended up stuck in a standstill.

    Manage availability and keep your stakeholders happy

    If you run out of capacity, you will inevitably encounter availability issues like downtime and performance degradation . End users do not like downtime, and neither do their managers.

    There are three variables that are monitored, measured, and analyzed as part of availability management more generally (Valentic).

      1. Uptime:

    The availability of a system is the percentage of time the system is “up,” (and not degraded) which can be calculated using the following formula: uptime/(uptime + downtime) x 100%. The more components there are in a system, the lower the availability, as a rule.

      1. Reliability:

    The length of time a component/service can go before there is an outage that brings it down, typically measured in hours.

      1. Maintainability:

    The amount of time it takes for a component/service to be restored in the event of an outage, also typically measured in hours.

    Enter the cloud: changes in the capacity manager role

    There can be no doubt – the rise of the public cloud has fundamentally changed the nature of capacity management.

    Features of the public cloudImplications for capacity management
    Instant, or near-instant, instantiation Lead times drop; capacity management is less about ensuring equipment arrives on time.
    Pay-as-you go services Capacity no longer needs to be purchased in bulk. Pay only for what you use and shut down instances that are no longer necessary.
    Essentially unlimited scalability Potential capacity is infinite, but so are potential costs.
    Offsite hosting Redundancy, but at the price of the increasing importance of your internet connection.

    Vendors will sell you the cloud as a solution to your capacity/availability problems

    The image contains two graphs. The first graph on the left is titled: Reactive Management, and shows the struggling relationship between capacity and demand. The second graph on the right is titled: Cloud future (ideal), which demonstrates a manageable relationship between capacity and demand over time.

    Traditionally, increases in capacity have come in bursts as a reaction to availability issues. This model inevitably results in overprovisioning, driving up costs. Access to the cloud changes the equation. On-demand capacity means that, ideally, nobody should pay for unused capacity.

    Reality check: even in the cloud era, capacity management is necessary

    You will likely find vendors to nurture the growth of a gap between your expectations and reality. That can be damaging.

    The cloud reality does not look like the cloud ideal. Even with the ostensibly elastic cloud, vendors like the consistency that longer-term contracts offer. Enter reserved instances: in exchange for lower hourly rates, vendors offer the option to pay a fee for a reserved instance. Usage beyond the reserved will be billed at a higher hourly rate. In order to determine where that line should be drawn, you should engage in detailed capacity planning. Unfortunately, even when done right, this process will result in some overprovisioning, though it does provide convenience from an accounting perspective. The key is to use spot instances where demand is exceptional and bounded. Example: A university registration server that experiences exceptional demand at the start of term but at no other time.

    The image contains an example of cloud reality not matching with the cloud ideal in the form of a graph. The graph is split horizontally, the top half is red, and there is a dotted line splitting it from the lower half. The line is labelled: Reserved instance ceiling. In the bottom half, it is the colour green and has a curving line.

    Use best practices to optimize your cloud resources

    The image contains two graphs. The graph on the left is labelled: Ineffective reserve capacity. At the top of the graph is a dotted line labelled: Reserved Instance ceiling. The graph is measuring capacity requirements over time. There is a curved line on the graph that suddenly spikes and comes back down. The spike is labelled unused capacity. The graph on the right is labelled: Effective reserve capacity. The reserved instance ceiling is about halfway down this graph, and it is comparing capacity requirements over time. This graph has a curved line on it, also has a spike and is labelled: spot instance.

    Even in the era of elasticity, capacity planning is crucial. Spot instances – the spikes in the graph above – are more expensive, but if your capacity needs vary substantially, reserving instances for all of the space you need can cost even more money. Efficiently planning capacity will help you draw this line.

    Evaluate business impact; not all systems are created equal

    Limited resources are a reality. Detailed visibility into every single system is often not feasible and could be too much information.

    Simple and effective. Sometimes a simple display can convey all of the information necessary to manage critical systems. In cars it is important to know your speed, how much fuel is in the tank, and whether or not you need to change your oil/check your engine.

    Where to begin?! Specialized information is sometimes necessary, but it can be difficult to navigate.

    Take advantage of a business impact analysis to define and understand your critical services

    Ideally, downtime would be minimal. In reality, though, downtime is a part of IT life. It is important to have realistic expectations about its nature and likelihood.

    STEP 1

    STEP 2

    STEP 3

    STEP 4

    STEP 5

    Record applications and dependencies

    Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster.

    Define impact scoring scale

    Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications.

    Estimate impact of downtime

    Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application.

    Identify desired RTO and RPO

    Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss.

    Determine current RTO/RPO

    Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step.

    Info-Tech Insight

    According to end users, every system is critical and downtime is intolerable. Of course, once they see how much totally eliminating downtime can cost, they might change their tune. It is important to have this discussion to separate the critical from the less critical – but still important – services.

    Establish visibility into critical systems

    You may have seen “If you can’t measure it, you can’t manage it” or a variation thereof floating around the internet. This adage is consumable and makes sense…doesn’t it?

    "It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth."

    – W. Edwards Deming, statistician and management consultant, author of The New Economics

    While it is true that total monitoring is not absolutely necessary for management, when it comes to availability and capacity – objectively quantifiable service characteristics – a monitoring strategy is unavoidable. Capturing fluctuations in demand, and adjusting for those fluctuations, is among the most important functions of a capacity manager, even if hovering over employees with a stopwatch is poor management.

    Solicit needs from line of business managers

    Unless you head the world’s most involved IT department (kudos if you do) you’re going to have to determine your needs from the business.

    Do

    Do not

    ✓ Develop a positive relationship with business leaders responsible for making decisions.

    ✓ Make yourself aware of ongoing and upcoming projects.

    ✓ Develop expertise in organization-specific technology.

    ✓ Make the business aware of your expenses through chargebacks or showbacks.

    ✓ Use your understanding of business projects to predict business needs; do not rely on business leaders’ technical requests alone.

    X Be reactive.

    X Accept capacity/availability demands uncritically.

    X Ask line of business managers for specific computing requirements unless they have the technical expertise to make informed judgments.

    X Treat IT as an opaque entity where requests go in and services come out (this can lead to irresponsible requests).

    Demand: manage or be managed

    You might think you can get away with uncritically accepting your users’ demands, but this is not best practice. If you provide it, they will use it.

    The company meeting

    “I don’t need this much RAM,” the application developer said, implausibly. Titters wafted above the assembled crowd as her IT colleagues muttered their surprise. Heads shook, eyes widened. In fact, as she sat pondering her utterance, the developer wasn’t so sure she believed it herself. Noticing her consternation, the infrastructure manager cut in and offered the RAM anyway, forestalling the inevitable crisis that occurs when seismic internal shifts rock fragile self-conceptions. Until next time, he thought.

    "Work expands as to fill the resources available for its completion…"

    – C. Northcote Parkinson, quoted in Klimek et al.

    Combine historical data with the needs you’ve solicited to holistically project your future needs

    Predicting the future is difficult, but when it comes to capacity management, foresight is necessary.

    Critical inputs

    In order to project your future needs, the following inputs are necessary.

    1. Usage trends: While it is true that past performance is no indication of future demand, trends are still a good way to validate requests from the business.
    2. Line of business requests: An understanding of the projects the business has in the pipes is important for projecting future demand.
    3. Institutional knowledge: Read between the lines. As experts on information technology, the IT department is well-equipped to translate needs into requirements.
    The image contains a graph that is labelled: Projected demand, and graphs demand over time. There is a curved line that passes through a vertical line labelled present. There is a box on top of the graph that contains the text: Note: confidence in demand estimates will very by service and by stakeholder.

    Follow best practice guidelines to maximize the efficiency of your availability and capacity management process

    The image contains Info-Tech's IT Management & Governance Framework. The framework displays many of Info-Tech's research to help optimize and improve core IT processes. The name of this blueprint is under the Infrastructure & Operations section, and has been circled to point out where it is in the framework.

    Understand how the key frameworks relate and interact

    The image contains a picture of the COBIT 5 logo.

    BA104: Manage availability and capacity

    • Current state assessment
    • Forecasting based on business requirements
    • Risk assessment of planning and implementation of requirements
    The image contains a picture of the ITIL logo

    Availability management

    • Determine business requirements
    • Match requirements to capabilities
    • Address any mismatch between requirements and capabilities in a cost-effective manner

    Capacity management

    • Monitoring services and components
    • Tuning for efficiency
    • Forecasting future requirements
    • Influencing demand
    • Producing a capacity plan
    The image contains a picture of Info-Tech Research Group logo.

    Availability and capacity management

    • Conduct a business impact analysis
    • Establish visibility into critical systems
    • Solicit and incorporate business needs
    • Identify and mitigate risks

    Disaster recovery and business continuity planning are forms of availability management

    The scope of this project is managing day-to-day availability, largely but not exclusively, in the context of capacity. For additional important information on availability, see the following Info-Tech projects.

      • Develop a Business Continuity Plan

    If your focus is on ensuring process continuity in the event of a disaster.

      • Establish a Program to Enable Effective Performance Monitoring

    If your focus is on flow mapping and transaction monitoring as part of a plan to engage APM vendors.

      • Create a Right-Sized Disaster Recovery Plan

    If your focus is on hardening your IT systems against major events.

    Info-Tech’s approach to availability and capacity management is stakeholder-centered and cloud ready

    Phase 1:

    Conduct a business impact analysis

    Phase 2:

    Establish visibility into core systems

    Phase 3:

    Solicit and incorporate business needs

    Phase 4:

    Identify and mitigate risks

    1.1 Conduct a business impact analysis

    1.2 Assign criticality ratings to services

    2.1 Define your monitoring strategy

    2.2 Implement monitoring tool/aggregator

    3.1 Solicit business needs

    3.2 Analyze data and project future needs

    4.1 Identify and mitigate risks

    Deliverables

    • Business impact analysis
    • Gold systems
    • Monitoring strategy
    • List of stakeholders
    • Business needs
    • Projected capacity needs
    • Risks and mitigations
    • Capacity management summary cards

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Availability & capacity management – project overview

     

    Conduct a business impact analysis

    Establish visibility into core systems

    Solicit and incorporate business needs

    Identify and
    mitigate risks

    Best-Practice Toolkit

    1.1 Create a scale to measure different levels of impact

    1.2 Assign criticality ratings to services

    2.1 Define your monitoring strategy

    2.2 Implement your monitoring tool/aggregator

    3.1 Solicit business needs and gather data

    3.2 Analyze data and project future needs

    4.1 Identify and mitigate risks

    Guided Implementations

    Call 1: Conduct a business impact analysis Call 1: Discuss your monitoring strategy

    Call 1: Develop a plan to gather historical data; set up plan to solicit business needs

    Call 2: Evaluate data sources

    Call 1: Discuss possible risks and strategies for risk mitigation

    Call 2: Review your capacity management plan

    Onsite Workshop

    Module 1:

    Conduct a business impact analysis

    Module 2:

    Establish visibility into core systems

    Module 3:

    Develop a plan to project future needs

    Module 4:

    Identify and mitigate risks

     

    Phase 1 Results:

    • RTOs/RPOs
    • List of gold systems
    • Criticality matrix

    Phase 2 Results:

    • Capacity/availability monitoring strategy

    Phase 3 Results:

    • Plan for soliciting future needs
    • Future needs

    Phase 4 Results:

    • Strategies for reducing risks
    • Capacity management plan

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

     

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

     

    Conduct a business
    impact analysis

    Establish visibility into
    core systems

    Solicit and incorporate business needs

    Identify and mitigate risks

    Activities

    1.1 Conduct a business impact analysis

    1.2 Create a list of critical dependencies

    1.3 Identify critical sub-components

    1.4 Develop best practices to negotiate SLAs

    2.1 Determine indicators for sub-components

    2.2 Establish visibility into components

    2.3 Develop strategies to ameliorate visibility issues

    3.1 Gather relevant business-level data

    3.2 Gather relevant service-level data

    3.3 Analyze historical trends

    3.4 Build a list of business stakeholders

    3.5 Directly solicit requirements from the business

    3.6 Map business needs to technical requirements

    3.7 Identify inefficiencies and compare historical data

    • 4.1 Brainstorm potential causes of availability and capacity risk
    • 4.2 Identify and mitigate capacity risks
    • 4.3 Identify and mitigate availability risks

    Deliverables

    1. Business impact analysis
    2. List of gold systems
    3. SLA best practices
    1. Sub-component metrics
    2. Strategy to establish visibility into critical sub-components
    1. List of stakeholders
    2. Business requirements
    3. Technical requirements
    4. Inefficiencies
    1. Strategies for mitigating risks
    2. Completed capacity management plan template

    PHASE 1

    Conduct a Business Impact Analysis

    Step 1.1: Conduct a business impact analysis

    This step will walk you through the following activities:

    • Record applications and dependencies in the Business Impact Analysis Tool.
    • Define a scale to estimate the impact of various applications’ downtime.
    • Estimate the impact of applications’ downtime.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • Estimated impact of downtime for various applications

    Execute a business impact analysis (BIA) as part of a broader availability plan

    1.1a Business Impact Analysis Tool

    Business impact analyses are an invaluable part of a broader IT strategy. Conducting a BIA benefits a variety of processes, including disaster recovery, business continuity, and availability and capacity management

    STEP 1

    STEP 2

    STEP 3

    STEP 4

    STEP 5

    Record applications and dependencies

    Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster.

    Define impact scoring scale

    Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications.

    Estimate impact of downtime

    Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application.

    Identify desired RTO and RPO

    Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss.

    Determine current RTO/RPO

    Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step.

    Info-Tech Insight

    Engaging in detailed capacity planning for an insignificant service draws time and resources away from more critical capacity planning exercises. Time spent tracking and planning use of the ancient fax machine in the basement is time you’ll never get back.

    Control the scope of your availability and capacity management planning project with a business impact analysis

    Don’t avoid conducting a BIA because of a perception that it’s too onerous or not necessary. If properly managed, as described in this blueprint, the BIA does not need to be onerous and the benefits are tangible.

    A BIA enables you to identify appropriate spend levels, continue to drive executive support, and prioritize disaster recovery planning for a more successful outcome. For example, an Info-Tech survey found that a BIA has a significant impact on setting appropriate recovery time objectives (RTOs) and appropriate spending.

    The image contains a graph that is labelled: BIA Impact on Appropriate RTOS. With no BIA, there is 59% RTOs are appropriate. With BIA, there is 93% RTOS being appropriate. The image contains a graph that is labelled: BIA Impact on Appropriate Spending. No BIA has 59% indication that BCP is cost effective. With a BIA there is 86% indication that BCP is cost effective.

    Terms

    No BIA: lack of a BIA, or a BIA bases solely on the perceived importance of IT services.

    BIA: based on a detailed evaluation or estimated dollar impact of downtime.

    Source: Info-Tech Research Group; N=70

    Select the services you wish to evaluate with the Business Impact Analysis Tool

    1.1b 1 hour

    In large organizations especially, collating an exhaustive list of applications and services is going to be onerous. For the purposes of this project, a subset should suffice.

    Instructions

    1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
    2. Solicit feedback from the group. Questions to ask:
    • What services do you regularly use? What do you see others using? (End users)
    • Which service inspires the greatest number of service calls? (IT)
    • What services are you most excited about? (Management)
    • What services are the most critical for business operations? (Everybody)
  • Record these applications in the Business Impact Analysis Tool.
  • Input

    • Applications/services

    Output

    • Candidate applications for the business impact analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect
    • Application owners
    • End users

    Info-Tech Insight

    Include a variety of services in your analysis. While it might be tempting to jump ahead and preselect important applications, don’t. The process is inherently valuable, and besides, it might surprise you.

    Record the applications and dependencies in the BIA tool

    1.1c Use tab 1 of the Business Impact Analysis Tool

    1. In the Application/System column, list the applications identified for this pilot as well as the Core Infrastructure category. Also indicate the Impact on the Business and Business Owner.
    2. List the dependencies for each application in the appropriate columns:
    • Hosted On-Premises (In-House) – If the physical equipment is in a facility you own, record it here, even if it is managed by a vendor.
    • Hosted by a Co-Lo/MSP – List any dependencies hosted by a co-lo/MSP vendor.
    • Cloud (includes "as a Service”) – List any dependencies hosted by a cloud vendor.

    Note: If there are no dependencies for a particular category, leave it blank.

  • If you wish to highlight specific dependencies, put an asterisk in front of them (e.g. *SAN). This will cause the dependency to be highlighted in the remaining tabs in this tool.
  • Add comments as needed in the Notes columns. For example, for equipment that you host in-house but is remotely managed by an MSP, specify this in the notes. Similarly, note any DR support services.
  • Example

    The image contains a screenshot of Info-Tech's Business Impact Analysis Tool specifically tab 1.

    ID is optional. It is a sequential number by default.

    In-House, Co-Lo/MSP, and Cloud dependencies; leave blank if not applicable.

    Add notes as applicable – e.g. critical support services.

    Define a scoring scale to estimate different levels of impact

    1.1d Use tab 2 of the Business Impact Analysis Tool

    Modify the Business Impact Scales headings and Overall Criticality Rating terminology to suit your organization. For example, if you don’t have business partners, use that column to measure a different goodwill impact or just ignore that column in this tool (i.e. leave it blank). Estimate the different levels of potential impact (where four is the highest impact and zero is no impact) and record these in the Business Impact Scales columns.

    The image contains a screenshot of Info-Tech's Business Impact Analysis Tool, specifically tab 2.

    Estimate the impact of downtime for each application

    1.1e Use tab 3 of the Business Impact Analysis Tool

    In the BIA tab columns for Direct Costs of Downtime, Impact on Goodwill, and Additional Criticality Factors, use the drop-down menu to assign a score of zero to four based on levels of impact defined in the Scoring Criteria tab. For example, if an organization’s ERP is down, and that affects call center sales operations (e.g. ability to access customer records and process orders), the impact might be as described below:

      • Loss of Revenue might score a two or three depending on the proportion of overall sales lost due to the downtime.
      • The Impact on Customers might be a one or two depending on the extent that existing customers might be using the call center to purchase new products or services, and are frustrated by the inability to process orders.
      • The Legal/Regulatory Compliance and Health or Safety Risk might be a zero.

    On the other hand, if payroll processing is down, this may not impact revenue, but it certainly impacts internal goodwill and productivity.

    Rank service criticality: gold, silver, and bronze

    Gold

    Mission critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.

    Silver

    Important to daily operations, but not mission critical. Example: email services at any large organization.

    Bronze

    Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.

    Info-Tech Best Practice

    Info-Tech recommends gold, silver, and bronze because of this typology’s near universal recognition. If you would prefer a particular designation (it might help with internal comprehension), don’t hesitate to use that one instead.

    Use the results of the business impact analysis to sort systems based on their criticality

    1.1f 1 hour

    Every organization has its own rules about how to categorize service importance. For some (consumer-facing businesses, perhaps) reputational damage may trump immediate costs.

    Instructions

    1. Gather a group of key stakeholders and project the completed Business Impact Analysis Tool onto a screen for them.
    2. Share the definitions of gold, silver, and bronze services with them (if they are not familiar), and begin sorting the services by category,
    • How long would it take to notice if a particular service went out?
    • How important are the non-quantifiable damages that could come with an outage?
  • Sort the services into gold, silver, and bronze on a whiteboard, with sticky notes, or with chart paper.
  • Verify your findings and record them in section 2.1 of the Capacity Plan Template.
  • Input

    • Results of the business impact analysis exercise

    Output

    • List of gold, silver, and bronze systems

    Materials

    • Projector
    • Business Impact Analysis Tool
    • Capacity Plan Template

    Participants

    • Infrastructure manager
    • Enterprise architect

    Leverage the rest of the BIA tool as part of your disaster recovery planning

    Disaster recovery planning is a critical activity, and while it is a sort of availability management, it is beyond this project’s scope. You can complete the business impact analysis (including RTOs and RPOs) for the complete disaster recovery package.

    See Info-Tech’s Create a Right-Sized Disaster Recovery Plan blueprint for instructions on how to complete your business impact analysis.

    Step 1.2: Assign criticality ratings to services

    This step will walk you through the following activities:

    • Create a list of dependencies for your most important applications.
    • Identify important sub-components.
    • Use best practices to develop and negotiate SLAs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • List of dependencies of most important applications
    • List of important sub-components
    • SLAs based on best practices

    Determine the base unit of the capacity you’re looking to purchase

    Not every IT organization should approach capacity the same way. Needs scale, and larger organizations will inevitably deal in larger quantities.

    Large cloud provider

    Local traditional business

    • Thousands of servers housed in a number of datacenters around the world.
    • Dedicated capacity manager.
    • Purchases components from OEMs in bulk as part of bespoke contracts that are worth many millions of dollars over time.
    • May deal with components at a massive scale (dozens of servers at once, for example).
    • A small server room that runs non-specialized services (email, for example).
    • Barely even a dedicated IT person, let alone an IT capacity manager.
    • Purchases new components from resellers or even retail stores.
    • Deals with components at a small scale (a single switch here, a server upgrade there).

    "Cloud capacity management is not exactly the same as the ITIL version because ITIL has a focus on the component level. I actually don’t do that, because if I did I’d go crazy. There’s too many components in a cloud environment."

    – Richie Mendoza, IT Consultant, SMITS Inc.

    Consider the relationship between component capacity and service capacity

    End users’ thoughts about IT are based on what they see. They are, in other words, concerned with service availability: does the organization have the ability to provide access to needed services?

    Service

    • Email
    • CRM
    • ERP

    Component

    • Switch
    • SMTP server
    • Archive database
    • Storage

    "You don’t ask the CEO or the guy in charge ‘What kind of response time is your requirement?’ He doesn’t really care. He just wants to make sure that all his customers are happy."

    – Todd Evans, Capacity and Performance Management SME, IBM.

    One telco solved its availability issues by addressing component capacity issues

    CASE STUDY

    Industry: Telecommunications

    Source: Interview

    Coffee and Wi-Fi – a match made in heaven

    In tens of thousands of coffee shops around the world, patrons make ample use of complimentary Wi-Fi. Wi-Fi is an important part of customers’ coffee shop experience, whether they’re online to check their email, do a YouTube, or update their Googles. So when one telco that provided Wi-Fi access for thousands of coffee shops started encountering availability issues, the situation was serious.

    Wi-Fi, whack-a-mole, and web woes

    The team responsible for resolving the issue took an ad hoc approach to resolving complaints, fixing issues as they came up instead of taking a systematic approach.

    Resolution

    Looking at the network as a whole, the capacity manager took a proactive approach by using data to identify and rank the worst service areas, and then directing the team responsible to fix those areas in order of the worst first, then the next worst, and so on. Soon the availability of Wi-Fi service was restored across the network.

    Create a list of dependencies for your most important applications

    1.2a 1.5 hours

    Instructions

    1. Work your way down the list of services outlined in step 1, starting with your gold systems. During the first iteration of this exercise select only 3-5 of your most important systems.
    2. Write the name of each application on a sticky note or at the top of a whiteboard (leaving ample space below for dependency mapping).
    3. In the first tier below the application, include the specific services that the general service provides.
    • This will vary based on the service in question, but an example for email is sending, retrieving, retrieving online, etc.
  • For each of the categories identified in step 3, identify the infrastructure components that are relevant to that system. Be broad and sweeping; if the component is involved in the service, include it here. The goal is to be exhaustive.
  • Leave the final version of the map intact. Photographing or making a digital copy for posterity. It will be useful in later activities.
  • Input

    • List of important applications

    Output

    • List of critical dependencies

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Infrastructure manager
    • Enterprise architect

    Info-Tech Insight

    Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

    Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

    The image contains a sample dependency map on ride sharing. Ride Sharing has been split between two categories: Application and Drivers. Under drivers it branches out to: Availability, Car, and Pay. Under Application, it branches out to: Compute, Network, Edge devices, Q/A maintenance, and Storage. Compute branches out to Cloud Services. Network branches out to Cellular network and Local. Edge Devices branch out to Drivers and Users. Q/A maintenance does not have a following branch. Storage branches out to Storage (Enterprise) and Storage (local).

    Ride sharing cannot work, at least not at maximum effectiveness, without these constituent components. When one or more of these components are absent or degraded, the service will become unavailable. This example illustrates some challenges of capacity management; some of these components are necessary, but beyond the ride-sharing company’s control.

    Leverage a sample dependency tree for a common service

    The image contains a sample dependency tree for the Email service. Email branches out to: Filtering, Archiving, Retrieval, and Send/receive. Filtering branches out to security appliance which then branches out to CPU, Storage, and Network. Archiving branches to Archive server, which branches out to CPU, Storage, and Network. Retrieval branches out to IMAP/PoP which branches out to CPU, Storage, and Network. Send/receive branches out to IMAP/PoP and SMTP. SMTP branches out to CPU, Storage and Network.

    Info-Tech Best Practice

    Email is an example here not because it is necessarily a “gold system,” but because it is common across industries. This is a useful exercise for any service, but it can be quite onerous, so it should be conducted on the most important systems first.

    Separate the wheat from the chaff; identify important sub-components and separate them from unimportant ones

    1.2b 1.5 hours

    Use the bottom layer of the pyramid drawn in step 1.2a for a list of important sub-components.

    Instructions

    1. Record a list of the gold services identified in the previous activity. Leave space next to each service for sub-components.
    2. Go through each relevant sub-component. Highlight those that are critical and could reasonably be expected to cause problems.
    • Has this sub-component caused a problem in the past?
    • Is this sub-component a bottleneck?
    • What could cause this component to fail? Is it such an occurrence feasible?
  • Record the results of the exercise (and the service each sub-component is tied to) in tab 2 (columns B &C) of the Capacity Snapshot Tool.
  • Input

    • List of important applications

    Output

    • List of critical dependencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect

    Understand availability commitments with SLAs

    With the rise of SaaS, cloud computing, and managed services, critical services and their components are increasingly external to IT.

    • IT’s lack of access to the internal working of services does not let them off the hook for performance issues (as much as that might be the dream).
    • Vendor management is availability management. Use the dependency map drawn earlier in this phase to highlight the components of critical services that rely on capacity that cannot be managed internally.
    • For each of these services ensure that an appropriate SLA is in place. When acquiring new services, ensure that the vendor SLA meets business requirements.

    The image contains a large blue circle labelled: Availability. Also in the blue circle is a small red circle labelled: Capacity.

    In terms of service provision, capacity management is a form of availability management. Not all availability issues are capacity issues, but the inverse is true.

    Info-Tech Insight

    Capacity issues will always cause availability issues, but availability issues are not inherently capacity issues. Availability problems can stem from outages unrelated to capacity (e.g. power or vendor outages).

    Use best practices to develop and negotiate SLAs

    1.2c 20 minutes per service

    When signing contracts with vendors, you will be presented with an SLA. Ensure that it meets your requirements.

    1. Use the business impact analysis conducted in this project’s first step to determine your requirements. How much downtime can you tolerate for your critical services?
    2. Once you have been presented with an SLA, be sure to scour it for tricks. Remember, just because a vendor offers “five nines” of availability doesn’t mean that you’ll actually get that much uptime. It could be that the vendor is comfortable eating the cost of downtime or that the contract includes provisions for planned maintenance. Whether or not the vendor anticipated your outage does little to mitigate the damage an outage can cause to your business, so be careful of these provisions.
    3. Ensure that the person ultimately responsible for the SLA (the approver) understands the limitations of the agreement and the implications for availability.

    Input

    • List of external component dependencies

    Output

    • SLA requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect

    Info-Tech Insight

    Vendors are sometimes willing to eat the cost of violating SLAs if they think it will get them a contract. Be careful with negotiation. Just because the vendor says they can do something doesn’t make it true.

    Negotiate internal SLAs using Info-Tech’s rigorous process

    Talking past each other can drive misalignment between IT and the business, inconveniencing all involved. Quantify your needs through an internal SLA as part of a comprehensive availability management plan.

    See Info-Tech’s Improve IT-Business Alignment Through an Internal SLA blueprint for instructions on why you should develop internal SLAs and the potential benefits they bring.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2

    The image contains a screenshot of activity 1.2 as previously described above.

    Create a list of dependencies for your most important applications

    Using the results of the business impact analysis, the analyst will guide workshop participants through a dependency mapping exercise that will eventually populate the Capacity Plan Template.

    Phase 1 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Conduct a business impact analysis

    Proposed Time to Completion: 1 week

    Step 1.1: Create a scale to measure different levels of impact

    Review your findings with an analyst

    Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate.

    Then complete these activities…

    • Use the results of the business impact analysis to sort systems based on their criticality

    With these tools & templates:

    Business Impact Analysis Tool

    Step 1.2: Assign criticality ratings to services

    Review your findings with an analyst

    Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate.

    Then complete these activities…

    • Create a list of dependencies for your most important applications
    • Identify important sub-components
    • Use best practices to develop and negotiate SLAs

    With these tools & templates:

    Capacity Snapshot Tool

    Phase 1 Results & Insights:

    • Engaging in detailed capacity planning for an insignificant service is a waste of resources. Focus on ensuring availability for your most critical systems.
    • Carefully evaluate vendors’ service offerings. Make sure the SLA works for you, and approach pie-in-the-sky promises with skepticism.

    PHASE 2

    Establish Visibility Into Core Systems

    Step 2.1: Define your monitoring strategy

    This step will walk you through the following activities:

    • Determine the indicators you should be tracking for each sub-component.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • List of indicators to track for each sub-component

    Data has its significance—but also its limitations

    The rise of big data can be a boon for capacity managers, but be warned: not all data is created equal. Bad data can lead to bad decisions – and unemployed capacity managers.

    Your findings are only as good as your data. Remember: garbage in, garbage out. There are three characteristics of good data:*

    1. Accuracy: is the data exact and correct? More detail and confidence is better.
    2. Reliability: is the data consistent? In other words, if you run the same test twice will you get the same results?
    3. Validity: is the information gleaned believable and relevant?

    *National College of Teaching & Leadership, “Reliability and Validity”

    "Data is king. Good data is absolutely essential to [the capacity manager] role."

    – Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

    Info-Tech Best Practice

    Every organization’s data needs are different; your data needs are going to be dictated by your services, delivery model, and business requirements. Make sure you don’t confuse volume with quality, even if others in your organization make that mistake.

    Take advantage of technology to establish visibility into your systems

    Managing your availability and capacity involves important decisions about what to monitor and how thresholds should be set.

    • Use the list of critical applications developed through the business impact analysis and the list of components identified in the dependency mapping exercise to produce a plan for effectively monitoring component availability and capacity.
    • The nature of IT service provision – the multitude of vendors providing hardware and services necessary for even simple IT services to work effectively – means that it is unlikely that capacity management will be visible through a single pane of glass. In other words, “email” and “CRM” don’t have a defined capacity. It always depends.
    • Establishing visibility into systems involves identifying what needs to be tracked for each component.

    Too much monitoring can be as bad as the inverse

    In 2013, a security breach at US retailer Target compromised more than 70 million customers’ data. The company received an alert, but it was thought to be a false positive because the monitoring system produced so many false and redundant alerts. As a result of the daily deluge, staff did not respond to the breach in time.

    Info-Tech Insight

    Don’t confuse monitoring with management. While establishing visibility is a crucial step, it is only part of the battle. Move on to this project’s next phase to explore opportunities to improve your capacity/availability management process.

    Determine the indicators you should be tracking for each sub-component

    2.1a Tab 3 of the Capacity Snapshot Tool

    It is nearly impossible to overstate the importance of data to the process of availability and capacity management. But the wrong data will do you no good.

    Instructions

    1. Open the Capacity Snapshot Tool to tab 2. The tool should have been populated in step 1.2 as part of the component mapping exercise.
    2. For each service, determine which metric(s) would most accurately tell the component’s story. Consider the following questions when completing this activity (you may end up with more than one metric):
    • How would the component’s capacity be measured (storage space, RAM, bandwidth, vCPUs)?
    • Is the metric in question actionable?
  • Record each metric in the Metric column (D) of the Capacity Snapshot Tool. Use the adjacent column for any additional information on metrics.
  • Info-Tech Insight

    Bottlenecks are bad. Use the Capacity Snapshot Tool (or another tool like it) to ensure that when the capacity manager leaves (on vacation, to another role, for good) the knowledge that they have accumulated does not leave as well.

    Understand the limitations of this approach

    Although we’ve striven to make it as easy as possible, this process will inevitably be cumbersome for organizations with a complicated set of software, hardware, and cloud services.

    Tracking every single component in significant detail will produce a lot of noise for each bit of signal. The approach outlined here addresses that concern in two ways:

    • A focus on gold services
    • A focus on sub-components that have a reasonable likelihood of being problematic in the future.

    Despite this effort, however, managing capacity at the component level is a daunting task. Ultimately, tools provided by vendors like SolarWinds and AppDynamics will fill in some of the gaps. Nevertheless, an understanding of the conceptual framework underlying availability and capacity management is valuable.

    Step 2.2: Implement your monitoring tool/aggregator

    This step will walk you through the following activities:

    • Clarify visibility.
    • Determine whether or not you have sufficiently granular visibility.
    • Develop strategies to .any visibility issues.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team
    • Applications personnel

    Outcomes of this step

    • Method for measuring and monitoring critical sub-components

    Companies struggle with performance monitoring because 95% of IT shops don’t have full visibility into their environments

    CASE STUDY

    Industry: Financial Services

    Source: AppDynamics

    Challenge

    • Users are quick to provide feedback when there is downtime or application performance degradation.
    • The challenge for IT teams is that while they can feel the pain, they don’t have visibility into the production environment and thus cannot identify where the pain is coming from.
    • The most common solution that organizations rely on is leveraging the log files for issue diagnosis. However, this method is slow and often unable to pinpoint the problem areas, leading to delays in problem resolution.

    Solution

    • Application and infrastructure teams need to work together to develop infrastructure flow maps and transaction profiles.
    • These diagrams will highlight the path that each transaction travels across your infrastructure.
    • Ideally at this point, teams will also capture latency breakdowns across every tier that the business transaction flows through.
      • This will ultimately kick start the baselining process.

    Results

    • Ninety-five percent of IT departments don’t have full visibility into their production environment. As a result, a slow business transaction will often require a war-room approach where SMEs from across the organization gather to troubleshoot.
    • Having visibility into the production environment through infrastructure flow mapping and transaction profiling will help IT teams pinpoint problems.
      • At the very least, teams will be able to identify common problem areas and expedite the root-cause analysis process.

    Source: “Just how complex can a Login Transaction be? Answer: Very!,” AppDynamics

    Monitor your critical sub-components

    Establishing a monitoring plan for your capacity involves answering two questions: can I see what I need to see, and can I see it with sufficient granularity?

    • Having the right tool for the job is an important step towards effective capacity and availability management.
    • Application performance management tools (APMs) are essential to the process, but they tend to be highly specific and vertically oriented, like using a microscope.
    • Some product families can cover a wider range of capacity monitoring functions (SolarWinds, for example). It is still important, however, to codify your monitoring needs.

    "You don’t use a microscope to monitor an entire ant farm, but you might use many microscopes to monitor specific ants."

    – Fred Chagnon, Research Director, Infrastructure Practice, Info-Tech Research Group

    Monitor your sub-components: clarify visibility

    2.2a Tab 2 of the Capacity Snapshot Tool

    The next step in capacity management is establishing whether or not visibility (in the broad sense) is available into critical sub-components.

    Instructions

    1. Open the Capacity Snapshot Tool and record the list of sub-components identified in the previous step.
    2. For each sub-component answer the following question:
    • Do I have easy access to the information I need to monitor to ensure this component remains available?
  • Select “Yes” or “No” from the drop-down menus as appropriate. In the adjacent column record details about visibility into the component.
    • What tool provides the information? Where can it be found?

    The image contains a screenshot of Info-Tech's Capacity Snapshot Tool, Tab 2.

    Monitor your sub-components; determine whether or not you have sufficient granular visibility

    2.2b Tab 2 of the Capacity Snapshot Tool

    Like ideas and watches, not all types of visibility are created equal. Ensure that you have access to the right information to make capacity decisions.

    Instructions

    1. For each of the sub-components clarify the appropriate level of granularity for the visibility gained to be useful. In the case of storage, for example, is raw usage (in gigabytes) sufficient, or do you need a breakdown of what exactly is taking up the space? The network might be more complicated.
    2. Record the details of this ideation in the adjacent column.
    3. Select “Yes” or “No” from the drop-down menu to track the status of each sub-component.

    The image contains a picture of an iPhone storage screen where it breaks down the storage into the following categories: apps, media, photos, and other.

    For most mobile phone users, this breakdown is sufficient. For some, more granularity might be necessary.

    Info-Tech Insight

    Make note of monitoring tools and strategies. If anything changes, be sure to re-evaluate the visibility status. An outdated spreadsheet can lead to availability issues if management is unaware of looming problems.

    Develop strategies to ameliorate any visibility issues

    2.2c 1 hour

    The Capacity Snapshot Tool color-codes your components by status. Green – visibility and granularity are both sufficient; yellow – visibility exists, though not at sufficient granularity; and red – visibility does not exist at all.

    Instructions

    1. Write each of the yellow and red sub-components on a whiteboard or piece of chart paper.
    2. Brainstorm amelioration strategies for each of the problematic sub-components.
    • Does the current monitoring tool have sufficient functionality?
    • Does it need to be further configured/customized?
    • Do we need a whole new tool?
  • Record these strategies in the Amelioration Strategy column on tab 4 of the tool.
  • Input

    • Sub-components
    • Capacity Snapshot Tool

    Output

    • Amelioration strategies

    Materials

    • Whiteboard
    • Markers
    • Capacity Snapshot Tool

    Participants

    • Infrastructure manager

    Info-Tech Best Practice

    It might be that there is no amelioration strategy. Make note of this difficulty and highlight it as part of the risk section of the Capacity Plan Template.

    See Info-Tech’s projects on storage and network modernization for additional details

    Leverage other products for additional details on how to modernize your network and storage services.

    The process of modernizing the network is fraught with vestigial limitations. Develop a program to gather requirements and plan.

    As part of the blueprint, Modernize Enterprise Storage, the Modernize Enterprise Storage Workbook includes a section on storage capacity planning.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2

    The image contains a screenshot of activity 2.2.

    Develop strategies to ameliorate visibility issues

    The analyst will guide workshop participants in brainstorming potential solutions to visibility issues and record them in the Capacity Snapshot Tool.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Establish visibility into core systems

    Proposed Time to Completion: 3 weeks

    Step 2.1: Define your monitoring strategy

    Review your findings with an analyst

    Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization.

    Then complete these activities…

    • Determine the indicators you should be tracking for each sub-component

    With these tools & templates:

    • Capacity Snapshot Tool

    Step 2.2: Implement your monitoring tool/aggregator

    Review your findings with an analyst

    Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization.

    Then complete these activities…

    • Clarify visibility
    • Determine whether or not you have sufficiently granular visibility
    • Develop strategies to ameliorate any visibility issues

    With these tools & templates:

    • Capacity Snapshot Tool

    Phase 2 Results & Insights:

    • Every organization’s data needs are different. Adapt data gathering, reporting, and analysis according to your services, delivery model, and business requirements.
    • Don’t confuse monitoring with management. Build a system to turn reported data into useful information that feeds into the capacity management process.

    PHASE 3

    Solicit and Incorporate Business Needs

    Step 3.1: Solicit business needs and gather data

    This step will walk you through the following activities:

    • Build relationships with business stakeholders.
    • Analyze usage data and identify trends.
    • Correlate usage trends with business needs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • System for involving business stakeholders in the capacity planning process
    • Correlated data on business level, service level, and infrastructure level capacity usage

    Summarize your capacity planning activities in the Capacity Plan Template

    The availability and capacity management summary card pictured here is a handy way to capture the results of the activities undertaken in the following phases. Note its contents carefully, and be sure to record specific outputs where appropriate. One such card should be completed for each of the gold services identified in the project’s first phase. Make note of the results of the activities in the coming phase, and populate the Capacity Snapshot Tool. These will help you populate the tool.

    The image contains a screenshot of Info-Tech's Capacity Plan Template.

    Info-Tech Best Practice

    The Capacity Plan Template is designed to be a part of a broader mapping strategy. It is not a replacement for a dedicated monitoring tool.

    Analyze historical trends as a crucial source of data

    The first place to look for information about your organization is not industry benchmarks or your gut (though those might both prove useful).

    • Where better to look than internally? Use the data you’ve gathered from your APM tool or other sources to understand your historical capacity needs and to highlight any periods of unavailability.
    • Consider monitoring the status of the capacity of each of your crucial components. The nature of this monitoring will vary based on the component in question. It can range from a rough Excel sheet all the way to a dedicated application performance monitoring tool.

    "In all cases the very first thing to do is to look at trending…The old adage is ‘you don’t steer a boat by its wake,’ however it’s also true that if something is growing at, say, three percent a month and it has been growing at three percent a month for the last twelve months, there’s a fairly good possibility that it’s going to carry on going in that direction."

    – Mike Lynch, Consultant, CapacityIQ

    Gather relevant data at the business level

    3.1a 2 hours per service

    A holistic approach to capacity management involves peering beyond the beaded curtain partitioning IT from the rest of the organization and tracking business metrics.

    Instructions

    1. Your service/application owners know how changes in business activities impact their systems. Business level capacity management involves responding to those changes. Ask service/application owners what changes will impact their capacity. Examples include:
    • Business volume (net new customers, number of transactions)
    • Staff changes (new hires, exits, etc.)
  • For each gold service, brainstorm relevant metrics. How can you capture that change in business volume?
  • Record these metrics in the summary card of the Capacity Plan Template.
  • In the notes section of the summary card record whether or not you have access to the required business metric.
  • Input

    • Brainstorming
    • List of gold services

    Output

    • Business level data

    Materials

    • In-house solution or commercial tool

    Participants

    • Capacity manager
    • Application/service owners

    Gather relevant data at the service level

    3.1b 2 hours per service

    One level of abstraction down is the service level. Service level capacity management, recall that service level capacity management is about ensuring that IT is meeting SLAs in its service provision.

    Instructions

    1. There should be internal SLAs for each service IT offers. (If not, that’s a good place to start. See Info-Tech’s research on the subject.) Prod each of your service owners for information on the metrics that are relevant for their SLAs. Consider the following:
    • Peak hours, requests per second, etc.
    • This will usually include some APM data.
  • Record these metrics in the summary card of the Capacity Plan Template.
  • Include any visibility issues in the notes in a similar section of the Capacity Plan Template.
  • Input

    • Brainstorming
    • List of gold services

    Output

    • Service level data

    Materials

    • In-house solution or commercial tool

    Participants

    • Capacity manager
    • Application/service owners

    Leverage the visibility into your infrastructure components and compare all of your data over time

    You established visibility into your components in the second phase of this project. Use this data, and that gathered at the business and service levels, to begin analyzing your demand over time.

    • Different organizations will approach this issue differently. Those with a complicated service catalog and a dedicated capacity manager might employ a tool like TeamQuest. If your operation is small, or you need to get your availability and capacity management activities underway as quickly as possible, you might consider using a simple spreadsheet software like Excel.
    • If you choose the latter option, select a level of granularity (monthly, weekly, etc.) and produce a line graph in Excel.
    • Example: Employee count (business metric)

    Jan

    Feb

    Mar

    Apr

    May

    June

    July

    74

    80

    79

    83

    84

    100

    102

    The image contains a graph using the example of employee count described above.

    Note: the strength of this approach is that it is easy to visualize. Use the same timescale to facilitate simple comparison.

    Manage, don’t just monitor; mountains of data need to be turned into information

    Information lets you make a decision. Understand the questions you don’t need to ask, and ask the right ones.

    "Often what is really being offered by many analytics solutions is just more data or information – not insights."

    – Brent Dykes, Director of Data Strategy, Domo

    Info-Tech Best Practice

    You can have all the data in the world and absolutely nothing valuable to add. Don’t fall for this trap. Use the activities in this phase to structure your data collection operation and ensure that your organization’s availability and capacity management plan is data driven.

    Analyze historical trends and track your services’ status

    3.1c Tab 3 of the Capacity Snapshot Tool

    At-a-glance – it’s how most executives consume all but the most important information. Create a dashboard that tracks the status of your most important systems.

    Instructions

    1. Consult infrastructure leaders for information about lead times for new capacity for relevant sub-components and include that information in the tool.
    • Look to historical lead times. (How long does it traditionally take to get more storage?)
    • If you’re not sure, contact an in-house expert, or speak to your vendor
  • Use tab 3 of the tool to record whether your existing capacity will be exceeded before you can stand more hardware up (red), you have a plan to ameliorate capacity issues but new capacity is not yet in place (yellow), or if you are not slated to run out of capacity any time soon (green).
  • Repeat the activity regularly. Include notes about spikes that might present capacity challenges, and information about when capacity may run out.
  • This tool collates and presents information gathered from other sources. It is not a substitute for a performance monitoring tool.

    Build a list of key business stakeholders

    3.1d 10 minutes

    Stakeholder analysis is crucial. Lines of authority can be diffuse. Understand who needs to be involved in the capacity management process early on.

    Instructions

    1. With the infrastructure team, brainstorm a group of departments, roles, and people who may impact demand on capacity.
    2. Go through the list with your team and identify stakeholders from two groups:
    • Line of business: who in the business makes use of the service?
    • Application owner: who in IT is responsible for ensuring the service is up?
  • Insert the list into section 3 of the Capacity Plan Template, and update as needed.
  • Input

    • Gold systems
    • Personnel Information

    Output

    • List of key business stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Best Practice

    Consider which departments are most closely aligned with the business processes that fuel demand. Prioritize those that have the greatest impact. Consider the stakeholders who will make purchasing decisions for increasing infrastructure capacity.

    Organize stakeholder meetings

    3.1e 10 hours

    Establishing a relationship with your stakeholders is a necessary step in managing your capacity and availability.

    Instructions

    1. Gather as many of the stakeholders identified in the previous activity as you can and present information on availability and capacity management
    • If you can’t get everyone in the same room, a virtual meeting or even an email blast could get the job done.
  • Explain the importance of capacity and availability management
    • Consider highlighting the trade-offs between cost and availability.
  • Field any questions the stakeholders might have about the process. Be honest. The goal of this meeting is to build trust. This will come in handy when you’re gathering business requirements.
  • Propose a schedule and seek approval from all present. Include the results in section 3 of the Capacity Plan Template.
  • Input

    • List of business stakeholders
    • Hard work

    Output

    • Working relationship, trust
    • Regular meetings

    Materials

    • Work ethic
    • Executive brief

    Participants

    • Capacity manager
    • Business stakeholders

    Info-Tech Insight

    The best capacity managers develop new business processes that more closely align their role with business stakeholders. Building these relationships takes hard work, and you must first earn the trust of the business.

    Bake stakeholders into the planning process

    3.1f Ongoing

    Convince, don’t coerce. Stakeholders want the same thing you do. Bake them into the planning process as a step towards this goal.

    1. Develop a system to involve stakeholders regularly in the capacity planning process.
    • Your system will vary depending on the structure and culture of your organization.
    • See the case study on the following slide for ideas.
    • It may be as simple as setting a recurring reminder in your own calendar to touch base with stakeholders.
  • Liaise with stakeholders regularly to keep abreast of new developments.
    • Ensure stakeholders have reasonable expectations about IT’s available resources, the costs of providing capacity, and the lead times required to source additional needed capacity.
  • Draw on these stakeholders for the step “Gather information on business requirements” later in this phase.
  • Input

    • List of business stakeholders
    • Ideas

    Output

    • Capacity planning process that involves stakeholders

    Materials

    • Meeting rooms

    Participants

    • Capacity manager
    • Business stakeholders
    • Infrastructure team

    A capacity manager in financial services wrangled stakeholders and produced results

    CASE STUDY

    Industry: Financial Services

    Source: Interview

    In financial services, availability is king

    In the world of financial services, availability is absolutely crucial. High-value trades occur at all hours, and any institution that suffers outages runs the risk of losing tens of thousands of dollars, not to mention reputational damage.

    People know what they want, but sometimes they have to be herded

    While line of business managers and application owners understand the value of capacity management, it can be difficult to establish the working relationship necessary for a fruitful partnership.

    Proactively building relationships keeps services available

    He built relationships with all the department heads on the business side, and all the application owners.

    • He met with department heads quarterly.
    • He met with application owners and business liaisons monthly.

    He established a steering committee for capacity.

    He invited stakeholders to regular capacity planning meetings.

    • The first half of each meeting was high-level outlook, such as business volume and IT capacity utilization, and included stakeholders from other departments.
    • The second half of the meeting was more technical, serving the purpose for the infrastructure team.

    He scheduled lunch and learn sessions with business analysts and project managers.

    • These are the gatekeepers of information, and should know that IT needs to be involved when things come down the pipeline.

    Step 3.2: Analyze data and project future needs

    This step will walk you through the following activities:

    • Solicit needs from the business.
    • Map business needs to technical requirements, and technical requirements to infrastructure requirements.
    • Identify inefficiencies in order to remedy them.
    • Compare the data across business, component, and service levels, and project your capacity needs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • Model of how business processes relate to technical requirements and their demand on infrastructure
    • Method for projecting future demand for your organization’s infrastructure
    • Comparison of current capacity usage to projected demand

    “Nobody tells me anything!” – the capacity manager’s lament

    Sometimes “need to know” doesn’t register with sales or marketing. Nearly every infrastructure manager can share a story about a time when someone has made a decision that has critically impacted IT infrastructure without letting anyone in IT in on the “secret.”

    In brief

    The image contains a picture of a man appearing to be overwhelmed.

    Imagine working for a media company as an infrastructure capacity manager. Now imagine that the powers that be have decided to launch a content-focused web service. Seems like something they would do, right? Now imagine you find out about it the same way the company’s subscribers do. This actually happened – and it shouldn’t have. But a similar lack of alignment makes this a real possibility for any organization. If you don’t establish a systematic plan for soliciting and incorporating business requirements, prepare to lose a chunk of your free time. The business should never be able to say, in response to “nobody tells me anything,” “nobody asked.”

    Pictured: an artist’s rendering of the capacity manager in question.

    Directly solicit requirements from the business

    3.2a 30 minutes per stakeholder

    Once you’ve established, firmly, that everyone’s on the same team, meet individually with the stakeholders to assess capacity.

    Instructions

    1. Schedule a one-on-one meeting with each line of business manager (stakeholders identified in 3.1). Ideally this will be recurring.
    • Experienced capacity managers suggest doing this monthly.
  • In the meeting address the following questions:
    • What are some upcoming major initiatives?
    • Is the department going to expand or contract in a noticeable way?
    • Have customers taken to a particular product more than others?
  • Include the schedule in the Capacity Plan Template, and consider including details of the discussion in the notes section in tab 3 of the Capacity Snapshot Tool.
  • Input

    • Stakeholder opinions

    Output

    • Business requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Sometimes line of business managers will evade or ignore you when you come knocking. They do this because they don’t know and they don’t want to give you the wrong information. Explain that a best guess is all you can ask for and allay their fears.

    Below, you will find more details about what to look for when soliciting information from the line of business manager you’ve roped into your scheme.

    1. Consider the following:
    • Projected sales pipeline
    • Business growth
    • Seasonal cycles
    • Marketing campaigns
    • New applications and features
    • New products and services
  • Encourage business stakeholders to give you their best guess for elements such as projected sales or business growth.
  • Estimate variance and provide a range. What can you expect at the low end? The high end? Record your historical projections for an idea of how accurate you are.
  • Consider carefully the infrastructure impact of new features (and record this in the notes section of the Capacity Snapshot Tool).
  • Directly solicit requirements from the business (optional)

    3.2a 1 hour

    IT staff and line of business staff come with different skillsets. This can lead to confusion, but it doesn’t have to. Develop effective information solicitation techniques.

    Instructions

    1. Gather your IT staff in a room with a whiteboard. As a group, select a gold service/line of business manager you would like to use as a “practice dummy.”
    2. Have everyone write down a question they would ask of the line of business representative in a hypothetical business/service capacity discussion.
    3. As a group discuss the merits of the questions posed:
    • Are they likely to yield productive information?
    • Are they too vague or specific?
    • Is the person in question likely to know the answer?
    • Is the information requested a guarded trade secret?
  • Discuss the findings and include any notes in section 3 of the Capacity Plan Template.
  • Input

    • Workshop participants’ ideas

    Output

    • Interview skills

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Capacity manager
    • Infrastructure staff

    Map business needs to technical requirements, and technical requirements to infrastructure requirements

    3.2b 5 hours

    When it comes to mapping technical requirements, IT alone has the ability to effectively translate business needs.

    Instructions

    1. Use your notes from stakeholder meetings to assess the impact of any changes on gold systems.
    2. For each system brainstorm with infrastructure staff (and any technical experts as necessary) about what the information gleaned from stakeholder discussions. Consider the following discussion points:
    • How has demand for the service been trending? Does it match what the business is telling us?
    • Have we had availability issues in the past?
    • Has the business been right with their estimates in the past?
  • Estimate what a change in business/service metrics means for capacity.
    • E.g. how much RAM does a new email user require?
  • Record the output in the summary card of the Capacity Plan Template.
  • Input

    • Business needs

    Output

    • Technical and infrastructure requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Adapt the analysis to the needs of your organization. One capacity manager called the one-to-one mapping of business process to infrastructure demand the Holy Grail of capacity management. If this level of precision isn’t attainable, develop your own working estimates using the higher-level data

    Avoid putting too much faith in the cloud as a solution to your problem

    Has the rise of on-demand, functionally unlimited services eliminated the need for capacity and availability management?

    Capacity management

    The role of the capacity manager is changing, but it still has a purpose. Consider this:

    • Not everything can move to the cloud. For security/functionality reasons, on-premises infrastructure will continue to exist.
    • Cost management is more relevant than ever in the cloud age. Manage your instances.
    • While a cloud migration might render some component capacity management functions irrelevant, it could increase the relevance of others (the network, perhaps).

    Availability management

    Ensuring services are available is still IT’s wheelhouse, even if that means a shift to a brokerage model:

    • Business availability requirements (as part of the business impact analysis, potentially) are important; internal SLAs and contracts with vendors need to be managed.
    • Even in the cloud environment, availability is not guaranteed. Cloud providers have outages (unplanned, maintenance related, etc.) and someone will have to understand the limitations of cloud services and the impact on availability.

    Info-Tech Insight

    The cloud comes at the cost of detailed performance data. Sourcing a service through an SLA with a third party increases the need to perform your own performance testing of gold level applications. See performance monitoring.

    Beware Parkinson’s law

    A consequence of our infinite capacity for creativity, people have the enviable skill of making work. In 1955, C. Northcote Parkinson pointed out this fact in The Economist . What are the implications for capacity management?

    "It is a commonplace observation that work expands so as to fill the time available for its completion. Thus, an elderly lady of leisure can spend the entire day in writing and despatching a postcard to her niece at Bognor Regis. An hour will be spent in finding the postcard, another in hunting for spectacles, half-an-hour in a search for the address, an hour and a quarter in composition, and twenty minutes in deciding whether or not to take an umbrella when going to the pillar-box in the next street."

    C. Northcote Parkinson, The Economist, 1955

    Info-Tech Insight

    If you give people lots of capacity, they will use it. Most shops are overprovisioned, and in some cases that’s throwing perfectly good money away. Don’t be afraid to prod if someone requests something that doesn’t seem right.

    Optimally align demand and capacity

    When it comes to managing your capacity, look for any additional efficiencies.

    Questions to ask:

    • Are there any infrastructure services that are not being used to their full potential, sitting idle, or allocated to non-critical or zombie functions?
      • Are you managing your virtual servers? If, for example, you experience a seasonal spike in demand, are you leaving virtual machines running after the fact?
    • Do your organization’s policies and your infrastructure setup allow for the use of development resources for production during periods of peak demand?
    • Can you make organizational or process changes in order to satisfy demand more efficiently?

    In brief

    Who isn’t a sports fan? Big games mean big stakes for pool participants and armchair quarterbacks—along with pressure on the network as fans stream games from their work computers. One organization suffered from this problem, and, instead of taking a hardline and banning all streams, opted to stream the game on a large screen in a conference room where those interested could work for its duration. This alleviated strain on the network and kept staff happy.

    Shutting off an idle cloud to cut costs

    CASE STUDY

    Industry:Professional Services

    Source:Interview

    24/7 AWS = round-the-clock costs

    A senior developer realized that his development team had been leaving AWS instances running without any specific reason.

    Why?

    The development team appreciated the convenience of an always-on instance and, because the people spinning them up did not handle costs, the problem wasn’t immediately apparent.

    Resolution

    In his spare time over the course of a month, the senior developer wrote a program to manage the servers, including shutting them down during times when they were not in use and providing remote-access start-up when required. His team alone saved $30,000 in costs over the next six months, and his team lead reported that it would have been more than worth paying the team to implement such a project on company time.

    Identify inefficiencies in order to remediate them

    3.2c 20 minutes per service

    Instructions

    1. Gather the infrastructure team together and discuss existing capacity and demand. Use the inputs from your data analysis and stakeholder meetings to set the stage for your discussion.
    2. Solicit ideas about potential inefficiencies from your participants:
    • Are VMs effectively allocated? If you need 7 VMs to address a spike, are those VMs being reallocated post-spike?
    • Are developers leaving instances running in the cloud?
    • Are particular services massively overprovisioned?
    • What are the biggest infrastructure line items? Are there obvious opportunities for cost reduction there?
  • Record any potential opportunities in the summary of the Capacity Plan Template.
  • Input

    • Gold systems
    • Data inputs

    Output

    • Inefficiencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    The most effective capacity management takes a holistic approach and looks at the big picture in order to find ways to eliminate unnecessary infrastructure usage, or to find alternate or more efficient sources of required capacity.

    Dodging the toll troll by rerouting traffic

    CASE STUDY

    Industry:Telecommunications

    Source: Interview

    High-cost lines

    The capacity manager at a telecommunications provider mapped out his firm’s network traffic and discovered they were using a number of VP circuits (inter building cross connects) that were very expensive on the scale of their network.

    Paying the toll troll

    These VP circuits were supplying needed network services to the telecom provider’s clients, so there was no way to reduce this demand.

    Resolution

    The capacity manager analyzed where the traffic was going and compared this to the cost of the lines they were using. After performing the analysis, he found he could re-route much of the traffic away from the VP circuits and save on costs while delivering the same level of service to their users.

    Compare the data across business, component, and service levels, and project your capacity needs

    3.2d 2 hour session/meeting

    Make informed decisions about capacity. Remember: retain all documentation. It might come in handy for the justification of purchases.

    Instructions

    1. Using either a dedicated tool or generic spreadsheet software like Excel or Sheets, evaluate capacity trends. Ask the following questions:
    • Are there times when application performance degraded, and the service level was disrupted?
    • Are there times when certain components or systems neared, reached, or exceeded available capacity?
    • Are there seasonal variations in demand?
    • Are there clear trends, such as ongoing growth of business activity or the usage of certain applications?
    • What are the ramifications of trends or patterns in relation to infrastructure capacity?
  • Use the insight gathered from stakeholders during the stakeholder meetings, project required capacity for the critical components of each gold service.
  • Record the results of this activity in the summary card of the Capacity Plan Template.
  • Compare current capacity to your projections

    3.2e Section 5 of the Capacity Plan Template

    Capacity management (and, by extension, availability management) is a combination of two balancing acts: cost against capacity and supply and demand.*

    Instructions

    1. Compare your projections with your reality. You already know whether or not you have enough capacity given your lead times. But do you have too much? Compare your sub-component capacity projections to your current state.
    2. Highlight any outliers. Is there a particular service that is massively overprovisioned?
    3. Evaluate the reasons for the overprovisioning.
    • Is the component critically important?
    • Did you get a great deal on hardware?
    • Is it an oversight?
  • Record the results in the notes section of the summary card of the Capacity Plan Template.
  • *Office of Government Commerce 2001, 119.

    In brief

    The fractured nature of the capacity management space means that every organization is going to have a slightly different tooling strategy. No vendor has dominated, and every solution requires some level of customization. One capacity manager (a cloud provider, no less!) relayed a tale about a capacity management Excel sheet programmed with 5,000+ lines of code. As much work as that is, a bespoke solution is probably unavoidable.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2

    The image contains a screenshot of activity 3.2.

    Map business needs to technical requirements and technical requirements to infrastructure requirements

    The analyst will guide workshop participants in using their organization’s data to map out the relationships between applications, technical requirements, and the underlying infrastructure usage.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Solicit and incorporate business needs

    Proposed Time to Completion: 2 weeks

    Step 3.1: Solicit business needs and gather data

    Review your findings with an analyst

    Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis.

    Then complete these activities…

    • Analyze historical trends and track your services’ status
    • Build a list of key business stakeholders
    • Bake stakeholders into the planning process

    With these tools & templates:

    Capacity Plan Template

    Step 3.2: Analyze data and project future needs

    Review your findings with an analyst

    Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis.

    Then complete these activities…

    • Map business needs to technical requirements and technical requirements to infrastructure requirements
    • Compare the data across business, component, and service levels, and project your capacity needs
    • Compare current capacity to your projections

    With these tools & templates:

    Capacity Snapshot Tool

    Capacity Plan Template

    Phase 3 Results & Insights:

    • Develop new business processes that more closely align your role with business stakeholders. Building these relationships takes hard work, and won’t happen overnight.
    • Take a holistic approach to eliminate unnecessary infrastructure usage or source capacity more efficiently.

    PHASE 4

    Identify and Mitigate Risks

    Step 4.1: Identify and mitigate risks

    This step will walk you through the following activities:

    • Identify potential risks.
    • Determine strategies to mitigate risks.
    • Complete your capacity management plan.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • Strategies for reducing risks
    • Capacity management plan

    Understand what happens when capacity/availability management fails

    1. Services become unavailable. If availability and capacity management are not constantly practiced, an inevitable consequence is downtime or a reduction in the quality of that service. Critical sub-component failures can knock out important systems on their own.
    2. Money is wasted. In response to fears about availability, it’s entirely possible to massively overprovision or switch entirely to a pay-as-you-go model. This, unfortunately, brings with it a whole host of other problems, including overspending. Remember: infinite capacity means infinite potential cost.
    3. IT remains reactive and is unable to contribute more meaningfully to the organization. If IT is constantly putting out capacity/availability-related fires, there is no room for optimization and activities to increase organizational maturity. Effective availability and capacity management will allow IT to focus on other work.

    Mitigate availability and capacity risks

    Availability: how often a service is usable (that is to say up and not too degraded to be effective). Consequences of reduced availability can include financial losses, impacted customer goodwill, and reduced faith in IT more generally.

    Causes of availability issues:

    • Poor capacity management – a service becomes unavailable when there is insufficient supply to meet demand. This is the result of poor capacity management.
    • Scheduled maintenance – services go down for maintenance with some regularity. This needs to be baked into service-level negotiations with vendors.
    • Vendor outages – sometimes vendors experience unplanned outages. There is typically a contract provision that covers unplanned outages, but that doesn’t change the fact that your service will be interrupted.

    Capacity: a particular component’s/service’s/business’ wiggle room. In other words, its usage ceiling.

    Causes of capacity issues:

    • Poor demand management – allowing users to run amok without any regard for how capacity is sourced and paid for.
    • Massive changes in legitimate demand – more usage means more demand.
    • Poor capacity planning – predictable changes in demand that go unaddressed can lead to capacity issues.

    Add additional potential causes of availability and capacity risks as needed

    4.1a 30 minutes

    Availability and capacity issues can stem from a number of different causes. Include a list in your availability and capacity management plan.

    Instructions

    1. Gather the group together. Go around the room and have participants provide examples of incidents and problems that have been the result of availability and capacity issues.
    2. Pose questions to the group about the source of those availability and capacity issues.
    • What could have been done differently to avoid these issues?
    • Was the availability/capacity issue a result of a faulty internal/external SLA?
  • Record the results of the exercise in sections 4.1 and 4.2 of the Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Additional sources of availability and capacity risks

    Materials

    • Capacity Plan Template

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Availability and capacity problems result in incidents, critical incidents, and problems. These are addressed in a separate project (incident and problem management), but information about common causes can streamline that process.

    Identify capacity risks and mitigate them

    4.1b 30 minutes

    Based on your understanding of your capacity needs (through written SLAs and informal but regular meetings with the business) highlight major risks you foresee.

    Instructions

    1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
    2. Record risks to capacity you have identified in earlier activities.
    • Refer to the Capacity Snapshot Tool for components that are highlighted in red and yellow. These are specific components that present special challenges. Identify the risk(s) in as much detail as possible. Include service and business risks as well.
    • Examples: a marketing push will put pressure on the web server; a hiring push will require more Office 365 licenses; a downturn in registration will mean that fewer VMs will be required to run the service.

    Input

    • Capacity Snapshot Tool results

    Output

    • Inefficiencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

    Identify capacity risks and mitigate them (cont.)

    4.1b 1.5 hours

    Instructions (cont.)

    1. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:
    • Acceptance: responding to the risk is costlier than acknowledging its existence without taking any action. For gold systems, acceptance is typically not acceptable.
    • Mitigation: limiting/reducing, eliminating, or transferring risk (Herrera) comprise the sort of mitigation discussed here.
      • Limiting/reducing: taking steps to improve the capacity situation, but accepting some level of risk (spinning up a new VM, pushing back on demands from the business, promoting efficiency).
      • Eliminating: the most comprehensive (and most expensive) mitigation strategy, elimination could involve purchasing a new server or, at the extreme end, building a new datacenter.
      • Transfer: “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?
  • Record the results of this exercise in section 5 of the Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Capacity risk mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

    Identify availability risks and mitigate them

    4.1c 30 minutes

    While capacity management is a form of availability management, it is not the only form. In this activity, outline the specific nature of threats to availability.

    Instructions

    1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
    2. Begin brainstorming general availability risks based on the following sources of information/categories:
    • Vendor outages
    • Disaster recovery
    • Historical availability issues

    The image contains a large blue circle labelled: Availability. Also in the blue circle is a small red circle labelled: Capacity.

    Input

    • Capacity Snapshot Tool results

    Output

    • Availability risks and mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Best Practice

    A dynamic central repository is a good way to ensure that availability issues stemming from a variety of causes are captured and mitigated.

    Identify availability risks and mitigate them (cont.)

    4.1c 1.5 hours

    Although it is easier said than done, identifying potential mitigations is a crucial part of availability management as an activity.

    Instructions (cont.)

    1. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:
    • Acceptance – responding to the risk is costlier than taking it on. Some unavailability is inevitable, between maintenance and unscheduled downtime. Record this, though it may not require immediate action.
    • Mitigation strategies:
      • Limiting/reducing – taking steps to increase availability of critical systems. This could include hot spares for unreliable systems or engaging a new vendor.
      • Eliminating – the most comprehensive (and most expensive) mitigation strategy. It could include selling.
      • Transfer – “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?
  • Record the results of this exercise in section 5 of Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Availability risks and mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Iterate on the process and present your completed availability and capacity management plan

    The stakeholders consulted as part of the process will be interested in its results. Share them, either in person or through a collaboration tool.

    The current status of your availability and capacity management plan should be on the agenda for every stakeholder meeting. Direct the stakeholders’ attention to the parts of the document that are relevant to them, and solicit their thoughts on the document’s accuracy. Over time you should get a pretty good idea of who among your stakeholder group is skilled at projecting demand, and who over- or underestimates, and by how much. This information will improve your projections and, therefore, your management over time.

    Info-Tech Insight

    Use the experience gained and the artifacts generated to build trust with the business. The meetings should be regular, and demonstrating that you’re actually using the information for good is likely to make hesitant participants in the process more likely to open up.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    The image contains a screenshot of activity 4.1.

    Identify capacity risks and mitigate them

    The analyst will guide workshop participants in identifying potential risks to capacity and determining strategies for mitigating them.

    Phase 4 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Identify and mitigate risks

    Proposed Time to Completion: 1 week

    Step 4.1: Identify and mitigate risks

    Review your findings with an analyst

    • Discuss your potential risks and your strategies for mitigating those risks.

    Then complete these activities…

    • Identify capacity risks and mitigate them
    • Identify availability risks and mitigate them
    • Complete your capacity management plan

    With these tools & templates:

    Capacity Snapshot Tool

    Capacity Plan Template

    Phase 4 Results & Insights:

    • Be a problem solver and prove IT’s value to the organization. Capacity management allows infrastructure to drive business value.
    • Iterate and share results. Reinforce your relationships with stakeholders and continue to refine how capacity management transforms your organization’s business processes.

    Insight breakdown

    Insight 1

    Components are critical to availability and capacity management.

    The CEO doesn’t care about the SMTP server. She cares about meeting customer needs and producing profit. For IT capacity and availability managers, though, the devil is in the details. It only takes one faulty component to knock out a service. Keep track and keep the lights on.

    Insight 2

    Ask what the business is working on, not what they need.

    If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs. Use your IT experience to estimate the impact of business and service level changes on the components that secure the availability you need.

    Insight 3

    Cloud shmoud.

    The role of the capacity manager might be changing with the advent of the public cloud, but it has not disappeared. Capacity managers in the age of the cloud are responsible for managing vendor relationships, negotiating external SLAs, projecting costs and securing budgets, reining in prodigal divisions, and so on.

    Summary of accomplishment

    Knowledge Gained

    • Impact of downtime on the organization
    • Gold systems
    • Key dependencies and sub-components
    • Strategy for monitoring components
    • Strategy for soliciting business needs
    • Projected capacity needs
    • Availability and capacity risks and mitigations

    Processes Optimized

    • Availability management
    • Capacity management

    Deliverables Completed

    • Business Impact Analysis
    • Capacity Plan Template

    Project step summary

    Client Project: Develop an Availability and Capacity Management Plan

    1. Conduct a business impact analysis
    2. Assign criticality ratings to services
    3. Define your monitoring strategy
    4. Implement your monitoring tool/aggregator
    5. Solicit business needs and gather data
    6. Analyze data and project future needs
    7. Identify and mitigate risks

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery via Info-Tech Guided Implementation.

    Research contributors and experts

    The image contains a picture of Adrian Blant.

    Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

    Adrian has over 15 years' experience in IT infrastructure. He has built capacity management business processes from the ground up, and focused on ensuring a productive dialogue between IT and the business.

    The image contains a picture of James Zhang.

    James Zhang, Senior Manager Disaster Recovery, AIG Technology

    James has over 20 years' experience in IT and 10 years' experience in capacity management. Throughout his career, he has focused on creating new business processes to deliver value and increase efficiency over the long term.

    The image contains a picture of Mayank Banerjee.

    Mayank Banerjee, CTO, Global Supply Chain Management, HelloFresh

    Mayank has over 15 years' experience across a wide range of technologies and industries. He has implemented highly automated capacity management processes as part of his role of owning and solving end-to-end business problems.

    The image contains a picture of Mike Lynch

    Mike Lynch, Consultant, CapacityIQ

    Mike has over 20 years' experience in IT infrastructure. He takes a holistic approach to capacity management to identify and solve key problems, and has developed automated processes for mapping performance data to information that can inform business decisions.

    The image contains a picture of Paul Waguespack.

    Paul Waguespack, Manager of Application Systems Engineering, Tufts Health Plan

    Paul has over 10 years' experience in IT. He has specialized in implementing new applications and functionalities throughout their entire lifecycle, and integrating with all aspects of IT operations.

    The image contains a picture of Richie Mendoza.

    Richie Mendoza, IT Consultant, SMITS Inc.

    Richie has over 10 years' experience in IT infrastructure. He has specialized in using demand forecasting to guide infrastructure capacity purchasing decisions, to provide availability while avoiding costly overprovisioning.

    The image contains a picture of Rob Thompson.

    Rob Thompson, President, IT Tools & Process

    Rob has over 30 years’ IT experience. Throughout his career he has focused on making IT a generator of business value. He now runs a boutique consulting firm.

    Todd Evans, Capacity and Performance Management SME, IBM

    Todd has over 20 years' experience in capacity and performance management. At Kaiser Permanente, he established a well-defined mapping of the businesses workflow processes to technical requirements for applications and infrastructure.

    Bibliography

    451 Research. “Best of both worlds: Can enterprises achieve both scalability and control when it comes to cloud?” 451 Research, November 2016. Web.

    Allen, Katie. “Work Also Shrinks to Fit the Time Available: And We Can Prove It.” The Guardian. 25 Oct. 2017.

    Amazon. “Amazon Elastic Compute Cloud.” Amazon Web Services. N.d. Web.

    Armandpour, Tim. “Lies Vendors Tell about Service Level Agreements and How to Negotiate for Something Better.” Network World. 12 Jan 2016.

    “Availability Management.” ITIL and ITSM World. 2001. Web.

    Availability Management Plan Template. Purple Griffon. 30 Nov. 2012. Web.

    Bairi, Jayachandra, B., Murali Manohar, and Goutam Kumar Kundu. “Capacity and Availability Management by Quantitative Project Management in the IT Service Industry.” Asian Journal on Quality 13.2 (2012): 163-76. Web.

    BMC Capacity Optimization. BMC. 24 Oct 2017. Web.

    Brooks, Peter, and Christa Landsberg. Capacity Management in Today’s IT Environment. MentPro. 16 Aug 2017. Web.

    "Capacity and Availability Management." CMMI Institute. April 2017. Web.

    Capacity and Availability Management. IT Quality Group Switzerland. 24 Oct. 2017. Web.

    Capacity and Performance Management: Best Practices White Paper. Cisco. 4 Oct. 2005. Web.

    "Capacity Management." Techopedia.

    “Capacity Management Forecasting Best Practices and Recommendations.” STG. 26 Jan 2015. Web.

    Capacity Management from the Ground up. Metron. 24 Oct. 2017. Web.

    Capacity Management in the Modern Datacenter. Turbonomic. 25 Oct. 2017. Web.

    Capacity Management Maturity Assessing and Improving the Effectiveness. Metron. 24 Oct. 2017. Web.

    “Capacity Management Software.” TeamQuest. 24 Oct 2017. Web,

    Capacity Plan Template. Purainfo. 11 Oct 2012. Web.

    “Capacity Planner—Job Description.” Automotive Industrial Partnership. 24 Oct. 2017. Web.

    Capacity Planning. CDC. Web. Aug. 2017.

    "Capacity Planning." TechTarget. 24 Oct 2017. Web.

    “Capacity Planning and Management.” BMC. 24 Oct 2017. Web.

    "Checklist Capacity Plan." IT Process Wiki. 24 Oct. 2017. Web.

    Dykes, Brent. “Actionable Insights: The Missing Link Between Data and Business Value.” Forbes. April 26, 2016. Web.

    Evolved Capacity Management. CA Technologies. Oct. 2013. Web.

    Francis, Ryan. “False positives still cause threat alert fatigue.” CSO. May 3, 2017. Web.

    Frymire, Scott. "Capacity Planning vs. Capacity Analytics." ScienceLogic. 24 Oct. 2017. Web.

    Glossary. Exin. Aug. 2017. Web.

    Herrera, Michael. “Four Types of Risk Mitigation and BCM Governance, Risk and Compliance.” MHA Consulting. May 17, 2013.

    Hill, Jon. How to Do Capacity Planning. TeamQuest. 24 Oct. 2017. Web.

    “How to Create an SLA in 7 Easy Steps.” ITSM Perfection. 25 Oct. 2017. Web.

    Hunter, John. “Myth: If You Can’t Measure It: You Can’t Manage It.” W. Edwards Deming Institute Blog. 13 Aug 2015. Web.

    IT Service Criticality. U of Bristol. 24 Oct. 2017. Web.

    "ITIL Capacity Management." BMC's Complete Guide to ITIL. BMC Software. 22 Dec. 2016. Web.

    “Just-in-time.” The Economist. 6 Jul 2009. Web.

    Kalm, Denise P., and Marv Waschke. Capacity Management: A CA Service Management Process Map. CA. 24 Oct. 2017. Web.

    Klimek, Peter, Rudolf Hanel, and Stefan Thurner. “Parkinson’s Law Quantified: Three Investigations in Bureaucratic Inefficiency.” Journal of Statistical Mechanics: Theory and Experiment 3 (2009): 1-13. Aug. 2017. Web.

    Landgrave, Tim. "Plan for Effective Capacity and Availability Management in New Systems." TechRepublic. 10 Oct. 2002. Web.

    Longoria, Gina. “Hewlett Packard Enterprise Goes After Amazon Public Cloud in Enterprise Storage.” Forbes. 2 Dec. 2016. Web.

    Maheshwari, Umesh. “Understanding Storage Capacity.” NimbleStorage. 7 Jan. 2016. Web.

    Mappic, Sandy. “Just how complex can a Login Transaction be? Answer: Very!” Appdynamics. Dec. 11 2011. Web.

    Miller, Ron. “AWS Fires Back at Larry Ellison’s Claims, Saying It’s Just Larry Being Larry.” Tech Crunch. 2 Oct. 2017. Web.

    National College for Teaching & Leadership. “The role of data in measuring school performance.” National College for Teaching & Leadership. N.d. Web,

    Newland, Chris, et al. Enterprise Capacity Management. CETI, Ohio State U. 24 Oct. 2017. Web.

    Office of Government Commerce . Best Practice for Service Delivery. London: Her Majesty’s Stationery Office, 2001.

    Office of Government Commerce. Best Practice for Business Perspective: The IS View on Delivering Services to the Business. London: Her Majesty’s Stationery Office, 2004.

    Parkinson, C. Northcote. “Parkinson’s Law.” The Economist. 19 Nov. 1955. Web.

    “Parkinson’s Law Is Proven Again.” Financial Times. 25 Oct. 2017. Web.

    Paul, John, and Chris Hayes. Performance Monitoring and Capacity Planning. VM Ware. 2006. Web.

    “Reliability and Validity.” UC Davis. N.d. Web.

    "Role: Capacity Manager." IBM. 2008. Web.

    Ryan, Liz. “‘If You Can’t Measure It, You Can’t Manage It’: Not True.” Forbes. 10 Feb. 2014. Web.

    S, Lalit. “Using Flexible Capacity to Lower and Manage On-Premises TCO.” HPE. 23 Nov. 2016. Web.

    Snedeker, Ben. “The Pros and Cons of Public and Private Clouds for Small Business.” Infusionsoft. September 6, 2017. Web.

    Statement of Work: IBM Enterprise Availability Management Service. IBM. Jan 2016. Web.

    “The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell.” Botmetric. 25 Oct. 2017. Web.

    Transforming the Information Infrastructure: Build, Manage, Optimize. Asigra. Aug. 2017. Web.

    Valentic, Branimir. "Three Faces of Capacity Management." ITIL/ISO 20000 Knowledge Base. Advisera. 24 Oct. 2017. Web.

    "Unify IT Performance Monitoring and Optimization." IDERA. 24 Oct. 2017. Web.

    "What is IT Capacity Management?" Villanova U. Aug. 2017. Web.

    Wolstenholme, Andrew. Final internal Audit Report: IT Availability and Capacity (IA 13 519/F). Transport For London. 23 Feb. 2015. Web.

    Service Management Integration With Agile Practices

    • Buy Link or Shortcode: {j2store}400|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management

    • Work efficiently and in harmony with Agile and service management to deliver business value.
    • Optimize the value stream of services and products.
    • Leverage the benefits of each practice.
    • Create a culture of collaboration to support a rapidly changing business.

    Our Advice

    Critical Insight

    Agile and Service Management are not necessarily at odds; find the integration points to solve specific problems.

    Impact and Result

    • Optimize the value stream of services and products.
    • Work efficiently and in harmony with Agile and service management to deliver business value.
    • Create a culture of collaboration to support a rapidly changing business.

    Service Management Integration With Agile Practices Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Service Management Integration With Agile Practices Storyboard – Use this deck to understand the integration points and how to overcome common challenges.

    Understand how service management integrates with Agile software development practices, and how to solve the most common challenges to work efficiently and deliver business value.

    • Service Management Integration With Agile Practices Storyboard

    2. Service Management Stakeholder Register Template – Use this tool to identify and document Service Management stakeholders.

    Use this tool to identify your stakeholders to engage when working on the service management integration.

    • ITSM Stakeholder Register Template

    3. Service Management Integration With Agile Practices Assessment Tool – Use this tool to identify key challenging integration points in your organization.

    Use this tool to identify which of your current practices might already be aligned with Agile mindset and which might need adjustment. Identify integration challenges with the current service management practices.

    • Service Management Integration With Agile Practices Assessment Tool
    [infographic]

    Further reading

    Service Management Integration With Agile Practices

    Understand how Agile transformation affects service management

    Analyst Perspective

    Don't forget about operations

    Many organizations believe that once they have implemented Agile that they no longer need any service management framework, like ITIL. They see service management as "old" and a roadblock to deliver products and services quickly. The culture clash is obvious, and it is the most common challenge people face when trying to integrate Agile and service management. However, it is not the only challenge. Agile methodologies are focused on optimized delivery. However, what happens after delivery is often overlooked. Operations may not receive proper communication or documentation, and processes are cumbersome or non-existent. This is a huge paradox if an organization is trying to become nimbler. You need to find ways to integrate your Agile practices with your existing Service Management processes.

    This is a picture of Renata Lopes

    Renata Lopes
    Senior Research Analyst
    Organizational Transformation Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Work efficiently and in harmony with Agile and service management to deliver business value.
    • Optimize the value stream of services and products.
    • Leverage the benefits of each practice.
    • Create a culture of collaboration to support a rapidly changing business.

    Common Obstacles

    • Culture clashes.
    • Inefficient or inexistent processes.
    • Lack of understanding of what Agile and service management mean.
    • Leadership doesn't understand the integration points of practices.
    • Development overlooks the operations requirement.

    Info-Tech's Approach

    • When integrating Agile and service management practices start by understanding the key integration points:
    • Processes
    • People and resources
    • Governance and org structure

    Info-Tech Insight

    Agile and Service Management are not necessarily at odds Find the integration points to solve specific problems.

    Your challenge

    Deliver seamless business value by integrating service management and Agile development.

    • Understand how Agile development impacts service management.
    • Identify bottlenecks and inefficiencies when integrating with service management.
    • Connect teams across the organization to collaborate toward the organizational goals.
    • Ensure operational requirements are considered while developing products in an Agile way.
    • Stay in alignment when designing and delivering services.

    The most significant Agile adoption barriers

    46% of respondents identified inconsistent processes and practices across teams as a challenge.
    Source: Digital.ai, 2021

    43% of respondents identified Culture clashes as a challenge.
    Source: Digital.ai, 2021

    What is Agile?

    Agile development is an umbrella term for several iterative and incremental development methodologies to develop products.

    In order to achieve Agile development, organizations will adopt frameworks and methodologies like Scaled Agile Framework (SAFe), Scrum, Large Scaled Scrum (LeSS), DevOps, Spotify Way of Working (WoW), etc.

    • DevOps
    • WoW
    • SAFe
    • Scrum
    • LeSS

    Application Maintenance

    • Buy Link or Shortcode: {j2store}30|cart{/j2store}
    • Related Products: {j2store}30|crosssells{/j2store}
    • member rating overall impact: 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • If you work with application maintenance or operations teams that handle the "run" of your applications, you may find that the sheer volume and variety of requests create large backlogs.
    • Your business and product owners may want scrum or DevOps teams to work on new functionality rather than spend effort on lifecycle management.
    • Increasing complexity and increasing reliance on technology may create unrealistic expectations for your maintenance teams. Business applications must be available around the clock, and new feature roadmaps cannot be side-tracked by maintenance.

    Our advice

    Insight

    • Improving maintenance focus may mean doing less work but create more value. Your teams need to be realistic about what commitments they take—balance maintenance with business value and risk levels.
    • Treat maintenance the same as any other development practice. Use the same intake and prioritization practices. Uphold the same quality standards.

    Impact and results 

    • Justify the necessity of streamlined and regular maintenance. Understand each stakeholder's objectives and concerns, validate them against your staff's current state, processes, and technologies involved.
    • Maintenance and risk go hand in hand. And the business wants to move forward all the time as well. Strengthen your prioritization practice. Use a holistic view of the business and technical impacts, risks, urgencies across the maintenance needs and requests. That allows you to justify their respective positions in the overall development backlog. Identify opportunities to bring some requirements and features together.
    • Build a repeatable process with appropriate governance around it. Ensure that people know their roles and responsibilities and are held accountable.
    • Instill development best-practices into your maintenance processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand everyday struggles regarding application maintenance, the root causes, and our methodology to overcome these. We show you how we can support you.

    Understand your maintenance priorities

    Identify your stakeholders and understand their drivers.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape (ppt)
    • Application Maintenance Operating Model Template (doc)
    • Application Maintenance Resource Capacity Assessment (xls)
    • Application Maintenance Maturity Assessment (xls)

    Define and employ maintenance governance

    Identify the right level of governance appropriate to your company and business context for your application maintenance. That ensures that people uphold standards across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule (ppt)

    Enhance your prioritization practices

    Most companies cannot do everything for all applications and systems. Build your maintenance triage and prioritization rules to safeguard your company, maximize business value generation and IT risks and requirements.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery (ppt)
    • Application Maintenance Business Case Presentation Document (ppt)

     

     

    IBM i Migration Considerations

    • Buy Link or Shortcode: {j2store}109|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    IBM i remains a vital platform and now many CIOs, CTOs, and IT leaders are faced with the same IBM i challenges regardless of industry focus: how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

    Our Advice

    Critical Insight

    For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more pro-active in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

    Impact and Result

    The most common tactic is for the organization to better understand their IBM i options and adopt some level of outsourcing for the non-commodity platform retaining the application support/development in-house. To make the evident, obvious; the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed and public cloud services.

    IBM i Migration Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IBM i Migration Considerations – A brief deck that outlines key migration options for the IBM i platforms.

    This project will help you evaluate the future viability of this platform; assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of this platform for your organization.

    • IBM i Migration Considerations Storyboard

    2. Infrastructure Outsourcing IBM i Scoring Tool – A tool to collect vendor responses and score each vendor.

    Use this scoring sheet to help you define and evaluate IBM i vendor responses.

    • Infrastructure Outsourcing IBM i Scoring Tool
    [infographic]

    Further reading

    IBM i Migration Considerations

    Don’t be overwhelmed by IBM i migration options.

    Executive Summary

    Your Challenge

    IBM i remains a vital platform and now many CIO, CTO, and IT leaders are faced with the same IBM i challenges regardless of industry focus; how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

    Common Obstacles

    For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more proactive in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

    Info-Tech Approach

    The most common tactic is for the organization to better understand its IBM i options and adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed hosting, and public cloud services.

    Info-Tech Insight

    “For over twenty years, IBM was ‘king,’ dominating the large computer market. By the 1980s, the world had woken up to the fact that the IBM mainframe was expensive and difficult, taking a long time and a lot of work to get anything done. Eager for a new solution, tech professionals turned to the brave new concept of distributed systems for a more efficient alternative. On June 21, 1988, IBM announced the launch of the AS/400, their answer to distributed computing.” (Dale Perkins)

    Review

    We help IT leaders make the most of their IBM i environment.

    Problem Statement:

    The IBM i remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

    This research is designed for:

    • IT strategic direction decision makers
    • IT managers responsible for an existing iSeries or IBM i platform
    • Organizations evaluating platforms for mission-critical applications

    This research will help you:

    1. Evaluate the future viability of this platform.
    2. Assess the fit, purpose, and price.
    3. Develop strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “fit for purpose” plot

    Thought Model

    We will investigate the aspect of different IBM i scenarios as they impact business, what that means, and how that can guide the questions that you are asking as you move to an aligned IBM i IT strategy. Our model considers:

    • Importance to Business Outcomes
      • Important to strategic objectives
      • Provides competitive advantage
      • Non-commodity IT service or process
      • Specialized in-house knowledge required
    • Vendor’s Performance Advantage
      • Talent or access to skills
      • Economies of scale or lower cost at scale
      • Access to technology

    Info-Tech Insights

    With multiple control points to be addressed, care must be taken in simplifying your options while addressing all concerns to ease operational load.

    Map different 'IBM i' scenarios with axes 'Importance to Business Outcomes - Low to High' and 'Vendor’s Performance Advantage - Low to High'. Quadrant labels are '[LI/LA] Potentially Outsource: Service management, Help desk, desk-side support, Asset management', '[LI/HA] Outsource: Application & Infra Support, Web Hosting, SAP Support, Email Services, Infrastructure', '[HI/LA] Insource (For Now): Application development tech support', and '[HI/HA] Potentially Outsource: Onshore or offshore application maintenance'.

    IBM i environments are challenging

    “The IBM i Reality” – Darin Stahl

    Most members relying on business applications/workloads running on non-commodity platforms (zSeries, IBM i, Solaris, AIX, etc.) are first motivated to get out from under the perceived higher costs for the hardware platform.

    An additional challenge for non-commodity platforms is that from an IT Operations Management perspective they become an island with a diminishing number of integrated operations skills and solutions such as backup/restore and monitoring tools.

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support and development in-house.

    Key challenges with current IBM i environments:
    1. DR Requirements
      Understand what the business needs are and where users and resources are located.
    2. Market Lack of Expertise
      Skilled team members are hard to find.
    3. Cost Management
      There is a perceived cost disadvantage to managing on-prem solutions.
    4. Aging Support Teams
      Current support teams are aging with little backfill in skill and experience.

    Understand your options

    Co-Location

    A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.”

    Onsite Outsourcing

    A provider will support the hardware/system environment at the client’s site.

    Managed Hosting

    A customer transitions their legacy application environment to an off-prem hosted, multi-tenanted environment.

    Public Cloud

    A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.”

    Co-Location

    Provider manages the data center hardware environment.

    Abstract

    Here a provider manages the system data center environment and hardware; however, the client’s in-house IBM i team manages the IBM i hardware environment and the system applications. The client manages all of the licenses associated with the platform as well as the hardware asset management considerations. This is typically part of a larger services or application transformation. This effectively outsources the data center management while maintaining all IBM i technical operations in-house.

    Advantages

    • On-demand bandwidth
    • Cost effective
    • Secure and compliant environment
    • On-demand remote “hands and feet” services
    • Improved IT DR services
    • Data center compliance

    Considerations

    • Application transformation
    • CapEx cost
    • Fluctuating network bandwidth costs
    • Secure connectivity
    • Disaster recovery and availability of vendor
    • Company IT DR and BC planning
    • Remote system maintenance (HW)

    Info-Tech Insights

    This model is extremely attractive for organizations looking to reduce their data center management footprint. Idea for the SMB.

    Onsite Sourcing

    A provider will support the hardware/system environment at the client’s site.

    Abstract

    Here a provider will support and manage the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models.

    Advantages

    • Managed environment within company premises
    • Cost effective (OpEx expense)
    • Economies of scale
    • On-demand “as-a-service” model
    • Improved IT DR staffing services
    • 24x7 monitoring and support

    Considerations

    • Outsourced IT talent
    • Terms and contract conditions
    • IT staff attrition
    • Increased liability
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Internal problem and change management

    Info-Tech Insights

    Depending on the application lifecycle and viability, in-house skill and technical depth is a key consideration when developing your IBM i strategy.

    Managed Hosting

    Transition legacy application environment to an off-prem hosted multi-tenanted environment.

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, a client can “re-platform” the application into an off-premises-hosted provider platform. This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Advantages

    • Turns CapEx into OpEx
    • Reduces in-house need for diminishing or scarce human resources
    • Allows the enterprise to focus on the value of the IBM i platform through the reduction of system administrative toil
    • Improved IT DR services
    • Data center compliance

    Considerations

    • Application transformation
    • Network bandwidth
    • Contract terms and conditions
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Technical security and compliance
    • Limited providers; reduced options

    Info-Tech Insights

    There is a difference between a “re-host” and “re-platform” migration strategy. Determine which solution aligns to the application requirements.

    Public Cloud

    Leverage “public cloud” alternatives with AWS, Google, or Microsoft AZURE.

    Abstract

    This type of arrangement is typically part of a larger migration or application transformation. While low risk, it is not as cost-effective as other deployment models. In this model, client can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.” This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux).

    Advantages

    • Remote workforce accessibility
    • OpEx expense model
    • Improved IT DR services
    • Reduced infrastructure and system administration
    • Vendor management
    • 24x7 monitoring and support

    Considerations

    • Contract terms and conditions
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Technical security and compliance
    • Limited providers; reduced options
    • Vendor/cloud lock-in
    • Application migration/”re-platform”
    • Application and system performance

    Info-Tech Insights

    This model is extremely attractive for organizations that consume primarily cloud services and have a large remote workforce.

    Understand your vendors

    • To best understand your options, you need to understand what IBM i services are provided by the industry vendors.
    • Within the following slides, you will find a defined activity with a working template that will create “vendor profiles” for each vendor.
    • As a working example, you can review the following partners:
    • Connectria (United States)
    • Rowton IT Solutions Ltd (United Kingdom)
    • Mid-Range (Canada)

    Info-Tech Insights

    Creating vendor profiles will help quickly filter the solution providers that directly meet your IBM i needs.

    Vendor Profile #1

    Rowton IT

    Summary of Vendor

    “Rowton IT thrive on creating robust and simple solutions to today's complex IT problems. We have a highly skilled and motivated workforce that will guarantee the right solution.

    Working with select business partners, we can offer competitive and cost effective packages tailored to suit your budget and/or business requirements.

    Our knowledge and experience cover vast areas of IT including technical design, provision and installation of hardware (Wintel and IBM Midrange), technical engineering services, support services, IT project management, application testing, documentation and training.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✖ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    rowtonit.com

    Regional Coverage:
    United Kingdom

    Logo for RowtonIT.com.

    Vendor Profile #2

    Connectria

    Summary of Vendor

    “Every journey starts with a single step and for Connectria, that step happened to be with the world’s largest bank, Deutsche Bank. Followed quickly by our second client, IBM. Since then, we have added over 1,000 clients worldwide. For 25 years, each customer, large or small, has relied on Connectria to deliver on promises made to make it easy to do business with us through flexible terms, scalable solutions, and straightforward pricing. Join us on our journey.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    connectria.com

    Regional Coverage:
    United States

    Logo for Connectria.

    Vendor Profile #3

    Mid-Range

    Summary of Vendor

    “Founded in 1988 and profitable throughout all of those 31 years, we have a solid track record of success. At Mid-Range, we use our expertise to assess your unique needs, in order to proactively develop the most effective IT solution for your requirements. Our full-service approach to technology and our diverse and in-depth industry expertise keep our clients coming back year after year.

    Serving clients across North America in a variety of industries, from small and emerging organizations to large, established enterprises – we’ve seen it all. Whether you need hardware or software solutions, disaster recovery and high availability, managed services or hosting or full ERP services with our JD Edwards offerings – we have the methods and expertise to help.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    midrange.ca

    Regional Coverage:
    Canada

    Logo for Mid-Range.

    Activity

    Understand your vendor options

    Activities:
    1. Create your vendor profiles
    2. Score vendor responses
    3. Develop and manage your vendor agenda

    This activity involves the following participants:

    • IT strategic direction decision makers
    • IT managers responsible for an existing iSeries or IBM i platform

    Outcomes of this step:

    • Vendor Profile Template
    • Completed IT Infrastructure Outsourcing Scoring Tool

    Info-Tech Insights

    This check-point process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

    1. Create your vendor profiles

    Define what you are looking for:

    • Create a vendor profile for every vendor of interest.
    • Leverage our starting list and template to track and record the advantages of each vendor.

    Mindshift

    First National Technology Solutions

    Key Information Systems

    MainLine

    Direct Systems Support

    T-Systems

    Horizon Computer Solutions Inc.

    Vendor Profile Template

    [Vendor Name]

    Summary of Vendor

    [Vendor Summary]
    *Detail the Vendor Services as a Summary*

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)
    *Itemize the Vendor Services specific to your requirements*

    URL
    https://www.url.com/
    *Insert the Vendor URL*

    Regional Coverage:
    [Country\Region]
    *Insert the Vendor Coverage & Locations*

    *Insert the Vendor Logo*

    2. Score your vendor responses

    Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.
    Use Info-Tech’s IT Infrastructure Outsourcing Scoring Tool to systematically score your vendor responses.

    The overall quality of the IBM i questions can help you understand what it might be like to work with the vendor.

    Consider the following questions:

    • Is the vendor clear about what it’s able to offer? Is its response transparent?
    • How much effort did the vendor put into answering the questions?
    • Does the vendor seem like someone you would want to work with?

    Once you have the vendor responses, you will select two or three vendors to continue assessing in more depth leading to an eventual final selection.

    Screenshot of the IT Infrastructure Outsourcing Scoring Tool's Scoring Sheet. There are three tables: 'Scoring Scale', 'Results', and one with 'RFP Questions'. Note on Results table says 'Top Scoring Vendors', and note on questions table says 'List your IBM i questions (requirements)'.

    Info-Tech Insights

    Watch out for misleading scores that result from poorly designed criteria weightings.

    3. Develop your vendor agenda

    Vendor Conference Call

    Develop an agenda for the conference call. Here is a sample agenda:
    • Review the vendor questions.
    • Go over answers to written vendor questions previously submitted.
    • Address new vendor questions.

    Commonly Debated Question:
    Should vendors be asked to remain anonymous on the call or should each vendor mention their organization when they join the call?

    Many organizations worry that if vendors can identify each other, they will price fix. However, price fixing is extremely rare due to its consequences and most vendors likely have a good idea which other vendors are participating in the bid. Another thought is that revealing vendors could either result in a higher level of competition or cause some vendors to give up:

    • A vendor that hears its rival is also bidding may increase the competitiveness of its bid and response.
    • A vendor that feels it doesn’t have a chance may put less effort into the process.
    • A vendor that feels it doesn’t have real competition may submit a less competitive or detailed response than it otherwise would have.

    Vendor Workshop

    A vendor workshop day is an interactive way to provide context to your vendors and to better understand the vendors’ offerings. The virtual or in-person interaction also offers a great way to understand what it’s like to work with each vendor and decide whether you could build a partnership with them in the long run.

    The main focus of the workshop is the vendors’ service solution presentation. Here is a sample agenda for a two-day workshop:

    Day 1
    • Meet and greet
    • Welcome presentation with objectives, acquisition strategy, and company overview
    • Overview of the current IT environment, technologies, and company expectations
    • Question and answer session
    • Site walk
    Day 2
    • Review Day 1 activities
    • Vendor presentations and solution framing
    Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services
    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery
    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap
    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Define Your Cloud Vision
    Make the most of cloud for your organization.

    Document Your Cloud Strategy
    Drive consensus by outlining how your organization will use the cloud.

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Create a Better RFP Process
    Improve your RFPs to gain leverage and get better results.

    Research Authors

    Photo of Darin Stahl, Principal Research Advisor, Info-Tech Research Group.Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Principal Research Advisor within the Infrastructure Practice and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring (APM), Managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Photo of Troy Cheeseman, Practice Lead, Info-Tech Research Group.Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 24 years of experience and has championed large, enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

    Research Contributors

    Photo of Dan Duffy, President & Owner, Mid-Range.Dan Duffy, President & Owner, Mid-Range

    Dan Duffy is the President and Founder of Mid-Range Computer Group Inc., an IBM Platinum Business Partner. Dan and his team have been providing the Canadian and American IBM Power market with IBM infrastructure solutions including private cloud, hosting and disaster recovery, high availability and data center services since 1988. He has served on numerous boards and associations including the Toronto Users Group for Mid-Range Systems (TUG), the IBM Business Partners of the Americas Advisory Council, the Cornell Club of Toronto, and the Notre Dame Club of Toronto. Dan holds a Bachelor of Science from Cornell University.

    Photo of George Goodall, Executive Advisor, Info-Tech Research Group.George Goodall, Executive Advisor, Info-Tech Research Group

    George Goodall is an Executive Advisor in the Research Executive Services practice at Info-Tech Research Group. George has over 20 years of experience in IT consulting, enterprise software sales, project management, and workshop delivery. His primary focus is the unique challenges and opportunities in organizations with small and constrained IT operations. In his long tenure at Info-Tech, George has covered diverse topics including voice communications, storage, and strategy and governance.

    Bibliography

    “Companies using IBM i (formerly known as i5/OS).” Enlyft, 21 July 2021. Web.

    Connor, Clare. “IBM i and Meeting the Challenges of Modernization.” Ensono, 22 Mar. 2022. Web.

    Huntington, Tom. “60+ IBM i User Groups and Communities to Join?” HelpSystems, 16 Dec. 2021. Web.

    Perkins, Dale. “The Road to Power Cloud: June 21st 1988 to now. The Journey Continues.” Mid-Range, 1 Nov. 2021. Web.

    Prickett Morgan, Timothy. “How IBM STACKS UP POWER8 AGAINST XEON SERVERS.” The Next Platform, 13 Oct. 2015. Web.

    “Why is AS/400 still used? Four reasons to stick with a classic.” NTT, 21 July 2016. Web.

    Appendix

    Public Cloud Provider Notes

    Appendix –
    Cloud
    Providers


    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    AWS

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    Google

    • Google Cloud console supports IBM Power Systems.
    • This offering provides cloud instances running on IBM Power Systems servers with PowerVM.
    • The service uses a per-day prorated monthly subscription model for cloud instance plans with different capacities of compute, memory, storage, and network. Standard plans are listed below and custom plans are possible.
    • There is no IBM i offering yet that we are aware of.
    • For AIX on Power, this would appear to be a better option than AWS (Converge Enterprise Cloud with IBM Power for Google Cloud).

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    Azure

    • Azure has partners using the Azure Dedicated Host offerings to deliver “native support for IBM POWER Systems to Azure data centres” (PowerWire).
    • Microsoft has installed Power servers in an couple Azure data centers and Skytap manages the IBM i, AIX, and Linux environments for clients.
    • As far as I am aware there is no ability to install IBM i or AIX within an Azure Dedicated Host via the retail interfaces – these must be worked through a partner like Skytap.
    • The cloud route for IBM i or AIX might be the easiest working with Skytap and Azure. This would appear to be a better option than AWS in my opinion.

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    IBM

    Modernize the Network

    • Buy Link or Shortcode: {j2store}501|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $16,499 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Network Management
    • Parent Category Link: /network-management
    • Business units, functions, and processes are inextricably intertwined with less and less tolerance for downtime.
    • Business demands change rapidly but the refresh horizon for infrastructure remains 5-7 years.
    • The number of endpoint devices the network is expected to support is growing geometrically but historic capacity planning grew linearly.
    • The business is unable to clearly define requirements, paralyzing planning.

    Our Advice

    Critical Insight

    • Build for your needs. Don’t fall into the trap of assuming what works for your neighbor, your peer, or your competitor will work for you.
    • Deliver on what your business knows it needs as well as what it doesn’t yet know it needs. Business leaders have business vision, but this vision won’t directly demand the required network capabilities to enable the business. This is where you come in.
    • Modern technologies are hampered by vintage processes. New technologies demand new ways of accomplishing old tasks.

    Impact and Result

    • Use a systematic approach to document all stakeholder needs and rely on the network technical staff to translate those needs into design constraints, use cases, features, and management practices.
    • Spend only on those emerging technologies that deliver features offering direct benefits to specific business goals and IT needs.
    • Solidify the business case for your network modernization project by demonstrating and quantifying the hard dollar value it provides to the business.

    Modernize the Network Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize the enterprise network, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the network

    Identify and prioritize stakeholder and IT/networking concerns.

    • Modernize the Network – Phase 1: Assess the Network
    • Network Modernization Workbook

    2. Envision the network of the future

    Learn about emerging technologies and identify essential features of a modernized network solution.

    • Modernize the Network – Phase 2: Envision Your Future Network
    • Network Modernization Technology Assessment Tool

    3. Communicate and execute the plan

    Compose a presentation for stakeholders and prepare the RFP for vendors.

    • Modernize the Network – Phase 3: Communicate and Execute the Plan
    • Network Modernization Roadmap
    • Network Modernization Executive Presentation Template
    • Network Modernization RFP Template
    [infographic]

    Workshop: Modernize the Network

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Network

    The Purpose

    Understand current stakeholder and IT needs pertaining to the network.

    Key Benefits Achieved

    Prioritized lists of stakeholder and IT needs.

    Activities

    1.1 Assess and prioritize stakeholder concerns.

    1.2 Assess and prioritize design considerations.

    1.3 Assess and prioritize use cases.

    1.4 Assess and prioritize network infrastructure concerns.

    1.5 Assess and prioritize care and control concerns.

    Outputs

    Current State Register

    2 Analyze Emerging Technologies and Identify Features

    The Purpose

    Analyze emerging technologies to determine whether or not to include them in the network modernization.

    Identify and shortlist networking features that will be part of the network modernization.

    Key Benefits Achieved

    An understanding of what emerging technologies are suitable for including in your network modernization.

    A prioritized list of features, aligned with business needs, that your modernized network must or should have.

    Activities

    2.1 Analyze emerging technologies.

    2.2 Identify features to support drivers, practices, and pain points.

    Outputs

    Emerging technology assessment

    Prioritize lists of modernized network features

    3 Plan for Future Capacity

    The Purpose

    Estimate future port, bandwidth, and latency requirements for all sites on the network.

    Key Benefits Achieved

    Planning for capacity ensures the network is capable of delivering until the next refresh cycle and beyond.

    Activities

    3.1 Estimate port, bandwidth, and latency requirements.

    3.2 Group sites according to capacity requirements.

    3.3 Create standardized capacity plans for each group.

    Outputs

    A summary of capacity requirements for each site in the network

    4 Communicate and Execute the Plan

    The Purpose

    Create a presentation to pitch the project to executives.

    Compose key elements of RFP.

    Key Benefits Achieved

    Communication to executives, summarizing the elements of the modernization project that business decision makers will want to know, in order to gain approval.

    Communication to vendors detailing the network solution requirements so that proposed solutions are aligned to business and IT needs.

    Activities

    4.1 Build the executive presentation.

    4.2 Compose the scope of work.

    4.3 Compose technical requirements.

    Outputs

    Executive Presentation

    Request for Proposal/Quotation

    Review and Improve Your IT Policy Library

    • Buy Link or Shortcode: {j2store}193|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $34,724 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
    • Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
    • Policy issues are taking up too much of your time and distracting you from the real issues you need to address.

    Our Advice

    Critical Insight

    A dynamic and streamlined policy approach will:

    1. Right-size policies to address the most critical IT risks.
    2. Clearly lay out a step-by-step process to complete daily tasks in compliance.
    3. Obtain policy adherence without having to be “the police.”

    To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.

    Impact and Result

    • Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
    • Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
    • Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.

    Review and Improve Your IT Policy Library Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to write better policies that mitigate the risks you care about and get the business to follow them, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess

    Assess your risk landscape and design a plan to update your policy network based on your most critical risks.

    • Review and Improve Your IT Policy Library – Phase 1: Assess
    • Policy Management RACI Chart Template
    • Policy Management Tool
    • Policy Action Plan

    2. Draft and implement

    Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.

    • Review and Improve Your IT Policy Library – Phase 2: Draft and Implement
    • Policy Template
    • Policy Communication Plan Template

    3. Monitor, enforce, revise

    Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.

    • Review and Improve Your IT Policy Library – Phase 3: Monitor, Enforce, Revise
    [infographic]

    Workshop: Review and Improve Your IT Policy Library

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish & Assess

    The Purpose

    Identify the pain points associated with IT policies.

    Establish the policy development process.

    Begin formulating a plan to re-design the policy network.

    Key Benefits Achieved

    Establish the policy process.

    Highlight key issues and pain points regarding policy.

    Assign roles and responsibilities.

    Activities

    1.1 Introduce workshop.

    1.2 Identify the current pain points with policy management.

    1.3 Establish high-level goals around policy management.

    1.4 Select metrics to measure achievement of goals.

    1.5 Create an IT policy working group (ITPWG).

    1.6 Define the scope and purpose of the ITPWG.

    Outputs

    List of issues and pain points for policy management

    Set of six to ten goals for policy management

    Baseline and target measured value

    Amended steering committee or ITPWG charter

    Completed RACI chart

    Documented policy development process

    2 Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan

    The Purpose

    Identify key risks.

    Develop an understanding of which risks are most critical.

    Design a policy network that best mitigates those risks.

    Key Benefits Achieved

    Use a risk-driven approach to decide which policies need to be written or updated first.

    Activities

    2.1 Identify risks at a high level.

    2.2 Assess each identified risk scenario on impact and likelihood.

    2.3 Map current and required policies to risks.

    2.4 Assess policy effectiveness.

    2.5 Create a policy action plan.

    2.6 Select policies to be developed during workshop.

    Outputs

    Ranked list of IT’s risk scenarios

    Prioritized list of IT risks (simplified risk register)

    Policy action plan

    3 Develop Policies

    The Purpose

    Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.

    Key Benefits Achieved

    Write policies that work and get them approved.

    Activities

    3.1 Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.

    3.2 Draft two to four policies

    Outputs

    Drafted policies

    4 Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio

    The Purpose

    Build an understanding of how well the organization’s value creation activities are being supported.

    Key Benefits Achieved

    Identify an area or capability that requires improvement.

    Activities

    4.1 Review draft policies and update if necessary.

    4.2 Create a policy communication plan.

    4.3 Select KPIs.

    4.4 Review root-cause analysis techniques.

    Outputs

    Final draft policies

    Policy communications plan

    KPI tracking log

    Modernize Enterprise Storage

    • Buy Link or Shortcode: {j2store}538|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Current storage solutions are nearing end of life, performance or capacity limits.
    • Data continues to grow at an exponential rate, and management complexity is growing even faster. Some kinds of data, like unstructured data, are leading factors in the exponential growth of data.
    • Emerging storage technologies and storage software/automation are disrupting the market and redefining the role of disk arrays, including how storage aligns with people and process.
    • Storage infrastructure budgets are not satisfying the exponential growth of data.

    Our Advice

    Critical Insight

    • Start with the data, not storage. Answer what is being stored and why before investigating the where and how of storage solutions.
    • Governance and archiving are not IT projects. These can have tremendous benefits for managing data growth but must involve the larger business.
    • More capacity is not a long-term solution. Data is growing faster than decreasing storage costs. Data and capacity mitigation strategies will help in more effective and efficient infrastructure utilization and cost reduction.

    Impact and Result

    • It’s about the data. Start with what is being supported and why. Decide on what and how data is stored before you decide on where. Let the needs of your workloads and governance requirements of your business drive your storage infrastructure decisions and the technologies you adopt.
    • Identify current and future capacity needs for current and future data drivers. Evaluating the ability of current infrastructure to meet these needs will help you discover necessary additions to meet these requirements.
    • Identify governance requirements and constraints that exist across the organization and are specific to workloads. Technology has to conform to these requirements and constraints, not the other way around.
    • Align people and process with technology changes. To effectively utilize the changes in storage, appropriate changes must be made to existing people and process.

    Modernize Enterprise Storage Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize enterprise storage, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the case for storage modernization

    Develop the business case for modernizing storage and assess your existing infrastructure for meeting data needs.

    • Modernize Enterprise Storage – Phase 1: Build the Case for Storage Modernization
    • Modernize Enterprise Storage Workbook

    2. Develop your storage technology needs and goals

    Review data governance, explore emerging storage technologies, and identify current and future storage needs.

    • Modernize Enterprise Storage – Phase 2: Develop Your Storage Technology Needs and Goals
    • Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap
    • Evaluate Software-Defined Storage Solutions for Your Infrastructure Roadmap
    • Evaluate All Flash in Primary Storage for Your Infrastructure Roadmap
    • Infrastructure Roadmap Technology Assessment Tool

    3. Develop and communicate the roadmap, TCO, and RFP

    Communicate the roadmap with people, process, and technology initiatives, develop an RFP, and conduct a TCO.

    • Modernize Enterprise Storage – Phase 3: Develop and Communicate the Roadmap and RFP
    • Modernize Enterprise Storage Communications Report
    [infographic]

    Workshop: Modernize Enterprise Storage

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Business Case and Assess Current State

    The Purpose

    Identify a business case and need for storage modernization by assessing current and future storage needs.

    Key Benefits Achieved

    A clear understanding of the business expectations and needs of storage infrastructure.

    Activities

    1.1 Identify current storage pain points.

    1.2 Discuss storage modernization drivers.

    1.3 Identify data growth drivers.

    1.4 Determine relative growth burden.

    Outputs

    Alignment of storage modernization with organizational pain points

    Desired outcomes of storage modernization

    An understanding of growth impact across drivers

    An understanding of capacity and expansion needs

    2 Review Governance and Emerging Technologies

    The Purpose

    Review existing data governance.

    Explore emerging technologies and trends in the storage space.

    Key Benefits Achieved

    Review data governance objectives that must be met.

    Identify a shortlist of storage technologies and trends that may be of interest.

    Activities

    2.1 Shortlist interest in storage technologies.

    2.2 Prioritize shortlist of storage technologies.

    2.3 Identify solutions that meet data and governance needs.

    Outputs

    A starting point for research into new and emerging storage technologies

    Expressed interest in adopting storage technologies

    A list of storage solutions needed to deliver on future data and governance needs

    3 Identify Storage Needs and Develop Initiatives

    The Purpose

    Identify the people, process, and technology initiatives required to adopt new storage technologies.

    Key Benefits Achieved

    Align your organizational people and process with new and disruptive technologies to best take advantage of what these new technologies have to offer.

    Activities

    3.1 Complete future storage structure planning tool.

    3.2 Identify storage modernization technology initiatives.

    3.3 Identify storage modernization people initiatives.

    3.4 Identify storage modernization process initiatives.

    Outputs

    A understanding of the future state of your storage infrastructure

    Technology initiatives needed to adopt storage structure

    People initiatives needed to adopt storage structure

    Process initiatives needed to adopt storage structure

    4 Build a Roadmap and RFP, Calculate TCO

    The Purpose

    Develop an executive communications report.

    Conduct a TCO analysis comparing on-premises and cloud storage solutions.

    Key Benefits Achieved

    Communicate storage modernization goals and plans to stakeholders.

    Activities

    4.1 Prioritize storage modernization initiatives.

    4.2 Complete project timeline and build roadmap.

    4.3 Compare TCO of on-premises and cloud storage solutions.

    Outputs

    Alignment of people, process, and technology with storage adoption

    Communicate storage modernization goals and plans to stakeholders and executives

    Compare cost of on-premises and cloud storage alternatives

    Develop a COVID-19 Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}420|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • IT departments are being asked to rapidly ramp up work-from-home capabilities and other business process workarounds.
    • Crisis managers are experiencing a pandemic more severe than what they’ve managed in the past.
    • Organizations are scrambling to determine how they can keep their businesses running through this pandemic.

    Our Advice

    Critical Insight

    • Obstacles to working from home go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needs to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Resist the temptation to bypass IT processes – your future-self will thank you for tracking all those assets about to go out the door.

    Impact and Result

    • Start with crisis management fundamentals – identify crisis management roles and exercise appropriate crisis communication.
    • Prioritize business processes and work-from-home requirements. Not everyone can be set up on day one.
    • Don’t over-complicate your work-from-home deployment plan. A simple spreadsheet (see the Work-from-Home Requirements Tool) to track requirements can be very effective.

    Develop a COVID-19 Pandemic Response Plan Research & Tools

    Start here

    Stay up to date on COVID-19 and the resources available to you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a COVID-19 Pandemic Response Plan Storyboard

    1. Manage the pandemic crisis

    Identify key roles and immediate steps to manage this crisis.

    • Pandemic Response Plan Example

    2. Create IT’s plan to support the pandemic response plan

    Plan the deployment of a work-from-home initiative.

    • Work-From-Home Requirements Tool
    [infographic]

    Enable Organization-Wide Collaboration by Scaling Agile

    • Buy Link or Shortcode: {j2store}174|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $12,989 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Your organization is realizing benefits from adopting Agile principles and practices in pockets of your organization.
    • You are starting to investigate opportunities to extend Agile beyond these pilot implementations into other areas of the organization. You are looking for a coordinated approach aligned to business priorities.

    Our Advice

    Critical Insight

    • Not all lessons from a pilot project are transferable. Pilot processes are tailored to a specific project’s scope, team, and tools, and they may not account for the diverse attributes in your organization.
    • Control may be necessary for coordination. More moving parts means enforcing consistent cadences, reporting, and communication is a must if teams are not disciplined or lack good governance.
    • Scale Agile in departments tolerable to change. Incrementally roll Agile out in departments where its principles are accepted (e.g. a culture of continuous improvement, embracing failures as lessons).

    Impact and Result

    • Complete an Agile capability assessment of your pilot functional group to gauge anticipated Agile benefits. Identify the business objectives and the group drivers that are motivating a scaled Agile implementation.
    • Understand the challenges that you may face when scaling Agile. Investigate the root causes of inefficiencies that can derail your scaling initiatives.
    • Brainstorm solutions to your scaling challenges and envision a target state for your growing Agile environment. Your target state will discover new opportunities to drive more business value and eliminate current activities driving down productivity.
    • Coordinate the implementation and execution of scaling Agile initiatives with a Scaling Agile Playbook. This organic and collaborative document will lay out the process, roles, goals, and objectives needed to successfully manage your Agile environment.

    Enable Organization-Wide Collaboration by Scaling Agile Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should scale up Agile, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gauge readiness to scale up Agile

    Evaluate the readiness of the pilot functional group and Agile development processes to adopt scaled Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 1: Gauge Readiness to Scale Up Agile
    • Scaling Agile Playbook Template
    • Scrum Development Process Template

    2. Define scaled Agile target state

    Alleviate scaling issues and risks and introduce new opportunities to enhance business value delivery with Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 2: Define Scaled Agile Target State

    3. Create implementation plan

    Roll out scaling Agile initiatives in a gradual, iterative approach and define the right metrics to demonstrate success.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 3: Create Implementation Plan
    [infographic]

    Workshop: Enable Organization-Wide Collaboration by Scaling Agile

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Gauge Your Readiness to Scale Up Agile

    The Purpose

    Identify the business objectives and functional group drivers for adopting Agile practices to gauge the fit of scaling Agile.

    Select the pilot project to demonstrate the value of scaling Agile.

    Review and evaluate your current Agile development process and functional group structure.

    Key Benefits Achieved

    Understanding of the notable business and functional group gaps that can derail the scaling of Agile.

    Selection of a pilot program that will be used to gather metrics to continuously improve implementation and obtain buy-in for wider rollout.

    Realization of the root causes behind functional group and process issues in the current Agile implementation.

    Activities

    1.1 Assess your pilot functional group

    Outputs

    Fit assessment of functional group to pilot Agile scaling

    Selection of pilot program

    List of critical success factors

    2 Define Your Scaled Agile Target State

    The Purpose

    Think of solutions to address the root causes of current communication and process issues that can derail scaling initiatives.

    Brainstorm opportunities to enhance the delivery of business value to customers.

    Generate a target state for your scaled Agile implementation.

    Key Benefits Achieved

    Defined Agile capabilities and services of your functional group.

    Optimized functional group team structure, development process, and program framework to support scaled Agile in your context.

    Identification and accommodation of the risks associated with implementing and executing Agile capabilities.

    Activities

    2.1 Define Agile capabilities at scale

    2.2 Build your scaled Agile target state

    Outputs

    Solutions to scaling issues and opportunities to deliver more business value

    Agile capability map

    Functional group team structure, Agile development process and program framework optimized to support scaled Agile

    Risk assessment of scaling Agile initiatives

    3 Create Your Implementation Plan

    The Purpose

    List metrics to gauge the success of your scaling Agile implementation.

    Define the initiatives to scale Agile in your organization and to prepare for a wider rollout.

    Key Benefits Achieved

    Strategic selection of the right metrics to demonstrate the value of scaling Agile initiatives.

    Scaling Agile implementation roadmap based on current resource capacities, task complexities, and business priorities.

    Activities

    3.1 Create your implementation plan

    Outputs

    List of metrics to gauge scaling Agile success

    Scaling Agile implementation roadmap

    Build Your Security Operations Program From the Ground Up

    • Buy Link or Shortcode: {j2store}263|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $56,299 Average $ Saved
    • member rating average days saved: 43 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Analysts cannot monitor and track events coming from multiple tools because they have no visibility into the threat environment.
    • Incident management takes away time from problem management because processes are ad hoc and the continuous monitoring, collection, and analysis of massive volumes of security event data is responsive rather than tactical.
    • Organizations are struggling to defend against and prevent threats while juggling business, compliance, and consumer obligations.

    Our Advice

    Critical Insight

    • Security operations is no longer a center but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    • Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization and needs configuration. Prevention, detection, analysis, and response processes must contextualize threat data and supplement one another – true value will only be realized once all four functions operate as a unified process.
    • If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Impact and Result

    • A centralized security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes that address the increasing sophistication of cyberthreats while guiding continuous improvement.
    • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Build Your Security Operations Program From the Ground Up Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a security operations program, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish your foundation

    Determine how to establish the foundation of your security operations.

    • Build Your Security Operations Program From the Ground Up – Phase 1: Establish Your Foundation
    • Information Security Pressure Analysis Tool

    2. Assess your current state

    Assess the maturity of your prevention, detection, analysis, and response processes.

    • Build Your Security Operations Program From the Ground Up – Phase 2: Assess Your Current State
    • Security Operations Roadmap Tool

    3. Design your target state

    Design a target state and improve your governance and policy solutions.

    • Build Your Security Operations Program From the Ground Up – Phase 3: Design Your Target State
    • Security Operations Policy

    4. Develop an implementation roadmap

    Make your case to the board and develop a roadmap for your prioritized security initiatives.

    • Build Your Security Operations Program From the Ground Up – Phase 4: Develop an Implementation Roadmap
    • In-House vs. Outsourcing Decision-Making Tool
    • Security Operations MSSP RFP Template
    • Security Operations Project Charter Template
    • Security Operations RACI Tool
    • Security Operations Metrics Summary Document
    [infographic]

    Workshop: Build Your Security Operations Program From the Ground Up

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Your Foundation

    The Purpose

    Identify security obligations and the security operations program’s pressure posture.

    Assess current people, process, and technology capabilities.

    Determine foundational controls and complete system and asset inventory.

    Key Benefits Achieved

    Identified the foundational elements needed for planning before a security operations program can be built

    Activities

    1.1 Define your security obligations and assess your security pressure posture.

    1.2 Determine current knowledge and skill gaps.

    1.3 Shine a spotlight on services worth monitoring.

    1.4 Assess and document your information system environment.

    Outputs

    Customized security pressure posture

    Current knowledge and skills gaps

    Log register of essential services

    Asset management inventory

    2 Assess Current Security Operations Processes

    The Purpose

    Identify the maturity level of existing security operations program processes.

    Key Benefits Achieved

    Current maturity assessment of security operations processes

    Activities

    2.1 Assess the current maturity level of the existing security operations program processes.

    Outputs

    Current maturity assessment

    3 Design a Target State

    The Purpose

    Design your optimized target state.

    Improve your security operations processes with governance and policy solutions.

    Identify and prioritize gap initiatives.

    Key Benefits Achieved

    A comprehensive list of initiatives to reach ideal target state

    Optimized security operations with repeatable and standardized policies

    Activities

    3.1 Complete standardized policy templates.

    3.2 Map out your ideal target state.

    3.3 Identify gap initiatives.

    Outputs

    Security operations policies

    Gap analysis between current and target states

    List of prioritized initiatives

    4 Develop an Implementation Roadmap

    The Purpose

    Formalize project strategy with a project charter.

    Determine your sourcing strategy for in-house or outsourced security operations processes.

    Assign responsibilities and complete an implementation roadmap.

    Key Benefits Achieved

    An overarching and documented strategy and vision for your security operations

    A thorough rationale for in-house or outsourced security operations processes

    Assigned and documented responsibilities for key projects

    Activities

    4.1 Complete a security operations project charter.

    4.2 Determine in-house vs. outsourcing rationale.

    4.3 Identify dependencies of your initiatives and prioritize initiatives in phases of implementation.

    4.4 Complete a security operations roadmap.

    Outputs

    Security operations project charter

    In-house vs. outsourcing rationale

    Initiatives organized according to phases of development

    Planned and achievable security operations roadmap

    Cost-Reduction Planning for IT Vendors

    • Buy Link or Shortcode: {j2store}73|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $12,733 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Unprecedented health and economic conditions are putting extreme pressure and controls on expense management.
    • IT needs to implement proactive measures to reduce costs with immediate results.
    • IT must sustain these reductions beyond the near term since no one knows how long the current conditions will last.

    Our Advice

    Critical Insight

    • Proactively initiating a “War on Waste” (WoW) to reduce the expenses and costs in areas that do not impact operational capabilities of IT is an easy way to reduce IT expenditures.
    • This is accomplished by following the principle “Stop Doing Stupid Stuff” (SDSS), which many organizations deemphasize or overlook during times of growth and prosperity.
    • Initiating a WoW and SDSS program with passion, creativity, and urgency will deliver short-term cost reductions.

    Impact and Result

    • Pinpoint and implement tactical countermeasures and savings opportunities to reduce costs immediately (Reactive: <3 months).
    • Identify and deploy proven practices to capture and sustain expense reduction throughout the mid-term (Proactive: 3-12months).
    • Create a long-term strategy to improve flexibility, make changes more swiftly, and quickly generate cost-cutting opportunities (Strategic: >12 months).
    • Use Info-Tech’s 4 R’s Framework (Required, Removed, Rescheduled, and Reduced) and guiding principles to develop your cost-reduction roadmap.

    Cost-Reduction Planning for IT Vendors Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Storyboard

    Read our concise Executive Brief to find out how you can reduce your IT cost in the short term while establishing a foundation for long-term sustainment of IT cost containment.

    • Cost-Reduction Planning for IT Vendors Storyboard
    • Cost-Cutting Classification and Prioritization Tool
    [infographic]

    Build a Cloud Security Strategy

    • Buy Link or Shortcode: {j2store}169|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $38,592 Average $ Saved
    • member rating average days saved: 44 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing.
    • With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.

    Our Advice

    Critical Insight

    • Cloud security is not fundamentally different from security on premises.
    • While some of the mechanics are different, the underlying principles are the same. Accountability doesn’t disappear.
    • By virtue of its broad network accessibility, the cloud does expose decisions to extreme scrutiny, however.

    Impact and Result

    • The business is adopting a cloud environment and it must be secured, which includes:
      • Ensuring business data cannot be leaked or stolen.
      • Maintaining privacy of data and other information.
      • Securing the network connection points.
    • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

    Build a Cloud Security Strategy Research & Tools

    Start Here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a cloud security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Explore security considerations for the cloud

    Explore how the cloud changes the required controls and implementation strategies for a variety of different security domains.

    • Build a Cloud Security Strategy – Phase 1: Explore Security Considerations for the Cloud
    • Cloud Security Information Security Gap Analysis Tool
    • Cloud Security Strategy Template

    2. Prioritize initiatives and construct a roadmap

    Develop your organizational approach to various domains of security in the cloud, considering the cloud’s unique risks and challenges.

    • Build a Cloud Security Strategy – Phase 2: Prioritize Initiatives and Construct a Roadmap
    [infographic]

    Workshop: Build a Cloud Security Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Approach

    The Purpose

    Define your unique approach to improving security in the cloud.

    Key Benefits Achieved

    An understanding of the organization’s requirements for cloud security.

    Activities

    1.1 Define your approach to cloud security.

    1.2 Define your governance requirements.

    1.3 Define your cloud security management requirements.

    Outputs

    Defined cloud security approach

    Defined governance requirements

    2 Respond to Cloud Security Challenges

    The Purpose

    Explore challenges posed by the cloud in various areas of security.

    Key Benefits Achieved

    An understanding of how the organization needs to evolve to combat the unique security challenges of the cloud.

    Activities

    2.1 Explore cloud asset management.

    2.2 Explore cloud network security.

    2.3 Explore cloud application security.

    2.4 Explore log and event management.

    2.5 Explore cloud incident response.

    2.6 Explore cloud eDiscovery and forensics.

    2.7 Explore cloud backup and recovery.

    Outputs

    Understanding of cloud security strategy components (cont.).

    3 Build Cloud Security Roadmap

    The Purpose

    Identify initiatives to mitigate challenges posed by the cloud in various areas of security.

    Key Benefits Achieved

    A roadmap for improving security in the cloud.

    Activities

    3.1 Define tasks and initiatives.

    3.2 Finalize your task list

    3.3 Consolidate gap closure actions into initiatives.

    3.4 Finalize initiative list.

    3.5 Conduct a cost-benefit analysis.

    3.6 Prioritize initiatives and construct a roadmap.

    3.7 Create effort map.

    3.8 Assign initiative execution waves.

    3.9 Finalize prioritization.

    3.10 Incorporate initiatives into a roadmap.

    3.11 Schedule initiatives.

    3.12 Review your results.

    Outputs

    Defined task list.

    Cost-benefit analysis

    Roadmap

    Effort map

    Initiative schedule

    Prepare for the Upgrade to Windows 11

    • Buy Link or Shortcode: {j2store}166|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices
    • Windows 10 is going EOL in 2025.That is closer than you think.
    • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft initiated catastrophe?
    • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

    Our Advice

    Critical Insight

    Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system. Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    Impact and Result

    Windows 11 hardware requirements will result in devices that are not eligible for the upgrade. Companies will be left to spend money on replacement devices. Following the Info-Tech guidance will help clients properly budget for hardware replacements before Windows 10 is no longer supported by Microsoft. Eligible devices can be upgraded, but Info-Tech guidance can help clients properly plan the upgrade using the upgrade ring approach.

    Prepare for the Upgrade to Windows 11 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the Upgrade to Windows 11 Deck – A look into some of the pros and cons of Microsoft’s latest desktop operating system, along with guidance on moving forward with this inevitable upgrade.

    Discover the reason for the release of Windows 11, what you require to be eligible for the upgrade, what features were added or updated, and what features were removed. Our guidance will assist you with a planned and controlled rollout of the Windows 11 upgrade. We also provide guidance on how to approach a device refresh plan if some devices are not eligible for Windows 11. The upgrade is inevitable, but you have time, and you have options.

    • Prepare for the Upgrade to Windows 11 Storyboard

    2. What Are My Options If My Devices Cannot Upgrade to Windows 11? – Build a Windows 11 Device Replacement budget with our Hardware Asset Management Budgeting Tool.

    This tool will help you budget for a hardware asset refresh and to adjust the budget as necessary to accommodate any unexpected changes. The tool can easily be modified to assist in developing and justifying the budget for hardware assets for a Windows 11 project. Follow the instructions on each tab and feel free to play with the HAM budgeting tool to fit your needs.

    • HAM Budgeting Tool
    [infographic]

    Further reading

    Prepare for the Upgrade to Windows 11

    The upgrade is inevitable, but you have time, and you have options.

    Analyst Perspective

    Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

    “You hear that Mr. Anderson? That is the sound of inevitability.” ("The Matrix Quotes" )

    The fictitious Agent Smith uttered those words to Keanu Reeves’ character, Neo, in The Matrix in 1999, and while Agent Smith was using them in a very sinister and figurative context, the words could just as easily be applied to the concept of upgrading to the Windows 11 operating system from Microsoft in 2022.

    There have been two common, recurring themes in the media since late 2019. One is the global pandemic and the other is cyber-related crime. Microsoft is not in a position to make an impact on a novel coronavirus, but it does have the global market reach to influence end-user technology and it appears that it has done just that. Windows 11 is a step forward in endpoint security and functionality. It also solidifies the foundation for future innovations in end-user operating systems and how they are delivered. Windows-as-a-Service (WAAS) is the way forward for Microsoft. Windows 10 is living on borrowed time, with a defined end of support date of October 14, 2025. Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

    It is inevitable!

    P.J. Ryan

    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Windows 10 is going EOL in 2025. That is closer than you think.
    • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft-initiated catastrophe?
    • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

    Common Obstacles

    • The difference between Windows 10 and Windows 11 is not clear. Windows 11 looks like Windows 10 with some minor changes, mostly cosmetic. Many online users don’t see the need. Why upgrade? What are the benefits?
    • The cost of upgrading devices just to be eligible for Windows 11 is high.
    • Your end users don’t like change. This is not going to go over well!

    Info-Tech's Approach

    • Spend wisely. Space out your endpoint replacements and upgrades over several years. You do not have to upgrade everything right away.
    • Be patient. Windows 11 contained some bugs when it was initially released. Microsoft fixed most of the issues through monthly quality updates, but you should ensure that you are comfortable with the current level of functionality before you upgrade.
    • Use the upgrade ring approach. Test your applications with a small group first, and then stage the rollout to increasingly larger groups over time.

    Info-Tech Insight

    There is a lot of talk about Windows 11, but this is only an operating system upgrade, and it is not a major one. Understand what is new, what is added, and what is missing. Check your devices to determine how many are eligible and ineligible. Many organizations will have to spend capital on endpoint upgrades. Solid asset management practices will help.

    Insight summary

    Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system.

    Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

    Many organizations will have to spend capital on endpoint upgrades.

    Microsoft now insists that modern hardware is required for Windows 11 for not only security but also for improved stability. That same hardware requirement will mean that many devices that are only three or four years old (as well as older ones) may not be eligible for Windows 11.

    Windows 11 is a virtualization challenge for some providers.

    The hardware requirements for physical devices are also required for virtual devices. The TPM module appears to be the biggest challenge. Oracle VirtualBox and Citrix Hypervisor as well as AWS and Google are unable to support Windows 11 virtual devices as of the time of writing.

    Windows 10 will be supported by Microsoft until October 2025.

    That will remove some of the pressure felt due to the ineligibility of many devices and the need to refresh them. Take your time and plan it out, keeping within budget constraints. Use the upgrade ring approach for systems that are eligible for the Windows 11 upgrade.

    New look and feel, and a center screen taskbar.

    Corners are rounded, some controls look a little different, but overall Windows 11 is not a dramatic shift from Windows 10. It is easier to navigate and find features. Oh, and yes, the taskbar (and start button) is shifted to the center of the screen, but you can move them back to the left if desired.

    The education industry gets extra attention with the release of Windows 11.

    Windows 11 comes with multiple subscription-based education offerings, but it also now includes a new lightweight SE edition that is intended for the K-8 age group. Microsoft also released a Windows 11 Education SE specific laptop, at a very attractive price point. Other manufacturers also offer Windows 11 SE focused devices.

    Why Windows 11?

    Windows 10 was supposed to be the final desktop OS from Microsoft, wasn’t it?

    Maybe. It depends who you ask.

    Jerry Nixon, a Microsoft developer evangelist, gained notoriety when he uttered these words while at a Microsoft presentation as part of Microsoft Ignite in 2015: “Right now we’re releasing Windows 10, and because Windows 10 is the last version of Windows, we’re all still working on Windows 10,” (Hachman). Microsoft never officially made that statement. Interestingly enough, it never denied the comments made by Jerry Nixon either.

    Perhaps Microsoft released a new operating system as a financial grab, a way to make significant revenue?

    Nope.

    Windows 11 is a free upgrade or is included with any new computer purchase.

    Market share challenges?

    Doubtful.

    It’s true that Microsoft's market share of desktop operating systems is dropping while Apple OS X and Google Chrome OS are rising.

    In fact, Microsoft has relinquished over 13% of the market share since 2012 and Apple has almost doubled its market share. BUT:

    Microsoft is still holding 75.12% of the market while Apple is in the number 2 spot with 14.93% (gs.statcounter.com).

    The market share is worth noting for Microsoft but it hardly warrants a new operating system.

    New look and feel?

    Unlikely

    New start button and taskbar orientation, new search window, rounded corners, new visual look on some controls like the volume bar, new startup sound, new Windows logo, – all minor changes. Updates could achieve the same result.

    Security?

    Likely the main reason.

    Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

    The features are available on all Windows 11 physical devices, due to the common hardware requirements.

    Windows 11 hardware-based security

    These hardware options and features were available in Windows 10 but not enforced. With Windows 11, they are no longer optional. Below is a description and explanation of the main features.

    Feature What it is How it works
    TPM 2.0 (Trusted Platform Module) Chip TPM is a chip on the motherboard of the computer. It is used to store encryption keys, certificates, and passwords. TPM does this securely with tamper-proof prevention. It can also generate encryption keys and it includes its own unique encryption key that cannot be altered (helpdeskgeek.com). You do not need to enter your password once you setup Windows Hello, so the password is no longer easy to capture and steal. It is set up on a device per device basis, meaning if you go to a different device to sign in, your Windows Hello authentication will not follow you and you must set up your Hello pin or facial recognition again on that particular device. TPM (Trusted Platform Module) can store the credentials used by Windows Hello and encrypt them on the module.
    Windows Hello Windows Hello is an alternative to using a password for authentication. Users can use a pin, a fingerprint, or facial recognition to authenticate.
    Device Encryption Device encryption is only on when your device is off. It scrambles the data on your disk to make it unreadable unless you have the key to unscramble it. If your endpoint is stolen, the contents of the hard drive will remain encrypted and cannot be accessed by anyone unless they can properly authenticate on the device and allow the system to unscramble the encrypted data.
    UEFI Secure Boot Capable UEFI is an acronym for Unified Extensible Firmware Interface. It is an interface between the operating system and the computer firmware. Secure Boot, as part of the firmware interface, ensures that only unchangeable and approved software and drivers are loaded at startup and not any malware that may have infiltrated the system (Lumunge). UEFI, with Secure Boot, references a database containing keys and signatures of drivers and runtime code that is approved as well as forbidden. It will not let the system boot up unless the signature of the driver or run-time code that is trying to execute is approved. This UEFI Secure boot recognition process continues until control is handed over to the operating system.
    Virtualization Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) VBS is security based on virtualization capabilities. It uses the virtualization features of the Windows operating system, specifically the Hyper-V hypervisor, to create and isolate a small chunk of memory that is isolated from the operating system. HVCI checks the integrity of code for violations. The Code Integrity check happens in the isolated virtual area of memory protected by the hypervisor, hence the acronym HVCI (Hypervisor Protected Code Integrity) (Murtaza). In the secure, isolated region of memory created by VBS with the hypervisor, Windows will run checks on the integrity of the code that runs various processes. The isolation protects the stored item from tampering by malware and similar threats. If they run incident free, they are released to the operating system and can run in the standard memory space. If issues are detected, the code will not be released, nor will it run in the standard memory space of the operating system, and damage or compromise will be prevented.

    How do all the hardware-based security features work?

    This scenario explains how a standard boot up and login should happen.

    You turn on your computer. Secure Boot authorizes the processes and UEFI hands over control to the operating system. Windows Hello works with TPM and uses a pin to authenticate the user and the operating systems gives you access to the Windows environment.

    Now imagine the same process with various compromised scenarios.

    You turn on your computer. Secure Boot does not recognize the signature presented to it by the second process in the boot sequence. You will be presented with a “Secure Boot Violation” message and an option to reboot. Your computer remains protected.

    You boot up and get past the secure boot process and UEFI passes control over to the Windows 11 operating system. Windows Hello asks for your pin, but you cannot remember the pin and incorrectly enter it three times before admitting temporary defeat. Windows Hello did not find a matching pin on the TPM and will not let you proceed. You cannot log in but in the eyes of the operating system, it has prevented an unauthorized login attempt.

    You power up your computer, log in without issue, and go about your morning routine of checking email, etc. You are not aware that malware has infiltrated your system and modified a page in system memory to run code and access the operating system kernel. VBS and HVCI check the integrity of that code and detect that it is malicious. The code remains isolated and prevented from running, protecting your system.

    TPM, Hello, UEFI with Secure Boot, VBS and HVCI all work together like a well-oiled machine.

    “Microsoft's rationale for Windows 11's strict official support requirements – including Secure Boot, a TPM 2.0 module, and virtualization support – has always been centered on security rather than raw performance.” – Andrew Cunningham, arstechnica.com

    “Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot. These features in combination have been shown to reduce malware by 60% on tested devices.” – Steven J. Vaughan-Nichols, Computerworld

    Can any device upgrade to Windows 11?

    In addition to the security-related hardware requirements listed previously, which may exclude some devices from Windows 11 eligibility, Windows 11 also has a minimum requirement for other hardware components.

    Windows 7 and Windows 10 were publicized as being backward compatible and almost any hardware would be able to run those operating systems. That changed with Windows 11. Microsoft now insists that modern hardware is required for Windows 11 for not only security but also improved stability.

    Software Requirement

    You must be running Windows 10 version 2004 or greater to be eligible for a Windows 11 upgrade (“Windows 11 Requirements”).

    Complete hardware requirements for Windows 11

    • 1 GHz (or faster) compatible 64-bit processor with two or more cores
    • 4 GB RAM
    • 64 GB or more of storage space
    • Compatible with DirectX 12 or later with WDDM 2.0 driver
      • DirectX connects the hardware in your computer with Windows. It allows software to display graphics using the video card or play audio, as long as that software is DirectX compatible. Windows 11 requires version 12 (“What are DirectX 12 compatible graphics”).
      • WDDM is an acronym for Windows Display Driver Model. WDDM is the architecture for the graphics driver for Windows (“Windows Display Driver Model”).
      • Version 2.0 of WDDM is required for Windows 11.
    • 720p display greater than 9" diagonally with 8 bits per color channel
    • UEFI Secure Boot capable
    • TPM 2.0 chip
    • (“Windows 11 Requirements”)

    Windows 11 may challenge your virtual environment

    When Windows 11 was initially released, some IT administrators experienced issues when trying to install or upgrade to Windows 11 in the virtual world.

    The Challenge

    The issues appeared to be centered around the Windows 11 hardware requirements, which must be detected by the Windows 11 pre-install check before the operating system will install.

    The TPM 2.0 chip requirement was indeed a challenge and not offered as a configuration option with Citrix Hypervisor, the free VMware Workstation Player or Oracle VM VirtualBox when Windows 11 was released in October 2021, although it is on the roadmap for Oracle and Citrix Hypervisor. VMware provides alternative products to the free Workstation Player that do support a virtual TPM. Oracle and Citrix reported that the feature would be available in the future and Windows 11 would work on their platforms.

    Short-Term Solutions

    VMware and Microsoft users can add a vTPM hardware type when configuring a virtual Windows 11 machine. Microsoft Azure does offer Windows 11 as an option as a virtual desktop. Citrix Desktop-As-A-Service (DAAS) will connect to Azure, AWS, or Google Cloud and is only limited by the features of the hosting cloud service provider.

    Additional Insight

    According to Microsoft, any VM running Windows 11 must meet the following requirements (“Virtual Machine Support”):

    • It must be a generation 2 VM, and upgrading a generation 1 VM to Windows 11 (in-place) is not possible
    • 64 GB of storage or greater
    • Secure Boot capable with the virtual TPM enabled
    • 4 GB of memory or greater
    • 2 or more virtual processors
    • The CPU of the physical computer that is hosting the VM must meet the Windows 11 (“Windows Processor Requirements”)

    What’s new or updated in Windows 11?

    The following two slides highlight some of the new and updated features in Windows 11.

    Security

    The most important change with Windows 11 is what you cannot see – the security. Windows 11 adds requirements and controls to make the user and device more secure, as described in previous slides.

    Taskbar

    The most prominent change in relation to the look and feel of Windows 11 is the shifting of the taskbar (and Start button) to the center of the screen. Some users may find this more convenient but if you do not and prefer the taskbar and start button back on the left of your screen, you can change it in taskbar settings.

    Updated Apps

    Paint, Photos, Notepad, Media Player, Mail, and other standard Windows apps have been updated with a new look and in some cases minor enhancements.

    User Interface

    The first change users will notice after logging in to Windows 11 is the new user interface – the look and feel. You may not notice the additional colors added to the Windows palette, but you may have thought that the startup sound was different, and the logo also looks different. You would be correct. Other look-and-feel items that changed include the rounded corners on windows, slightly different icons, new wallpapers, and controls for volume and brightness are now a slide bar. File explorer and the settings app also have a new look.

    Microsoft Teams

    Microsoft Teams is now installed on the taskbar by default. Note that this is for a personal Microsoft account only. Teams for Work or School will have to be installed separately if you are using a work or school account.

    What’s new or updated in Windows 11?

    Snap Layouts

    Snap layouts have been enhanced and snap group functionality has been added. This will allow you to quickly snap one window to the side of the screen and open other Windows in the other side. This feature can be accessed by dragging the window you wish to snap to the left or right edge of the screen. The window should then automatically resize to occupy that half of the screen and allow you to select other Windows that are already open to occupy the remaining space on the screen. You can also hover your mouse over the maximize button in the upper right-hand corner of the window. A small screen with multiple snap layouts will appear for your selection. Multiple snapped Windows can be saved as a “Snap Group” that will open together if one of the group windows are snapped in the future.

    Widgets

    Widgets are expanding. Microsoft started the re-introduction of widgets in Windows 10, specifically focusing on the weather. Widgets now include other services such as news, sports, stock prices, and others.

    Android Apps

    Android apps can now run in Windows 11. You will have to use the Amazon store to access and install Android apps, but if it is available in the Amazon store, you can install it on Windows 11.

    Docking

    Docking has improved with Windows 11. Windows knows when you are docked and will minimize apps when you undock so they are not lost. They will appear automatically when you dock again.

    This is not intended to be an inclusive list but does cover some of the more prominent features.

    What’s missing from Windows 11?

    The following features are no longer found in Windows 11:

    • Backward compatibility
      • The introduction of the hardware requirements for Windows 11 removed the backward compatibility (from a hardware perspective) that made the transition from previous versions of Windows to their successor less of a hardware concern. If a computer could run Windows 7, then it could also run Windows 10. That does not automatically mean it can also run Windows 11.
    • Internet Explorer
      • Internet Explorer is no longer installed by default in Windows 11. Microsoft Edge is now the default browser for Windows. Other browsers can also be installed if preferred.
    • Tablet mode
      • Windows 11 does not have a "tablet" mode, but the operating system will maximize the active window and add more space between icons to make selecting them easier if the 2-in-1 hardware detects that you wish to use the device as a tablet (keyboard detached or device opened up beyond 180 degrees, etc.).
    • Semi-annual updates
      • It may take six months or more to realize that semi-annual feature updates are missing. Microsoft moved to an annual feature update schema but continued with monthly quality updates with Windows 11.
    • Specific apps
      • Several applications have been removed (but can be manually added from the Microsoft Store by the user). They include:
        • OneNote for Windows 10
        • 3D Viewer
        • Paint 3D
        • Skype
    • Cortana (by default)
      • Cortana is missing from Windows 11. It is installed but not enabled by default. Users can turn it on if desired.

    Microsoft included a complete list of features that have been removed or deprecated with Windows 11, which can be found here Windows 11 Specs and System Requirements.

    Windows 11 editions

    • Windows 11 is offered in several editions:
      • Windows 11 Home
      • Windows 11 Pro
      • Windows 11 Pro for Workstations
      • Windows 11 Enterprise Windows 11 for Education
      • Windows 11 SE for Education
    • Windows 11 hardware requirements and security features are common throughout all editions.
    • The new look and feel along with all the features mentioned previously are common to all editions as well.
    • Windows Home
      • Standard offering for home users
    • Pro versus Pro for Workstations
      • Windows 11 Pro and Pro for Workstations are both well suited for the business environment with available features such as support for Active Directory or Azure Active Directory, Windows Autopilot, OneDrive for Business, etc.
      • Windows Pro for Workstations is designed for increased demands on the hardware with the higher memory limits (2 TB vs. 6 TB) and processor count (2 CPU vs. 4 CPU).
      • Windows Pro for Workstations also features Resilient File System, Persistent Memory, and SMB Direct. Neither of these features are available in the Windows 11 Pro edition.
      • Windows 11 Pro and Pro for Workstations are both very business focused, although Pro may also be a common choice for non-business users (Home and Education).
    • Enterprise Offerings
      • Enterprise licenses are subscription based and are part of the Microsoft 365 suite of offerings.
      • Windows 11 Enterprise is Windows 11 Pro with some additional addons and functionality in areas such as device management, collaboration, and security services.
      • The level of the Microsoft 365 Enterprise subscription (E3 or E5) would dictate the additional features and functionality, such as the complete Microsoft Defender for Endpoint suite or the Microsoft phone system and Audio Conferencing, which are only available with the E5 subscription.

    Windows 11 Education Editions

    With the release of a laptop targeted specifically at the education market, Microsoft must be taking notice of the Google Chrome educational market penetration, especially with headlines like these.

    “40 Million Chromebooks in Use in Education” (Thurrott)

    “The Unprecedented Growth of the Chromebook Education Market Share” (Carklin)

    “Chromebooks Gain Market Share as Education Goes Online” (Hruska)

    “Chromebooks Gain Share of Education Market Despite Shortages” (Mandaro)

    “Chromebook sales skyrocketed in Q3 2020 with online education fueling demand” (Duke)

    • Education licenses are subscription based and are part of the Microsoft 365 suite of offerings. Educational pricing is one benefit of the Microsoft 365 Education model.
    • Windows 11 Education is Windows 11 Pro with some additional addons and functionality similar to the Enterprise offerings for Windows 11 in areas such as device management, collaboration, and security services. Windows 11 Education also adds some education specific settings such as Classroom Tools, which allow institutions to add new students and their devices to their own environment with fewer issues, and includes OneNote Class Notebook, Set Up School PCs app, and Take a Test app.
    • The level of the Microsoft 365 Education subscription (A3 or A5) would dictate the additional features and functionality, such as the complete Microsoft Defender for Endpoint suite or the Microsoft phone system and Audio Conferencing, which are only available with the A5 subscription.
    • Windows 11 SE for Education:
      • A cloud-first edition of Windows 11 specifically designed for the K-8 education market.
      • Windows 11 SE is a light version of Windows 11 that is designed to run on entry-level devices with better performance and security on that hardware.
      • Windows 11 SE requires Intune for Education and only IT admins can install applications.
    • Microsoft and others have come out with Windows SE specific devices at a low price point.
      • The Microsoft Surface Laptop SE comes pre-loaded with Windows 11 SE and can be purchased for US$249.00.
      • Dell, Asus, Acer, Lenovo, and others also offer Windows 11 SE specific devices (“Devices for Education”).

    Initial Reactions

    Below you can find some actual initial reactions to Windows 11.

    Initial reactions are mixed, as is to be expected with any new release of an operating system. The look and feel is new, but it is not a huge departure from the Windows 10 look and feel. Some new features are well received such as the snap feature.

    The shift of the taskbar (and start button) is the most popular topic of discussion online when it comes to Windows 11 reactions. Some love it and some do not. The best part about the shift of the taskbar is that you can adjust it in settings and move it back to its original location.

    The best thing about reactions is that they garner attention, and thanks in part to all the online reactions and comments, Microsoft is continually improving Windows 11 through quality updates and annual feature releases.

    “My 91-year-old Mum has found it easy!” Binns, Paul ITRG

    “It mostly looks quite nice and runs well.” Jmbpiano, Reddit user

    “It makes me feel more like a Mac user.” Chang, Ben Info-Tech

    “At its core, Windows 11 appears to be just Windows 10 with a fresh coat of paint splashed all over it.” Rouse, Rick RicksDailyTips.com

    “Love that I can snap between different page orientations.” Roberts, Jeremy Info-Tech

    “I finally feel like Microsoft is back on track again.” Jawed, Usama Neowin

    “A few of the things that seemed like issues at first have either turned out not to be or have been fixed with patches.” Jmbpiano, Reddit user

    “The new interface is genuinely intuitive, well-designed, and colorful.” House, Brett AnandTech

    “No issues. Have it out on about 50 stations.” Sandrews1313, Reddit User

    “The most striking change is to the Start menu.” Grabham, Dan pocket-lint.com

    How do I upgrade to Windows 11?

    The process is very similar to applying updates in Windows 10.

    • Windows 11 is offered as an upgrade through the standard Windows 10 update procedure. Windows Update will notify you when the Windows 11 upgrade is ready (assuming your device is eligible for Windows 11).
      • Allow the update (upgrade in this case) to proceed, reboot, and your endpoint will come back to life with Windows 11 installed and ready for you.
    • A fresh install can be delivered by downloading the required Windows 11 installation media from the Microsoft Software Download site for Windows 11.
    • Business users can control the timing and schedule of the Windows 11 rollout to corporate endpoints using Microsoft solutions such as WSUS, Configuration Manager, Intune and Endpoint Manager, or by using other endpoint management solutions.
    • WSUS and Configuration Manager will have to sync the product category for Windows 11 to manage the deployment.
    • Windows Update for Business policies will have to use the target version capability rather than using the feature update referrals alone.
    • Organizations using Intune and a Microsoft 365 E3 license will be able to use the Feature Update Deployments page to select Windows 11.
    • Other modern endpoint management solutions may also allow for a controlled deployment.

    Info-Tech Insight

    The upgrade itself may be a simple process but be prepared for the end-user reactions that will follow. Some will love it but others will despise it. It is not an optional upgrade in the long run, so everyone will have to learn to accept it.

    When can I upgrade to Windows 11?

    You can upgrade right now BUT there is no need to rush. Windows 11 was released in October 2021 but that doesn’t mean you have to upgrade everyone right away. Plan this out.

    • Build deployment rings into your Windows 11 upgrade approach: This approach, also referred to as Canary Releases or deployment rings, allows you to ensure that IT can support users if there's a major problem with the upgrade. Instead of disrupting all end users, you are only disrupting a portion of end users.
      • Deploy the initial update to your test environment.
      • After testing is successful or changes have been made, deploy Windows 11 to your pilot group of users.
      • After the pilot group gives you the thumbs up, deploy to the rest of production in phases. Phases are sometimes by office/location, sometimes by department, sometimes by persona (i.e. defer people that don't handle updates well), and usually by a combination of these factors.
      • Increase the size of each ring as you progress.
    • Always back up your data before any upgrade.

    Deployment Ring Example

    Pilot Ring - Individuals from all departments - 10 users

    Ring #1 - Dev, Finance - 20 Users

    Ring #2 - Research - 100 Users

    Ring #3 - Sales, IT, Marketing - 500 Users

    Upgrade your eligible devices and users to Windows 11

    Build Windows 11 Deployment Rings

    Instructions:

    1. Identify who will be in the pilot group. Use individuals instead of user groups.
    2. Identify how many standard rings you need. This number will be based on the total number of employees per office.
    3. Map groups to rings. Define which user groups will be in each ring.
    4. Allow some time to elapse between upgrades. Allow the first group to work with Windows 11 and identify any potential issues that may arise before upgrading the next group.
    5. Track and communicate. Record all information into a spreadsheet like the one on the right. This will aid in communication and tracking.
    Ring Department or Group Total Users Delay Time Before Next Group
    Pilot Ring Individuals from all departments 10 Three weeks
    Ring 1 Dev Finance 20 Two weeks
    Ring 2 Research 100 One week
    Ring 3 Sales, IT Marketing 500 N/A

    What are my options if my devices cannot upgrade to Windows 11?

    Don’t rush out to replace all the ineligible endpoint devices. You have some time to plan this out. Windows 10 will be available and supported by Microsoft until October 2025.

    Use asset management strategies and budget techniques in your Windows 11 upgrade approach:

    • Start with current inventory and determine which devices will not be eligible for upgrade to Windows 11.
    • Prioritize the devices for replacement, taking device age, the role of the user the device supports, and delivery times for remote users into consideration.
    • Take this opportunity to review overall device offerings and end-user compute strategy. This will help decide which devices to offer going forward while improving end-user satisfaction.
    • Determine the cost for replacement devices:
      • Compare vendor offerings using an RFP process.
    • Use the hardware asset management planning spreadsheet on the next slide to budget for the replacements over the coming months leading up to October 2025.

    Leverage Info-Tech research to improve your end-user computing strategy and hardware asset management processes:

    New to End User Computing Strategies? Start with Modernize and Transform Your End-User Computing Strategy.

    New to IT asset management? Use Info-Tech’s Implement Hardware Asset Management blueprint.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    Build a Windows 11 Device Replacement Budget

    The link below will open up a hardware asset management (HAM) budgeting tool. This tool can easily be modified to assist in developing and justifying the budget for hardware assets for the Windows 11 project. The tool will allow you to budget for hardware asset refresh and to adjust the budget as needed to accommodate any changes. Follow the instructions on each tab to complete the tool.

    A sample of a possible Windows 11 budgeting spreadsheet is shown on the right, but feel free to play with the HAM budgeting tool to fit your needs.

    HAM Budgeting Tool

    Windows 11 Replacement Schedule
    2022 2023 2024 2025
    Department Total to replace Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Left to allocate
    Finance 120 20 20 20 10 10 20 20 0
    HR 28 15 13 0
    IT 30 15 15 0
    Research 58 8 15 5 20 5 5 0
    Planning 80 10 15 15 10 15 15 0
    Other 160 5 30 5 15 15 30 30 30 0
    Totals 476 35 38 35 35 35 35 38 35 50 35 35 35 35 0

    Related Info-Tech Research

    Modernize and Transform Your End-User Computing Strategy

    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Implement Hardware Asset Management

    This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

    Bibliography

    aczechowski, et al. “Windows 11 Requirements.” Microsoft, 3 June 2022. Accessed 13 June 2022.

    Binns, Paul. Personal interview. 07 June 2022.

    Butler, Sydney. “What Is Trusted Platform Module (TPM) and How Does It Work?” Help Desk Geek, 5 August 2021. Accessed 18 May 2022.

    Carklin, Nicolette. “The Unprecedented Growth of the Chromebook Education Market Share.” Parallels International GmbH, 26 October 2021. Accessed 19 May 2022.

    Chang, Ben. Personal interview. 26 May 2022.

    Cunningham, Andrew. “Why Windows 11 has such strict hardware requirements, according to Microsoft.” Ars Technica, 27 August 2021. Accessed 19 May 2022.

    Dealnd-Han, et al. “Windows Processor Requirements.” Microsoft, 9 May 2022. Accessed 18 May 2022.

    “Desktop Operating Systems Market Share Worldwide.” Statcounter Globalstats, June 2021–June 2022. Accessed 17 May 2022.

    “Devices for education.” Microsoft, 2022. Accessed 13 June 2022.

    Duke, Kent. “Chromebook sales skyrocketed in Q3 2020 with online education fueling demand.” Android Police, 16 November 2020. Accessed 18 May 2022.

    Grabham, Dan. “Windows 11 first impressions: Our initial thoughts on using Microsoft's new OS.” Pocket-Lint, 24 June 2021. Accessed 3 June 2022.

    Hachman, Mark. “Why is there a Windows 11 if Windows 10 is the last Windows?” PCWorld, 18 June 2021. Accessed 17 May 2022.

    Howse, Brett. “What to Expect with Windows 11: A Day One Hands-On.” Anandtech, 16 November 2020. Accessed 3 June 2022.

    Hruska, Joel. “Chromebooks Gain Market Share as Education Goes Online.” Extremetech, 26 October 2020. Accessed 19 May 2022.

    Jawed, Usama. “I am finally excited about Windows 11 again.” Neowin, 26 February 2022. Accessed 3 June 2022.

    Jmbpiano. “Windows 11 - What are our initial thoughts and feelings?” Reddit, 22 November 2021. Accessed 3 June 2022.

    Lumunge, Erick. “UEFI and Legacy boot.” OpenGenus, n.d. Accessed 18 May 2022.

    Bibliography

    Mandaro, Laura. “Chromebooks Gain Share of Education Market Despite Shortages.” The Information, 9 September 2020. Accessed 19 May 2022.

    Murtaza, Fawad. “What Is Virtualization Based Security in Windows?” Valnet Inc, 24 October 2021. Accessed 17 May 2022.

    Roberts, Jeremy. Personal interview. 27 May 2022.

    Rouse, Rick. “My initial thoughts about Windows 11 (likes and dislikes).” RicksDailyTips.com, 5 September 2021. Accessed 3 June 2022.

    Sandrews1313. “Windows 11 - What are our initial thoughts and feelings?” Reddit, 22 November 2021. Accessed 3 June 2022.

    “The Matrix Quotes." Quotes.net, n.d. Accessed 18 May 2022.

    Thurrott, Paul.” Google: 40 Million Chromebooks in Use in Education.” Thurrott, 21 January 2020. Accessed 18 May 2022.

    Vaughan-Nichols, Steven J. “The real reason for Windows 11.” Computerworld, 6 July 2021, Accessed 19 May 2022.

    “Virtual Machine Support.” Microsoft,3 June 2022. Accessed 13 June 2022.

    “What are DirectX 12 compatible graphics and WDDM 2.x.” Wisecleaner, 20 August 2021. Accessed 19 May 2022.

    “Windows 11 Specs and System Requirements.” Microsoft, 2022. Accessed 13 June 2022.

    “Windows Display Driver Model.” MiniTool, n.d. Accessed 13 June 2022.

    Identify Opportunities to Mature the Security Architecture

    • Buy Link or Shortcode: {j2store}385|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
    • Organizations do not understand how to properly create and deliver value propositions of technical security solutions.

    Our Advice

    Critical Insight

    • The security architecture is a living, breathing thing based on the risk profile of your organization.
    • Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.

    Impact and Result

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Identify Opportunities to Mature the Security Architecture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a right-sized security architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the organization’s ideal security architecture

    Complete three unique assessments to define the ideal security architecture maturity for your organization.

    • Identify Opportunities to Mature the Security Architecture – Phase 1: Identify the Organization's Ideal Security Architecture
    • Security Architecture Recommendation Tool
    • None

    2. Create a security program roadmap

    Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.

    • Identify Opportunities to Mature the Security Architecture – Phase 2: Create a Security Program Roadmap
    [infographic]

    Adopt an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}103|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    New technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are ushering in an exciting new era of business transformation. By adopting an exponential IT mindset, IT leaders will be able to lead the autonomization of business capabilities.

    To capitalize on this upcoming opportunity, exponential IT leaders will have to become business advisors who unlock exponential value for the business and help mitigate exponential risk.

    Adopt a renewed focus on business outcomes to achieve autonomization

    An exponential IT mindset means that IT leaders will need to take a lead role in transforming business capabilities.

    • Embrace an expanded role as business advisors: CIOs will be tasked with greater responsibility for determining business strategy alongside the C-suite.
    • Know the rewards and mitigate the risks: New value chain opportunities and efficiency gains will create significant ROI. Protect these returns by mitigating higher risks to business continuity, information security, and delivery performance.
    • Plan to fully leverage technologies such as AI: It will be integral for IT to enable autonomous technologies in this new era of exponential technology progress.

    Adopt an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt an Exponential IT Mindset Deck – An introduction to IT’s role in the autonomization era

    The role of IT has evolved throughout the past couple generations to enable fundamental business transformations. In the autonomization era, it will have to evolve again to lead the business through a world of exponential opportunity.

    • Adopt an Exponential IT Mindset Storyboard

    Infographic

    Further reading

    Adopt an Exponential IT Mindset

    Thrive through the next paradigm shift

    Executive Summary

    For more than 40 years, information technology has significantly transformed businesses, from the computerization of operations to the digital transformation of business models. As technological disruption accelerates exponentially, a world of exponential business opportunity is within reach.

    Newly emerging technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are enabling autonomous business capabilities.

    The role of IT has evolved throughout the past couple generations to enable business transformations. In the autonomization era, it will have to evolve again. IT will have a new mission, an adapted governance structure, innovative capabilities, and an advanced partnership model.

    CIOs embracing exponential IT require a new mindset. Their IT practices will need to progress to the top of the maturity ladder as they make business outcomes their own.

    Over the past two generations, we have witnessed major technology-driven business transformations

    1980s

    Computerization

    The use of computer devices, networks, and applications became widespread in the enterprise. The focus was on improving the efficiency of back-office tasks.

    2000s

    Digitalization

    As the world became connected through the internet, new digitally enabled business models emerged in the enterprise. Orders were now being received online, and many products and services were partially or fully digitized for online fulfillment.

    Recent pandemic measures contributed to a marked acceleration in the digitalization of organizations

    The massive disruption resulting from pandemic measures led businesses to shift to more digital interactions with customers.

    The global average share of customer interactions that are digital went from 36% in December 2019 to 58% in July 2020.

    The global average share of customer interactions that are digital went from 36% to 58% in less than a year.*

    Moreover, companies across business areas have accelerated the digitization of their offerings.

    The global average share of partially or fully digitized products went from 35% in 2019 to 55% in July 2020.

    The global average share of partially or fully digitized products went from 35% to 55% in the same period.*

    The adoption of digitalized business models has accelerated during the pandemic. Post-pandemic, it is unlikely for adoption to recede.

    With more business applications ported to the cloud and more data available online, “digital-first” organizations started to envisage a next wave of automation.

    *Source: “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever,” McKinsey & Company, 2020

    A majority of IT leaders plan to use artificial intelligence within their organizations in 2023

    In August 2022, Info-Tech surveyed 506 IT leaders and asked which tasks would involve AI in their organizations in 2023.

    Graph showing tasks that would involve AI in organizations in 2023.

    We found that 63% of IT leaders plan to use AI within their organizations to automate repetitive, low-level tasks by the end of 2023.

    With the release of the ChatGPT prototype in November 2022, setting a record for the fastest user growth (reaching 100 million active users just two months after launch), we foresee that AI adoption will accelerate significantly and its use will extend to more complex tasks.

    Newly emerging technologies and business realities are ushering in the next business transformation

    1980s

    Computerization

    2000s

    Digitalization

    2020s

    Autonomization

    As digitalization accelerates, a post-pandemic world with a largely online workforce and digitally transformed enterprise business models now enters an era where more business capabilities become autonomous, with humans at the center of a loop* that is gradually becoming larger.

    Deep Learning, Quantum Computing, 5G Networks, Robotics

    * Download Info-Tech’s CIO Trend Report 2019 – Become a Leader in the Loop

    The role of IT needs to evolve as it did through the previous two generations

    1980s

    Computerization

    IT professionals gathered functional requirements from the business to help automate back-office tasks and improve operational efficiency.

    2000s

    Digitalization

    IT professionals acquired business analysis skills and leveraged the SMAC (social, mobile, analytics, and cloud) stack to accelerate the automation of the front office and enable the digital transformation of business models.

    2020s

    Autonomization

    IT professionals will become business advisors and enable the establishment of autonomous yet differentiated business processes and capabilities.

    The autonomization era brings enormous opportunity for organizations, coupled with enormous risk

    Graph of Risk Severity versus Value Opportunity. Autonomization has a high value of opportunity and high risk severity.

    While some analysts have been quick to announce the demise of the IT department and the transition of the role of IT to the business, the budgets that CIOs control have continued to rise steadily over time.

    In a high-risk, high-reward endeavor to make business processes autonomous, the role of IT will continue to be pivotal, because while everyone in the organization will rush to seize the value opportunity, the technology risk will be left for IT to manage.

    Exponential IT represents a necessary change in a CIO’s focus to lead through the next paradigm shift

    EXPONENTIAL RISK

    Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

    EXPONENTIAL REWARD

    The efficiency gains and new value chains created through artificial intelligence, robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

    EXPONENTIAL DEMAND

    Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

    EXPONENTIAL IT

    Exponential IT involves IT leading the cognitive reengineering of the organization with evolved practices for:

    • IT governance
    • Asset management
    • Vendor management
    • Data management
    • Business continuity management
    • Information security management

    To succeed, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships

    Digitalization

    A Connected World

    Progressive IT

    • Mission

      Enable the digital transformation of the business
    • Governance

      Service metrics, security perimeters, business intelligence, compliance management
    • Capabilities

      Service management, business analysis, application portfolio management, data management
    • Partnerships

      Management of technology service agreements

    Autonomization

    An Exponential World

    Exponential IT

    • Mission

      Lead the business through autonomization.
    • Governance

      Outcome-based metrics, zero trust, ESG reporting, digital trust
    • Capabilities

      Experience management, business advisory, enterprise innovation, data differentiation
    • Partnerships

      Management of business capability agreements

    Fortune favors the bold: The CIO now has an opportunity to cement their role as business leader

    Levels of digital maturity.  From bottom: Unstable - inability to consistently deliver basic services, Firefighter - Reliable infrastructure and IT service desk, Trusted Operator - Enablement of business through applications and work orders, Business Partner - Effective delivery of strategic business projects, Innovator - Information and technology as a competitive advantage.

    Research has shown that companies that are more digitally mature have higher growth than the industry average. In these companies, the CIO is part of the executive management team.

    And while the role of the CIO is generally tied to their mandate within the organization, we have seen their role progress from doer to leader as IT climbs the maturity ladder.

    As companies strive to succeed in the next phase of technology-driven transformation, CIOs have an opportunity to demonstrate their business leadership. To do so, they will have to provide exceptionally mature services while owning business targets.

    Explore the Secrets of SAP Digital Access Licensing

    • Buy Link or Shortcode: {j2store}143|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • SAP’s licensing rules surrounding use and indirect access are vague, making it extremely difficult to purchase with confidence and remain compliant.
    • SAP has released nine document-type licenses that can be used in digital access licensing scenarios, but this model has its own challenges.
    • Whether you decide to remain “as is” or proactively change licensing over to the document model, either option can be costly and confusing.
    • Indirect static read can be a cause of noncompliance when data is exported but the processing capability of SAP ERP is used in real time.

    Our Advice

    Critical Insight

    • Examine all indirect access possibilities. Understanding how in-house or third-party applications may be accessing and utilizing the SAP digital core is critical to be able to correctly address issues.
    • Know what’s in your contract. Each customer agreement is different, and older agreements may provide both benefits and challenges when evaluating your SAP license position.
    • Understand the intricacies of document licensing. While it may seem digital access licensing will solve compliance concerns, there are still questions to address and challenges SAP must resolve.

    Impact and Result

    • Conduct an internal analysis to examine where digital access licensing may be needed to mitigate risk, as SAP will be speaking with all customers in due course. Indirect access can be a costly audit settlement.
    • Conduct an analysis to remove inactive and duplicate users, as multiple logins may exist and could end up costing the organization license fees when audited.
    • Adopt a cyclical approach to reviewing your SAP licensing and create a reference document to track your software needs, planned licensing, and purchase negotiation points.
    • Learn the SAP way of conducting business, which includes a best-in-class sales structure and unique contracts and license use policies, combined with a hyper-aggressive compliance function. Conducting business with SAP is not a typical vendor experience, and you will need different tools to emerge successfully from a commercial transaction.

    Explore the Secrets of SAP Digital Access Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your SAP digital access licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand, assess, and decide on digital access licensing

    Begin your SAP digital access licensing journey by evaluating licensing changes and options, and then make contractual changes to ensure compliance.

    • Explore the Secrets of SAP Digital Access Licensing – Phase 1: Understand, Assess, and Decide on Digital Access Licensing
    • SAP License Summary and Analysis Tool
    • SAP Digital Access Licensing Pricing Tool
    [infographic]