CIO

Mix IT Up

With most organisations still struggling to complete the recapture of control, few have so far found any truly useful ways to get a handle on their total IT expenditure and the value it returns them.

When proof of IT's value is on the agenda, a well-done IT investment portfolio belongs there too.

Back in the days when "computer" used to mean the gigantic mainframe in the middle of the IT shop floor, the twin watchwords of most IT groups were rigour and discipline. Sadly, with the advent of the PC revolution, those hard-won principles soon became a distant memory. The sheer multitude of devices, the way they had fanned out across the organisation - not to mention the determination of users to "do it themselves" - saw a laissez-faire approach become the norm.

No wonder with most organisations still struggling to complete the recapture of control few have so far found any truly useful ways to get a handle on their total IT expenditure and the value it returns them. Now leading-edge organisations are looking for a way out of the morass. Software portfolio analysis is seen as one possible answer.

"All those generations of people that worked with the quick fix, the quick solution, are now coming to realise that the chaotic mess that has been built needs a more rigorous approach if they are to manage that environment and have a high level of success in their application development projects," META Group consultant Robert Peake says. He says even the financial service and government sectors, which revolve around management of information and have always led the way in trying to get a handle on their investment in technology and information, have largely failed because they have not as yet managed to re-inject the necessary rigour and discipline.

Pioneered in part by META Group executive vice-president and board member Dr Howard Rubin, software portfolio analysis treats software investments like a financial portfolio, classifying all expenditure into one of three portfolios:

The transform-the-business portfolio: holds all IT investments designed to change or transform the current business. For example, many m-commerce investments will fit into this portfolio.

The grow-the-business portfolio: the place you manage all IT investments designed to grow your current business. CRM applications are a good example of IT investments which belong in this portfolio.

The run-the-business portfolio: contains all the IT investments needed for IT services and products which are not transformational or growth driving, but needed nevertheless. The dollars invested in the help desk and e-mail system often go in here. These are also generally referred to as commodity services.

Joe Santana, co-author of Manage IT, says the idea is to recognise that the management goal varies with the type of portfolio. For instance, when it comes to run-the-business investments, organisations want to attain an acceptable level of service for the lowest possible cost, whereas grow-the-business investments are driven by ROI expectations. "The model is an excellent tool that enables the IT executive to link and maintain the alignment between their technology investment decisions and the company's business strategy," he says.

The approach is designed to allow alignment at both a macro and a micro level. Once the CIO has achieved this map, he or she can use it to quickly adjust their leadership agenda throughout the IT organisation as the corporate strategy changes and evolves. "I believe that it is only by creating this high-level and cascading link between the IT agenda and the needs of the business that the CIO will establish and maintain a strong working relationship with the executive team," Santana says.

Like a financial portfolio, a software portfolio must be re-evaluated continually and altered to suit the investor's (in this case, the enterprise's) financial goals. Research firm Gartner notes: "As we analyse our legacy software portfolio, we must come to terms with the state, utility and viability of historical investments in mainframe and client/server systems. Neither the weight of legacy applications nor the excitement of new technologies should overly influence an enterprise's application strategy."

Gartner points out the very process of understanding legacy systems - extending them to new technologies and perhaps transforming them as new drivers - changes the nature of the business and is a recipe for success and reduced risk. Indeed, Gartner insists enterprise can only hope to leverage effectively legacy jewels of software and applications while tackling new challenges of e-business through careful analysis of the software portfolio, balanced planning and skilful execution.

And there is another good reason to undertake this work. Joint research by experts at the University of Minnesota and Carnegie Mellon University (Diseconomies of Software Portfolio Diversity: an Empirical Analysis) suggests software portfolio diversity is strongly associated with inefficiencies in software enhancement, particularly in software testing. The authors warn the results have implications for both practice and research in information technology management. "Specifically, [the results] imply that portfolio diversity should be an important software life cycle consideration, because the costs of diversity emerge in software maintenance," the report says.

Page Break

It's That Alignment Thing - Again

Adopting and using an IT investment portfolio model to define the IT agenda in alignment with the company's business objectives helps CIOs to establish credibility with senior business executives, gain and maintain the confidence of that executive team and achieve effective leadership over the IT agenda.

It has certainly worked out that way for the Australian Bureau of Statistics (ABS), which has won recognition around the world for its IT leadership. CIO Jonathan Palmer says the ABS has always managed its software portfolio well. Now it is rolling out Novadigm's Radia to allow it to adopt more sophisticated practice around software installation, including remote administration of desktop configurations and automatic provision of environments to roaming users.

Palmer says software portfolio analysis saves the bureau money because it reduces the need to physically move desktops around - an unpleasant job at best. It certainly improves quality of service because it is easier to make tools available to people when they need them. And, although he suspects the ABS already manages its software licences "pretty well", anything that contributes to efficiency also helps the bottom line.

"We do some really interesting things in software portfolio management," Palmer says. "We cost recover our application development support and we've got registers of all our applications, which are clustered primarily by the owner group. Every year we put together work programs that look at the overall portfolio of those applications, and we talk to our clients about which bits require redevelopment and which bits are now obsolete."

The Department of Defence, the Directorate of Defence Information Environment Architectures Support (DDIEAS) recently released a request for tender for software portfolio management software or an application to manage its software portfolio. It expects to have the first version of its software running by the third quarter of this year.

The director of DDIEAS, Lieutenant Colonel John Ramsay, says since Defence requirements are so specific, the department chose to map all Defence functions, then allocate those functions to a range of supporting software, including commercial off-the-shelf software, bespoke software and also various significant spreadsheets and databases that have been developed in Excel or Lotus Notes, some of which are complex enough to be regarded as applications in their own right.

He says achieving software portfolio analysis capability will help Defence drive down the total cost of ownership of the IT environment, and in particular the administrative overhead associated with database management and training overheads. It will also save money on software development. "Once this management application software is in place and supported by policies, the first port of call of anyone who thinks they've got a business problem that needs a solution will be to go into the Defence application management system and in fairly clear language explain what business function they're trying to address," Ramsay says. "Our system will pass that query and give them back all the known applications that support similar business functionality along with points of contact they should pursue before they consider resourcing application development."

The application management system under development will capture information according to business function and enable Defence to do portfolio analysis on what business functions are being performed by what applications. Once this is done it plans to begin some solid analysis and rationalisation. The Queensland Department of Main Roads has adopted a similar approach. Katherine Dann, principal adviser (information strategy) performance and information division, says the department has gone through its corporate strategic plan and identified its information requirements. These were then mapped onto an information framework.

Dann says the department believes the business owners should also be the process owners, so it was keen to identify how information is transferred across the state and who uses it, in order to get a better handle on its application portfolio. "Then we audited all our current applications with details, including who owned them from a business point of view and who uses them across the state," says Dann. "Next we tried to identify what information items these applications created, and we now can map the applications onto this information frame and see the duplication in application function, where, for example, we might have 10 timesheet dissection systems."

She says as well as allowing cost savings and efficiencies, the approach is expected to provide major benefits in reporting. "If you've got different information items meaning different things then your rollup information isn't going to be too good. And if you've got systems that people use for different purposes then the data entered might not mean the same thing. Having everybody using the same application for the same data process gives you consistency."

Page Break

Who's Using What, When?

Consultant firm Deloitte has been using Survey IT Portfolio Manager on its 2800 seats since September 2001, in response to demands that IT management deliver more without spending more. The first priority was to determine precisely what hardware and software is distributed throughout the organisation.

Analysing its portfolio is allowing IT management to identify where high-cost applications such as MS PowerPoint and MS Project are installed and to determine whether they are actually being used; and to maintain its standard operating environment (SOE) by identifying versions of Internet Explorer and MS Outlook and tracking down non-sanctioned applications.

"If we've got stuff installed on people's machines that they're not using, we should be able to uninstall it and deploy the licences elsewhere," Deloitte CIO Tim Fleming says. "The best example was with Visio, where we had some hundreds of licences but we were finding that a lot of people were using it for one minute at a time. That meant that they obviously weren't creating Visio charts, they were just reading charts that other people had made, and there is a Visio reader which is a free product."

Fleming says discovering that a "large chunk of users" don't need the full product has already saved Deloitte around $50,000. Further savings are anticipated. "The portfolio management side of things is a continuous process. It's really about getting those processes and honing them and achieving efficiencies, so we're spending a lot of activity - probably for the next six months, I'd say - building up all these processes to the point that we can be monitoring the hardware and the software accurately.

"We would expect that we will get Survey [IT Portfolio Manager] to pay for itself in the first 12 months. A substantial chunk of it was already paid for by the time we bought the product, because of the pilot," Fleming says.

The software is also returning benefits via much tighter version control. For instance Deloitte found it had a large number of versions of Internet Explorer, with people upgrading their own versions from the Internet.

Straight Up to the Top

Organisations can maximise the benefits of a portfolio management approach by driving portfolio management model thinking through the entire IT organisation.

"Give every IT VP, director and manager a clear understanding of which portfolio the service or services they manage are part of and how to run them with a clear sense of how they fit into the big picture," Santana says. "My co-author and I make extensive use of this model in our book as a means of helping new managers to quickly find and maintain a clear link between their role and IT to corporate objective alignment strategy."

META Group agrees, saying best practice requires organisations to adopt a portfolio prioritisation process that involves the line of business (LOB) project sponsor, the CIO and the CFO (for risk review, budget approval, allocation and commitment). The process should be managed by an IT investment committee and chaired by the CFO. This committee should be charged with developing and implementing a responsible approach to achieving higher efficiency, without sub-optimising performance, by reviewing and proactively managing the IT asset portfolio.

"The IT investment committee should establish or approve the business rationale for IT investments, support the funding allocation and commit the investment dollars based on the accrual of quarterly objectives and milestones," according to META Group. "At any time, a single member of the triumvirate should suspend further commitment of investment dollars due to problems, changing economic climates, unmet milestones, poor quality deliverables or vendor delivery delays. This method of portfolio management and investment enables the group to ensure project success and aggressively respond to changing market conditions by adjusting plans and budgets."

While the Queensland Department of Main Roads accepts the conventional wisdom that the architecture should be business driven, it has learned from experience that the architecture's development need not necessarily address the business layer down through to the information, applications and infrastructure layer in that order.

"We tried that in 1998. We got a lot of information from the business, we had workshops across the state, and it didn't quite get us where we wanted it to, because architectures are fairly elusive things," Dann says. "So even though you shouldn't start with the IT layer, we've recognised that that was something tangible. We actually stopped work on architecting the business layer and went into the IT layer and we've actually got a recipe book now for the IT infrastructure layer.

Page Break

"Now that we've got the cookbook for the IT layer, and the applications on top, we've identified through a matrix of business value and technical condition what our applications are like. And if they come low in the business value and low in the technical condition, then we should wean ourselves off them." The DDIEAS's Ramsay says it is vital the organisation get agreement across the enterprise as to what business functions are there to support and who is responsible for them. "The person responsible for the business function must take responsibility for its supporting application, as the business owner of that application," he says. It took Defence up to nine months of monthly meetings, bringing in people from each of the business units - Melbourne, Sydney and Canberra - to determine what functionality people wanted in that cross-portfolio analysis.

Having a proper deployment tool ensures the application can be easily given to everyone, Deloitte's Fleming says, and it is also important to develop policy around employee privacy, because this kind of software records information to the point where you can check how much Patience a particular person is playing throughout the day. "You have to make sure that the employees don't feel that they are being monitored on a personal level, and really establish policies that say we're not going to drill down to that level unless there are actually concerns about inappropriate behaviour or that sort of thing," he says.

Organisations should also watch out for employees determined to defend to their death their right to maintain a piece of software even if they never use it, although Fleming says such people tend to stop arguing once you show them the facts. At Deloitte some of the more IT-literate people have disabled the agent on their workstation and have had to be reassured the organisation is not performing this analysis for Big Brother reasons.

"Like with everything, the communication around it all is very important so that people don't feel that they're under threat," Fleming says.