• United States



by Al Passori

Stop Playing the ‘Squeaky Wheel’ of Misfortune Game

Sep 19, 20037 mins
CSO and CISOData and Information Security

More than half of Global 2000 organizations currently provide inadequate processes for evaluating and determining IT investment priorities. As a result, IT governance organizations spend an inordinate amount of time and resources determining when and where to invest scarce IT dollars to maximize value to the enterprise.

META Trend: By 2004, with 50 percent or more of Global 2000 companies using some form of IT portfolio management and 30 percent basing project

investment decisions on portfolio evaluation, CIOs will incorporate additional IT organization/business decision-making areas – operations (applications and infrastructure), people, and processes – into the portfolio. Through 2005, 15 percent of leading companies will establish lifespan, risk/reward-based scenario planning into portfolio investment decisions. By 2007, because of

the organizationwide maturity and discipline required, only 6 percent will achieve consistent enterprisewide IT portfolio management

that judiciously balances performance investment approaches.

Currently, 70 percent of Global 2000 enterprises use single-dimension criteria to select and prioritize IT investment projects (generally cost/benefit analysis or some type of return-on-investment calculation), while fewer than 10 percent use several levels of criteria (risk, life cycle, economic or strategic value, and so on). The remaining companies still rely on a

first-come, first-served (or “squeaky wheel”) method of allocating IT resources to projects.

Through 2003/04, IT organizations (ITOs) will evolve decision modeling for project portfolios to achieve higher returns from project investments.

Decision models will continue to mature, including additional criteria categories (for example, term, scope, posture) that more

closely mirror business environment complexities. Through 2005, investment in project portfolios will continue to grow slowly, demanding closer examination by the

business to reduce the chance of investing in low-value projects; by 2006, more than 30% of Global 2000 companies will use

weighted, multidimensional project portfolio decision criteria.

By 2003/04, more than 35 percent of Global 2000 CIOs will increase their focus on IT portfolio management (PfM) techniques, and

there will be a more pronounced shift to investment decision making (for programs, projects, people, priorities, etc.) based

on economic value (eV) analyses and strategic value (sV) to the enterprise (see Figure 1)>.

Executive IT steering committees must debate the relative importance of each category for their business strategy and

goals. Once appropriate categories are selected, they must be defined. What differentiates sV from eV investments, and high

risk from low risk (see ED Delta 309)? For each eV and sV category, more specific evaluation criteria are required. Return

on investment (ROI), return on assets (ROA), return on equity (ROE), and other financial metrics are appropriate for

determining the potential eV (such as, revenue generating, line-of-business [LOB]-specific opportunities). These same

metrics alone may not be appropriate for analyzing sV, risk, asset life-cycle investments, or those activities required by

legislative or regulatory compliance mandates where noncompliance could result in sanctions, fines, lawsuits, or

cease-and-desist orders (resulting in negative eV).

IT investment strategies proposed by the business units that do not meet the standards established for compelling strategic or

economic value (or regulatory compliance mandate) should be put on hold and held in abeyance until economic conditions improve,

a more compelling business case position is made (with measurable benefits), or the technology resources/skills

mitigate risks and deliver on the eV or sV business case drivers.

Intellectual capital for both financial (market/credit) and operational risk management of new businesses/processes (for example,

mergers and acquisitions, business process re-engineering [BPR], business process outsourcing [BPO]) resides only within the LOB

units; therefore, management of these risks must be conducted at the business level. This adds complexity to risk management

policy making, monitoring, and reporting, and may limit rapid response to market/competitive moves or lead to unexpected

events that would affect the enterprise’s financial health. Some risk-related questions to pose during the sV-eV analysis include:

  • Has the LOB performed a comprehensive review of market, credit, and operational risks? Does the proposed IT investment address LOB BPR changes? Are the requisite risk

    control/mitigation costs adequately identified and included in the eV cost and sV benefit analyses?

  • Are the LOB market and financial risks adequately considered, enabling the business to make an informed decision regarding tolerance for risk, including trigger points and ITO investment exit strategies?
  • Does the proposed investment rely on proven technology and viable vendors? Or is the IT investment untested technology or provided by more risky, emerging vendors?
  • Have the IT-related risks been assessed to include suggested controls for security and business continuity life-cycle considerations? Do the LOB and the ITO understand the residual risk? Has the LOB communicated its tolerance for risk (including formal acceptance sign-offs) to the ITO?

It is increasingly difficult to separate internal business processes from their underlying technology foundations. CIOs with low credibility or those that lack trust-based relationships cannot enjoin their senior business colleagues in a meaningful and productive discussion of risks and then shift the risk acceptance/ownership (for instance, implementation and ongoing responsibility) of IT-based business initiatives back to the business, unless they first establish trust and respect with their LOB colleagues.

Strategic Value (sV)

IT investment decision making has traditionally been a deductive, logic-based IT-centric process. In the past, LOB

leaders and the ITO would identify an information-related problem, examine a series of IT solutions and then make an IT

investment decision. Although this process has been adopted by many CIOs, it can subordinate investment decision making in the

current economic and highly competitive environment. We believe the trend is toward more LOB-centric IT investment decision

making that better balances sV with eV, and includes an informed assessment of technology and business risks(see Figure 2)>.

CIOs must assess the business value of applying emerging technologies and the sV advantages that could result from a more effective deployment of emerging technologies; in effect, a solution in search of a problem. But the process must also include a business process focus, because tandem BPR is critical to extracting the strategic value of IT investment. Automating business processes alone does not optimize efficiency and effectiveness; BPR and strategic IT investing go hand in hand.

Economic Value (eV)

CIOs should also undertake a portfolio eV approach to IT investment to better balance the potential returns against strategic objectives and risks, and not just the return on revenue increases, cost reduction, or efficiency improvements (see Figure 3)>. Economic value should quantify the impact or the value to business as a result of IT investment by balancing sV with eV and risk. If the enterprise has a lowest-cost producer culture, or a market innovator or customer-centric (intimacy) approach to growth, these values should influence eV investment decision making as to where, when, and how to invest and allocate IT resources.

Integrating back-office functions, streamlining supplier and customer communications, replacing paper-based functions, cutting operating costs, and increasing both the breadth and depth of the sales channels and the customer base are all economic value-add, transformational initiatives enabled by the investment of technology and automated systems. CIOs should adopt investment processes that balance eV and sV with risks, and thereby avoid “greasing the squeaky wheels” and prevent suboptimizing IT investment and value to the business.

Business Impact: Lack of a definable process for assessing risks and economic and strategic value results in “squeaky wheel” politics as a major factor in determining IT investment prioritization.

Bottom Line: CIOs must adopt a portfolio investment decision-making model that weighs strategic and economic value against business and technology risks.