Download (direct link):
5. Evaluate IT risk mitigation strategies that could lower the IT inventoried risks.
a. Diversification: share/consolidate, avoid, control, and accept.
b. Balance IT risks with business rewards and prudent controls.
6. Assess the residual IT risks (the risks that remain after applying risk mitigation strategies). This is IT's equivalent to a financial stop-loss. For example:
a. Determine the probability of the risk occurring (i.e., complete loss of data and information).
b. Evaluate and determine contingencies for residual risk.
c. If the risk occurs, what is the potential impact of the risk?
d. Determine the degree of project risk the company is willing to accept: complexity, size, slippage, or even importance.
e. Determine the amount of portfolio risk the company is willing to accept both on portfolio and subportfolio levels.
7. Determine risk goals, performance metrics, triggers, and communication. For example:
a. Map risks into IT portfolio management processes.
b. The types/kinds of events that trigger a risk, or elevated risk notification.
c. The process of how risks are communicated and how are they managed/ governed.
184 CHAPTER 5 BUILDING THE IT PORTFOLIO
Achieving a balance between fixed- (i.e., in-house resources) versus variable-(i.e., outsourcing) cost strategies also drives cost efficiencies. Companies must become adept at quickly shifting their portfolio mix between fixed and variable costs, as their business postures shift between growth and contraction. Fixed IT costs are long-term expenditures (more than one year) to which an organization has committed. Typically, these costs include hardware depreciation/lease payments, capitalized development expenses, maintenance, long-term software licenses, and salaried personnel. Variable costs are expenditures that change in the near term (less than three months) based on changing business volumes, usage, or staffing levels. These costs typically include per-seat software licenses, training, and the incremental storage and server capacity required to support near-term growth. Many industry providers (e.g., hardware, software, networking) have been moving to on-demand options for technology products and services that will add new dimensions to variable-cost strategies.
Business and IT use many processes and tools within the IT portfolio management process to monitor and control costs and assure business alignment—for example:
• The business alignment scorecard, as shown in Exhibit 5.4, shows the relative cost % versus driver priorities % (as determined by the stakeholder assessment), strategic intent, and business strategy.
• Real options, a mathematical model used to create a series of decision points to buy, hold, or sell an investment, is an important method for assessing risks and cost exposures. This will be discussed further.
• The IT life cycle discussed in Chapter 4 is based on the practice of maintaining a series of decision points throughout the life span of investments, thereby frequently and continuously monitoring costs.
Key Stages in Building the IT Portfolio
Exhibit 5.5 shows the eight general stages for IT portfolio building: game plan, planning, creating, assessing, balancing, communicating, governance and organization, and assessing execution. They appear as a waterfall approach. However, there is a high degree of iteration that takes place between these stages, and, in practice, these processes are not linear or sequential. They are collaborative and spiral. This cyclical process provides feedback loops for continuous assessment, validation, and improvement.
The remainder of this chapter will describe each stage in building the IT portfolio and provide a description of the tasks and activities associated with each of these stages. The tasks and activities are flexible. If the tasks in the stages do not
STAGE 1: GAME PLAN 185 EXHIBIT 5.4 BUSINESS ALIGNMENT SCORECARD
Maximize Symrnt Upiim» Moduli!» Financial Planting lmpf»w Regulatory Pi»k & Control* Praeeora Luelirxi Rs'ivnuo B«se <mp*o>* op ctkitncybjr^Ojc^Mty laonliry L dovetap new markets Irtiprtw vmpliiyva ïÌ²Ì²ÿï
Source: Copyright © 2004 United Management Technologies (UMT), www.umt.com.
address the readers objectives, don’t do them. If tasks need to be added in order to meet stated objectives for IT portfolio management, then add them to the plan.
STAGE 1: GAME PLAN
The strategic planning aspects of the IT portfolio are created and solidified in the game plan stage. Goals for IT portfolio management should be identified:
• Outline how broad and deep the portfolio should be (objectives aligned with capabilities and maturity).
• Examine what measurable expectations and needs exist.
• Look at planned asset life cycles.
• List migration decisions.
• Identify risk/reward boundaries.
A common mistake is wanting to set the world on fire without any matches. Goals and objectives must be achievable. If goals are not attainable because of lack of resources, schedule or cost constraints, or cultural issues, change the goals. Changing goals is not an uncommon practice.