The measures that matter
A recent ITWeb executive forum revealed that many South African corporate management teams are taking a serious look at IT governance initiatives, not only because of the potential legal implications of unmanaged risk but because it makes sound business sense.
Addressing delegates at the ITWeb IT Governance Executive Forum last week, opening speaker Analytix CEO Johan Botha set the scene for the rest of the one-day event by saying only strategy-focused organisations could create real, sustainable value.
However, delivering this value demanded careful attention being paid to the "measures that matter" - the yardsticks included in an IT governance initiative that aligned an IT strategy to a business strategy through ongoing, tight management of a corporate`s diverse and numerous processes and procedures. But, as Botha put it, "you can`t manage something that you can`t describe and can`t quantify".
[VIDEO]Getting a grip on the business benefits delivered by IT infrastructures that have a real yet often indirect impact on revenues is definitely not a task for the faint-hearted - a theme common to Botha`s presentation as well as those of the speakers that followed him.
In attempting to deliver value, said Botha, executive management teams needed to take cognisance of the various non-financial factors that influenced shareholders` valuations. Citing a 1998 research report by Ernst & Young LLP, he said these factors included strategy execution, management credibility, the quality of an organisation`s strategy, how innovative the company was and what new products it launched, and its ability to attract talented people.
You can`t manage something that you can`t describe and can`t quantify.Johan Botha, CEO, Analytix
He warned that according to Fortune Magazine, "less than 10% of strategies effectively formulated are effectively executed". Using reference works to back up his comments, he said among the reasons that strategies become increasingly hard to successfully execute was that "the source of value had shifted from tangible to intangible assets", and had accordingly become difficult to measure.
IT impacted on the level of service at an organisation, which affected customer confidence and in turn, customer retention. So while IT had a real impact on revenue streams, it was an indirect impact and thus difficult to measure.
With technology now embedded in companies` internal functions and external value propositions, it also becomes nearly impossible to execute strategy without the direct involvement of IT professionals, he said.
Complicating matters even further, business had traditionally not "had a good experience with IT", noted Botha. Deadlines had been missed, costs had been higher than expected, organisations` efficiency levels and their ability to deliver on promised benefits had been negatively impacted, and many IT initiatives failed to deliver.
IT management`s responsibilities increased significantly as IT evolved, said Botha. They now had to clearly define accountability, align IT with an organisation`s business objectives, provide organisational structures and measure the performance of their systems. Their focus must be on the core business competencies that required IT support as well as on core IT competencies.
To achieve this, they required more than technical skills. Other "must have" competencies included business and strategic planning, an understanding of where the business was going, the ability to develop business cases and justify a return on IT investments. They also had to address customer satisfaction issues, manage their human resources effectively and communicate well. These skills were crucial in moving IT management strategies from the traditional operational level to the tactical and strategic levels that were now required.
IT is a major driver of economic value.Johan Botha, CEO, Analytix
IT governance was important as "IT is a major driver of economic value", he said. It was also critical to an organisation`s success, offered a means of increasing productivity, was fundamental for enterprise resource management and customer relationship management, and key to recording and disseminating business information across and beyond the enterprise, said Botha. But the ultimate reason for the introduction of an IT governance initiative was to ensure IT could deliver quality solutions on time and within budgets. A the same time, the initiative would have to harness an IT infrastructure`s ability to increase efficiency and productivity levels, and to manage risk.
To successfully implement IT governance initiatives, organisations would have to "find a model that will ensure the achievement of critical success factors through the effective deployment of secure, reliable information and applied technology".
Examples of IT control and management frameworks that would assist in this included COBIT, ITIL and ISO17700, said Botha. Each of these supported the introduction of IT balanced scorecards that would provide and track the measurements needed by executive management to ascertain the progress being made in ensuring their IT investments were delivering value to their organisations.
Banking on IT governance
Absa Group IT strategy head Dr Dirk le Roux`s presentation at the forum centred around the challenges involved in developing and implementing an IT balanced scorecard within the banking group.
[VIDEO]Scoping the size of Absa`s IT infrastructure, he said its daily network traffic peaks at around 7.2GB an hour. Its 2 700-plus ATMs process about 23 million transactions and it handles close on 20 million Internet transactions with a monetary value averaging R2.5 billion each month. The group`s Intel domain contains 2 000 servers and more than 30 000 workstations. Its IT operating budget is over R1 billion per annum and the organisation has over 1 000 IT employees.
Absa`s IT governance initiative ensured business involvement and leadership in strategic IT matters, facilitated IT exposure for business executives and balanced the group`s IT interest with those of its business units, said Le Roux.
"The governance of IT is a cornerstone of the Absa IT model, while the IT balanced scorecard serves as a key element of the IT governance processes."
Absa`s IT balanced scorecard originated from Project Quantum, which was launched in March 1999. Quantum, said Le Roux, was initiated to "investigate and consider the transformation of Absa`s IT function - called the Business Services Division [BSD] - because it was evident from the day-to-day management of the BSD and from liaison with business stakeholders that the division [was] not functioning at optimal levels". The project aimed to achieve this while making provision "for the dynamic nature and demands of both the financial services industry and the technological environment".
Quantum kicked off by assessing the BSD`s performance and the required business service levels of the group, identifying opportunities to optimise the use and exploitation of IT, and attempting to align the BSD with the banking group`s business and business objectives. "The basic goal of Quantum was to position IT closer to the business in Absa," Le Roux explained.
The governance of IT is a cornerstone of the Absa IT model.Dr Dirk le Roux, group IT strategy head, Absa
In keeping with many other South African organisations involved in IT governance initiatives, Absa set up an IT governance forum early on in the process. This, he said, represented both business and IT interests across the group from the top down.
Absa found that adopting a balanced scorecard approach allowed it to improve the strategic focus of IT management, demonstrated the value added by the CIO to the organisation and facilitated strategic planning. It provided measures for non-financial and intangible business components and allowed for the development of an IT "bottom line" which could be used to communicate IT performance and value-add. The balanced scorecard approach also allowed the BSD to establish a basis against which to compare its performance with external IT service providers.
In addition, the scorecard facilitated the introduction of business concepts and business terms into the group`s IT management structure and greatly enabled effective communication across the organisation around IT management, said Le Roux. The need for a "common language" and the fact that IT balanced scorecards enabled this was a common theme among several of the speakers at the one-day conference.
Discussing the IT governance lessons learnt at Sasol with the over 80 delegates that attended the conference, CIO Alex Zwiegelaar said his organisation began its initiative facing significant challenges as far as efficient IT management was concerned. Increasing business complexity resulting from globalisation and growth, combined with increasing IT complexity, end-user empowerment and decentralised decision-making resulted in a "proliferation of incompatible applications and architectures. This started to inhibit initiatives to create business synergy [within Sasol] and slowed down the ability to react quickly to global needs with associated increase in risk," said Zwiegelaar. Another issue that needed to be addressed by Sasol`s IT governance project was increasing costs due to the duplication of skills.
[VIDEO]Undertaking an initiative like this across an organisation of this size was a formidable task: Sasol has an annual turnover of R61 billion, with an average profit of R14.8 billion a year. The company has 20 strategic business units, 60 offices or factories located in 14 different countries and runs about 200 information management or IT-related projects.
Sasol decided to use a federal model of IT governance, he said. This is a form of "decentralisation of authority and decision, which attempts to achieve a balance between local needs and corporate needs, by devolving certain decision-making powers to lower units, while centralising others", said Zwiegelaar. Among the deliverables of the IT governance initiative were the establishment of a strong IT architecture group at a strategic level, the transformation of the existing in-house IT organisation into a professional service organisation and the creation of strategic alliances with industry leaders so as to outsource IT requirements where possible.
We started a bit lean.Alex Zwiegelaar, CIO, Sasol
According to Zwiegelaar, Sasol achieved good results through comprehensive outsourcing, made significant progress towards introducing a value-add rather than a technology-driven approach to business, and significantly improved the quality and speed of decision-making processes within the group. It also identified synergies between business units which had allowed it to reduce the number of IT installations and introduce standardisation projects aimed at driving down the total cost of IT ownership across its various business units. The number of shared services also increased, he said.
Among the more important lessons learnt along the way were the need for a constant focus on governance processes, the importance of the size of and the quality of the members of the information management team ("We started a bit lean," he said), and an ongoing emphasis on value-added solutions rather than technology choices. Also critical to ensuring that Sasol`s IT infrastructure continued to deliver maximum benefit to the business was the early development of strategies for major initiatives, such as e-business.
Sorting out software
Business Software Alliance (BSA) chairman Andrew Lindstrom`s presentation covered the need for software asset management to be included in all IT governance initiatives. He echoed statements by the majority of the speakers at the forum when he stressed that CEOs and directors had a fiduciary duty to ensure that their organisations` software was treated as a company asset. "As such, they should be carrying out annual audits to make sure that their software usage complies with current legislation and copyright agreements."
[VIDEO]Lindstrom said it was unfortunate that IT governance issues were not getting the "attention they deserve. There are a significant number of directors out there who understand the importance of IT governance but don`t understand their technology, so don`t grant it the importance they should."
He said the BSA had estimated that the South African economy suffered losses of between $160 million to $200 million each year due to the illegal software trade. "It is clear that responsibility and action needs to be taken."
The BSA`s tips for CIOs as far as software asset management was concerned, said Lindstrom, included ensuring senior management awareness and commitment, understanding the terms and conditions of their software licence agreements, compiling a software code of ethics and obtaining signed employee compliance statements, and establishing a software register. He also advised CIOs to ensure original disks were kept under lock and key, to appoint a software auditor to ensure accountability could be assigned to a specific staff member and to carry out unannounced spot checks. These tips, he said, would ensure management teams wouldn`t be caught transgressing any current licensing regulations or breaking any laws should the BSA decide to do a spot check of its own.
It is clear that responsibility and action needs to be taken.Andrew Lindstrom, chairman, BSA
Botha, Le Roux, Zwiegelaar and Lindstrom - along with their fellow speakers at the forum - all stressed how detailed any IT governance initiative needed to be to ensure success. And no one promised it would be any easy process. As Peter Hill, the local representative of the IT Governance Institute, said: "Some problems will be easy to find and hard to fix, while others will be hard to find but easy to fix." Yet case studies such as those from Sasol and Absa show there`s money to be made in attending to the measures that matter.