I received a tweet from Charles Betz this morning that caused my jaw to drop:
@CharlesTBetz US federal CIOs to become responsible for IT portfolio management. http://bit.ly/nm3amT (What were they doing before?)
My jaw dropped because I completely concur with Charles’ question: “What were they doing before?”
If you are a regular reader of my post you know what I think about portfolio management (PPM). PPM is by far the most crucial IT governance process. I firmly believe it is impossible for a CIO to do his or her job without sound PPM. But I also firmly believe PPM success in IT is dependent on sound and successful IT governance.
The link included in Charles’ tweet is to a post on the ‘American Society of Military Comptrollers’ titled, “OMB directs agency CIOs to focus on IT portfolio management”. The post describes how federal agency Chief Information Officer’s (CIOs) will now move from concentrating on policy and maintaining infrastructure (answering the question about what they were doing before) to being responsible for IT portfolio management. The post referred to a memorandum issued August 8 by Jacob Lew, Director of the Office of Management and Budget (OMB). The memo tells agency heads that their CIOs must focus on “delivering IT solutions that support the mission and effectiveness of their agencies and overcome bureaucratic impediments to deliver enterprise-wide solution.”
The memo clarified CIO responsibilities in the four areas of responsibility for CIOs laid out in the “IT Reform Plan” issued in December, 2010.
Governance: CIOs will now drive the review process for IT investments and be responsible for the agency’s entire IT portfolio. They will make IT portfolio analysis an integral part of the yearly budget process and will ensure that agencies meet the IT Reform plan goal of “turning around” a third of all underperforming IT investments by June 2012.
Commodity IT: CIOs will focus on eliminating duplication in IT investments and will reduce costs and improve service for commodity IT by pooling agency purchasing power across the organization. CIOs will work with enterprise architects to align IT resources by consolidating duplicative investments and applications. They are directed to use shared services rather than establishing separate independent services.
Program Management: CIOs are directed to hire top IT program managers and improve training. They will also be held accountable for IT program manager performance and will perform annual performance evaluations of component CIOs.
Information Security: CIOs will be responsible for implementing an agency-wide information security program. They will ensure that the program includes a “well-designed, well-managed continuous monitoring and standardized risk assessment process supported by Department of Homeland Security run “CyberStat” sessions.
Though I like each of the four areas of responsibility, once again, they potentially expose a common misunderstanding of IT governance – that this critical function of the business only addresses IT investment decisions. I might have been able to give the reform plan the benefit of the doubt by assuming the “entire IT portfolio” included addressing each of the other IT governance decisions areas but the other ‘areas of responsibility’ listed in the Reform Plan cause me to have my doubts. Let’s start by reviewing the fundamentals of IT governance:
IT governance is intended to meet five principles:
- Align IT with the business
- Deliver value to the business
- Appropriately manage risk
- Appropriately manage resources
- Appropriately manage performance
These five principles are met by making reasoned and rational decisions regarding:
- The IT archetype
- Enterprise architecture
- Infrastructure strategies
- Fulfilling business needs (systems and applications)
- Investments (spending)
These decisions (making as well as fulfilling) are enabled by IT governance processes:
- Integrated Business IT Planning
- Architecture Management – Standards Review
- IT Investment Assessment, Prioritization, Funding Benefits Realization Accountability (PPM)
- IT Financial Resource Allocation
- Project Execution Decision-making
- Emerging Technology Evaluation Adoption
- Client Relationship Management
- Building Maintaining Applications Infrastructure
- Provisioning of IT Services
- Strategic Sourcing Services
- Audit Risk Management
Now let’s take a look at the other areas of responsibility in the IT Reform Plan and why I believe they could indicate a misunderstanding of IT governance:
- Eliminating IT investment duplication is a function of PPM and the portfolio analysis listed under the first area of responsibility, governance.
- Investment and application consolidation (elimination of duplication) is a function of Application Portfolio Management (APM) – which should be performed in conjunction with PPM. APM is also associated with each of the main IT governance decision areas.
- “Work with enterprise architects” is specifically called out and enterprise architecture is an IT governance decision area as well as a critical IT governance process.
- Shared service decisions are associated with the IT governance decision-making areas of enterprise architecture, infrastructure strategies, and fulfilling business needs.
- Risk and security are the longest standing aspects of IT governance
I like the emphasis on program management capability but appropriately managing resources is also one of the principles of IT governance.
Though some folks may view these as nitpicks, the separation of Commodity IT, Program Management, and Information Security leads me to believe IT governance is viewed as solely addressing IT investment decisions. I contend each federal CIO would fulfill each of the areas of responsibility listed in the IT Reform Plan if those CIOs strived to meet the principles of IT governance by making the right decisions in each area of IT governance and then realized those decisions through sound IT governance processes. Heck I believe they would achieve much more.
Even if I set aside the question of what the CIOs were doing before they were directed to “become responsible for IT portfolio management,” I am left with the fear that many CIOs will be unable to adequately meet the mandate. An acute understanding of IT governance is essential to meeting the goals of the federal IT reform plan, but the four areas of responsibility listed in the reform plan itself appear to reflect misconceptions of the IT governance discipline. I regret to say I find these misconceptions to be all-too-common, in business as well as government.
Again, I applaud the latest directive from the office of the OMB. But I’ll have to keep my fingers crossed that the “it’s about time” federal CIO focus on IT portfolio management and PPM will lead to an improved understanding of the nature as well as the power and promise of IT governance. Successfully managing the IT portfolio depends on it.
Steve Romero, IT Governance Evangelist
Article source: CA ITGovernance Blog