In addition, new advances in technology like Web 2.0 let businesses democratise access to information both from within the company and through partners in the ecosystem.
That means IT organizations now have an opportunity to inform their business counterparts about new collaborative-business capabilities. For example, Jeffrey Neville, CIO at the $200 million Eastern Mountain Sports, has successfully implemented collaborative wikis to enhance new product development and customer relationships, as well as RSS-enabled dashboards that alert line-of-business managers to unacceptable business-process metrics. These trends underscore the need for a partnership between IT and business to achieve what we call dynamic synchronization of their respective strategies. That will create a capacity for companies to evolve their business models to new paradigms of competition and innovation.
So why isn't this being done? Two major obstacles discourage IT from proactively partnering with business: legacy IT infrastructure and divergent goals. While the emergence of service-oriented architecture (SOA) and components-based frameworks make it easier to tackle the first problem, the second remains elusive to many. How much more different can the goals be? The mandate for business is to innovate and increase revenue, while that of IT is often about efficiency and cost reduction. We believe the efficiency goals of IT are necessary but not sufficient.
IT doesn't exist merely to facilitate the execution of business processes; it must provide a flexible infrastructure so the company can innovate in business models that map to strategic goals. At times, IT may also inform business managers about new possibilities to lead business-process innovation. The recognition of IT's operational and strategic role is a first step toward achieving dynamic synchronization with the business. The aim is to move beyond the current norm where IT simply plays catch-up and start improving process efficiencies.
SOA and Web services make it possible for companies to build true plug-and-play or "Velcro" business processes that promote the evolution of business models through flexible customer and supplier/partner connections. Without a proper governance mechanism, however, the flexibility provided through these new capabilities could be overused, leading to information overload for business-unit managers and unnecessary complexity in business processes.
A proper governance framework advances the dynamic-synchronization agenda through platforms like SOA. An important part of this agenda is empowering the enterprise to synchronize with changes in the business environment.
An appropriate governance framework should also create mechanisms for both business and IT to create partnerships at all levels. Business and IT must take measures to ensure that a shared agenda can evolve over time.
To ensure that business and IT move in lockstep to address the challenges facing the enterprise, five requirements must be met: demand management; prioritizing IT investments; IT application-portfolio management; supply management; and setting IT architecture and security standards.
In fact, most enterprises already have one, many, or all of these practices in place. But the crucial difference between governance and good governance is the active participation of business in demand management, prioritizing IT investments, and application-portfolio management. A good framework makes IT a true enabler of business processes.
Demand management. This step identifies and manages the demand for new IT services in the enterprise as a whole. Business units and the IT organization collectively identify modifications and additions to business processes and changes in IT systems that translate into an investment. In a mature demand-management practice, the IT organization has good insight into this process. Even so, IT seldom has input. It merely accepts new demands for IT services and, at best, augments the scope of IT services needed in building a business case.
In dynamic synchronization, identifying demand involves a rigorous, business-case-driven collaboration between the business-process owners and their IT counterparts. Their efforts should be reviewed by business heads.
At Cisco Systems, for example, business units bring a demand chart for IT investments on a pure business-case basis, with details on the potential business outcomes from the new IT investments, together with the responsibilities of the business units and IT organization, respectively. The IT organization is responsible for the on-time delivery, quality, and service-level performance of the new IT systems, whereas the business managers are held accountable for the business-process metrics outcomes. This clarity in roles and expectations helps in assessing the true impact of IT investments and in bringing out the relative business relevance of current IT commitments, as discussed in the next process in our governance framework.
Segmenting and prioritizing IT investments. Usually, the prioritization of IT investments is implicit and not transparent to the organization. In some companies, this prioritization can result in battling tactical fires, or it becomes a contest won by business managers who are louder than others in making their claims.
We believe that transparency is a prerequisite for good governance of business and IT. The three dimensions in segmenting and prioritizing IT investments are: its alignment with business strategy, the scope of the investment, and the nature of the investment—discretionary or nondiscretionary.
A business/IT council consisting of business-process owners and their IT counterparts should be responsible for segmenting and prioritizing. Often, it's the council members who get the risk capital to invest in IT for the future.
An advisory committee consisting of C-level executives should give final approval for major IT investments. However, IT or the business/IT council can make final decisions regarding smaller maintenance investments.
How should segmenting and prioritizing IT investments work in practice? The IT infrastructure—that is, the provisioning of hardware and network equipment and the associated operating systems—is the base layer on which IT platform services like E-mail, databases, and ERP systems are provided. We believe that new investments in, and changes to, the IT infrastructure and platforms are the foundation required to build sophisticated IT applications and fall under the nondiscretionary category of IT investment. However, in large organizations plagued with aging legacy applications, incremental changes demanded on these applications are also nondiscretionary. In contrast, the IT applications built on the platform to support or even define new business processes—such as new channels to enhance customer experience—exemplify discretionary IT investment.
An important decision the advisory committee needs to make is how much to spend on the discretionary and nondiscretionary segments. Several surveys on IT investments have revealed that enterprises spend more than 73% on nondiscretionary items. The reasons for this are both organizational and technical. First, as noted earlier, companies seldom have a well-defined process to proactively evaluate their IT spending. Second, the underlying IT architecture in a company burdened with legacy systems often drains the IT budget in bits of nondiscretionary changes to the legacy applications.
Forward-thinking organizations should aim to control their nondiscretionary spending to an ideal mix of 50% of the total IT investments to start with. This can be achieved by SLA-driven outsourcing of the IT infrastructure provisioning and supporting the IT platforms through third-party vendors.
But simply controlling nondiscretionary spending isn't sufficient. Prioritization of discretionary spending should be clearly linked to business strategy in terms of the business-growth areas, new business models, and the respective business processes. For example, if the business strategy articulates a new emphasis on connecting with customers, or on networking with specific suppliers on a needs basis, the proportion of discretionary investments in IT should reflect the changes in these business processes.
In prioritizing IT investments, input from the existing portfolio of applications that support operational efficiency and business innovation is important. This information needs to be captured in an application-portfolio scorecard, as we'll discuss below.
IT application-portfolio management. Although all IT resources, including infrastructure and people, can be analyzed from a portfolio perspective, we believe that the portfolio of IT applications is most important from the business/IT governance perspective because applications are the central nervous system of an enterprise.
A best practice for application-portfolio management is to develop and maintain a scorecard of applications that support innovation and efficiency mapped to current and future strategies. The applications portfolio should capture the nature of business value—that is, operational efficiency versus innovation, quality and performance of applications, sourcing choices, and the domain of business processes supported by each application—and whether the processes are core to the business strategy.
At an operational level, this scorecard should describe the health, degree of flexibility, and scalability of applications for identifying potential upgrading and phaseout opportunities. The IT portfolio should be managed and updated by the business/IT council.
A summary report of the enterprise applications should be sent to the advisory committee for review. This application scorecard can become the shared agenda for IT and business leaders to discuss how the current IT architecture is tuned to the demands of the business strategy and the performance of basic IT-infrastructure performance. In some cases, this information can also be presented to the senior business and IT managers through real-time dashboards that link to the corporate balanced scorecard.
At one large auto manufacturer, for example, business units and the IT organization identify applications portfolios based on the business functions they service—that is, HR, marketing, and so forth. Each portfolio is periodically assessed for companywide risks related to business alignment, cost of operations, and robustness of the technology platform to help make decisions on issues such as re-engineering, retiring, rehosting on different technologies, and offshoring.
The portfolio is also analyzed from time to time at the regional level. For example, an analysis of the application portfolio in a high-growth market led the automaker to move toward a consolidation of disparate CRM applications on a common ERP platform, to be supported on a shared service basis across the region. However, the HR and payroll application portfolio was left unchanged, since consolidation would have made it unwieldy to support the vastly different country regulations in the region.
Supply management. There are two distinct process components to our business/IT governance strategy. First, there's the basic process that ensures delivery of IT services once the investments are approved by the advisory committee. Second, there's the process of continuously searching for emerging technologies and evaluating how they can produce new experiences for customers and partners through novel business processes.
Once the requests for IT services are prioritized and approvals for IT investments are given, there's a need for a distinct supply-management process that includes identifying the right sourcing mechanism, technologies, and partners to ensure on-time delivery of quality systems—for example, whether to keep things in-house or outsource. This decision should be based on the strategic nature of the systems, together with time, quality, and cost considerations. If the company chooses to outsource, it must have mechanisms for evaluating, selecting, and managing vendors. Monitoring quality and service-level agreements is essential to good supply-management practice. We believe that supply management should be left to a specialist group within IT and then reviewed by the CIO.
The second aspect of educating the business on the potential opportunities of new technologies should fall to a team under the CTO. This team, with the help of other IT staffers who are knowledgeable about how the various business processes are supported, is best positioned to explore proof of concepts with new technologies for the business units.
In the case of HIP Health Plan of New York, the CTO and the IT team in the supply-management function go beyond just providing IT services in sync with business demands. Indeed, the health insurer's IT team proactively takes the lead in experimenting with new technologies and services. HIP invests 30% of its IT budget on experimentation such as introducing new customer services based on innovative use of IT.
An example of this experimentation is the development of a device to remotely monitor vital signs of high-risk patients based on a few rules-based metrics. HIP faced significant and frequent claims from patients who had to be kept in the hospital just in case they experienced symptoms of deterioration. The nurses at the hospital did routine screening of certain body-fluid measures to check on the status of the patients. If these metrics crossed the predefined safety bands, doctors on duty would attend to the patients.
In the course of scanning for new technologies, the CTO and technology team at HIP identified a small company that had piloted remote monitoring of body-fluid statistics over the wireless data networks. This technology was integrated with the customer interface business process of HIP and piloted for a few patients. The pilot proved successful and was finally adopted for several low-risk patients, reducing their hospital stays. This IT-driven innovation increased the effectiveness of service while lowering costs.
Like HIP New York, financial-services firm Charles Schwab—which serves more than 6.7 million client brokerage accounts, 541,000 corporate retirement-plan participants, and 146,000 bank accounts, for a grand total of $1.2 trillion in client assets—maintains an internal IT group that scans new technologies for their relevance to the company's business processes. This aspect of IT supply management is critical for the IT organization to proactively inform business units on new possibilities through experimentation.
Internal compliance with enterprise IT architecture and security standards. The role of business/IT governance is also to see that in searching for new business value, the team doesn't pose a risk to the organization. As noted earlier, while new technologies such as SOA may offer new degrees of flexibility, the sanctity of the architecture and security must be guarded.
In fact, most enterprises already have one, many, or all of these practices in place. But the crucial difference between governance and good governance is the active participation of business in demand management, prioritizing IT investments, and application-portfolio management. A good framework makes IT a true enabler of business processes.
Demand management. This step identifies and manages the demand for new IT services in the enterprise as a whole. Business units and the IT organization collectively identify modifications and additions to business processes and changes in IT systems that translate into an investment. In a mature demand-management practice, the IT organization has good insight into this process. Even so, IT seldom has input. It merely accepts new demands for IT services and, at best, augments the scope of IT services needed in building a business case.
In dynamic synchronization, identifying demand involves a rigorous, business-case-driven collaboration between the business-process owners and their IT counterparts. Their efforts should be reviewed by business heads.
At Cisco Systems, for example, business units bring a demand chart for IT investments on a pure business-case basis, with details on the potential business outcomes from the new IT investments, together with the responsibilities of the business units and IT organization, respectively. The IT organization is responsible for the on-time delivery, quality, and service-level performance of the new IT systems, whereas the business managers are held accountable for the business-process metrics outcomes. This clarity in roles and expectations helps in assessing the true impact of IT investments and in bringing out the relative business relevance of current IT commitments, as discussed in the next process in our governance framework.
Segmenting and prioritizing IT investments. Usually, the prioritization of IT investments is implicit and not transparent to the organization. In some companies, this prioritization can result in battling tactical fires, or it becomes a contest won by business managers who are louder than others in making their claims.
We believe that transparency is a prerequisite for good governance of business and IT. The three dimensions in segmenting and prioritizing IT investments are: its alignment with business strategy, the scope of the investment, and the nature of the investment—discretionary or nondiscretionary.
A business/IT council consisting of business-process owners and their IT counterparts should be responsible for segmenting and prioritizing. Often, it's the council members who get the risk capital to invest in IT for the future.
An advisory committee consisting of C-level executives should give final approval for major IT investments. However, IT or the business/IT council can make final decisions regarding smaller maintenance investments.
How should segmenting and prioritizing IT investments work in practice? The IT infrastructure—that is, the provisioning of hardware and network equipment and the associated operating systems—is the base layer on which IT platform services like E-mail, databases, and ERP systems are provided. We believe that new investments in, and changes to, the IT infrastructure and platforms are the foundation required to build sophisticated IT applications and fall under the nondiscretionary category of IT investment. However, in large organizations plagued with aging legacy applications, incremental changes demanded on these applications are also nondiscretionary. In contrast, the IT applications built on the platform to support or even define new business processes—such as new channels to enhance customer experience—exemplify discretionary IT investment.
An important decision the advisory committee needs to make is how much to spend on the discretionary and nondiscretionary segments. Several surveys on IT investments have revealed that enterprises spend more than 73% on nondiscretionary items. The reasons for this are both organizational and technical. First, as noted earlier, companies seldom have a well-defined process to proactively evaluate their IT spending. Second, the underlying IT architecture in a company burdened with legacy systems often drains the IT budget in bits of nondiscretionary changes to the legacy applications.
Forward-thinking organizations should aim to control their nondiscretionary spending to an ideal mix of 50% of the total IT investments to start with. This can be achieved by SLA-driven outsourcing of the IT infrastructure provisioning and supporting the IT platforms through third-party vendors.
But simply controlling nondiscretionary spending isn't sufficient. Prioritization of discretionary spending should be clearly linked to business strategy in terms of the business-growth areas, new business models, and the respective business processes. For example, if the business strategy articulates a new emphasis on connecting with customers, or on networking with specific suppliers on a needs basis, the proportion of discretionary investments in IT should reflect the changes in these business processes.
In prioritizing IT investments, input from the existing portfolio of applications that support operational efficiency and business innovation is important. This information needs to be captured in an application-portfolio scorecard, as we'll discuss below.
IT application-portfolio management. Although all IT resources, including infrastructure and people, can be analyzed from a portfolio perspective, we believe that the portfolio of IT applications is most important from the business/IT governance perspective because applications are the central nervous system of an enterprise.
A best practice for application-portfolio management is to develop and maintain a scorecard of applications that support innovation and efficiency mapped to current and future strategies. The applications portfolio should capture the nature of business value—that is, operational efficiency versus innovation, quality and performance of applications, sourcing choices, and the domain of business processes supported by each application—and whether the processes are core to the business strategy.
At an operational level, this scorecard should describe the health, degree of flexibility, and scalability of applications for identifying potential upgrading and phaseout opportunities. The IT portfolio should be managed and updated by the business/IT council.
A summary report of the enterprise applications should be sent to the advisory committee for review. This application scorecard can become the shared agenda for IT and business leaders to discuss how the current IT architecture is tuned to the demands of the business strategy and the performance of basic IT-infrastructure performance. In some cases, this information can also be presented to the senior business and IT managers through real-time dashboards that link to the corporate balanced scorecard.
At one large auto manufacturer, for example, business units and the IT organization identify applications portfolios based on the business functions they service—that is, HR, marketing, and so forth. Each portfolio is periodically assessed for companywide risks related to business alignment, cost of operations, and robustness of the technology platform to help make decisions on issues such as re-engineering, retiring, rehosting on different technologies, and offshoring.
The portfolio is also analyzed from time to time at the regional level. For example, an analysis of the application portfolio in a high-growth market led the automaker to move toward a consolidation of disparate CRM applications on a common ERP platform, to be supported on a shared service basis across the region. However, the HR and payroll application portfolio was left unchanged, since consolidation would have made it unwieldy to support the vastly different country regulations in the region.
Supply management. There are two distinct process components to our business/IT governance strategy. First, there's the basic process that ensures delivery of IT services once the investments are approved by the advisory committee. Second, there's the process of continuously searching for emerging technologies and evaluating how they can produce new experiences for customers and partners through novel business processes.
Once the requests for IT services are prioritized and approvals for IT investments are given, there's a need for a distinct supply-management process that includes identifying the right sourcing mechanism, technologies, and partners to ensure on-time delivery of quality systems—for example, whether to keep things in-house or outsource. This decision should be based on the strategic nature of the systems, together with time, quality, and cost considerations. If the company chooses to outsource, it must have mechanisms for evaluating, selecting, and managing vendors. Monitoring quality and service-level agreements is essential to good supply-management practice. We believe that supply management should be left to a specialist group within IT and then reviewed by the CIO.
The second aspect of educating the business on the potential opportunities of new technologies should fall to a team under the CTO. This team, with the help of other IT staffers who are knowledgeable about how the various business processes are supported, is best positioned to explore proof of concepts with new technologies for the business units.
In the case of HIP Health Plan of New York, the CTO and the IT team in the supply-management function go beyond just providing IT services in sync with business demands. Indeed, the health insurer's IT team proactively takes the lead in experimenting with new technologies and services. HIP invests 30% of its IT budget on experimentation such as introducing new customer services based on innovative use of IT.
An example of this experimentation is the development of a device to remotely monitor vital signs of high-risk patients based on a few rules-based metrics. HIP faced significant and frequent claims from patients who had to be kept in the hospital just in case they experienced symptoms of deterioration. The nurses at the hospital did routine screening of certain body-fluid measures to check on the status of the patients. If these metrics crossed the predefined safety bands, doctors on duty would attend to the patients.
In the course of scanning for new technologies, the CTO and technology team at HIP identified a small company that had piloted remote monitoring of body-fluid statistics over the wireless data networks. This technology was integrated with the customer interface business process of HIP and piloted for a few patients. The pilot proved successful and was finally adopted for several low-risk patients, reducing their hospital stays. This IT-driven innovation increased the effectiveness of service while lowering costs.
Like HIP New York, financial-services firm Charles Schwab—which serves more than 6.7 million client brokerage accounts, 541,000 corporate retirement-plan participants, and 146,000 bank accounts, for a grand total of $1.2 trillion in client assets—maintains an internal IT group that scans new technologies for their relevance to the company's business processes. This aspect of IT supply management is critical for the IT organization to proactively inform business units on new possibilities through experimentation.
Internal compliance with enterprise IT architecture and security standards. The role of business/IT governance is also to see that in searching for new business value, the team doesn't pose a risk to the organization. As noted earlier, while new technologies such as SOA may offer new degrees of flexibility, the sanctity of the architecture and security must be guarded.
To ensure that business and IT move in lockstep to address the challenges facing the enterprise, five requirements must be met: demand management; prioritizing IT investments; IT application-portfolio management; supply management; and setting IT architecture and security standards.
In fact, most enterprises already have one, many, or all of these practices in place. But the crucial difference between governance and good governance is the active participation of business in demand management, prioritizing IT investments, and application-portfolio management. A good framework makes IT a true enabler of business processes.
Demand management. This step identifies and manages the demand for new IT services in the enterprise as a whole. Business units and the IT organization collectively identify modifications and additions to business processes and changes in IT systems that translate into an investment. In a mature demand-management practice, the IT organization has good insight into this process. Even so, IT seldom has input. It merely accepts new demands for IT services and, at best, augments the scope of IT services needed in building a business case.
In dynamic synchronization, identifying demand involves a rigorous, business-case-driven collaboration between the business-process owners and their IT counterparts. Their efforts should be reviewed by business heads.
At Cisco Systems, for example, business units bring a demand chart for IT investments on a pure business-case basis, with details on the potential business outcomes from the new IT investments, together with the responsibilities of the business units and IT organization, respectively. The IT organization is responsible for the on-time delivery, quality, and service-level performance of the new IT systems, whereas the business managers are held accountable for the business-process metrics outcomes. This clarity in roles and expectations helps in assessing the true impact of IT investments and in bringing out the relative business relevance of current IT commitments, as discussed in the next process in our governance framework.
Segmenting and prioritizing IT investments. Usually, the prioritization of IT investments is implicit and not transparent to the organization. In some companies, this prioritization can result in battling tactical fires, or it becomes a contest won by business managers who are louder than others in making their claims.
We believe that transparency is a prerequisite for good governance of business and IT. The three dimensions in segmenting and prioritizing IT investments are: its alignment with business strategy, the scope of the investment, and the nature of the investment—discretionary or nondiscretionary.
A business/IT council consisting of business-process owners and their IT counterparts should be responsible for segmenting and prioritizing. Often, it's the council members who get the risk capital to invest in IT for the future.
An advisory committee consisting of C-level executives should give final approval for major IT investments. However, IT or the business/IT council can make final decisions regarding smaller maintenance investments.
How should segmenting and prioritizing IT investments work in practice? The IT infrastructure—that is, the provisioning of hardware and network equipment and the associated operating systems—is the base layer on which IT platform services like E-mail, databases, and ERP systems are provided. We believe that new investments in, and changes to, the IT infrastructure and platforms are the foundation required to build sophisticated IT applications and fall under the nondiscretionary category of IT investment. However, in large organizations plagued with aging legacy applications, incremental changes demanded on these applications are also nondiscretionary. In contrast, the IT applications built on the platform to support or even define new business processes—such as new channels to enhance customer experience—exemplify discretionary IT investment.
An important decision the advisory committee needs to make is how much to spend on the discretionary and nondiscretionary segments. Several surveys on IT investments have revealed that enterprises spend more than 73% on nondiscretionary items. The reasons for this are both organizational and technical. First, as noted earlier, companies seldom have a well-defined process to proactively evaluate their IT spending. Second, the underlying IT architecture in a company burdened with legacy systems often drains the IT budget in bits of nondiscretionary changes to the legacy applications.
Forward-thinking organizations should aim to control their nondiscretionary spending to an ideal mix of 50% of the total IT investments to start with. This can be achieved by SLA-driven outsourcing of the IT infrastructure provisioning and supporting the IT platforms through third-party vendors.
But simply controlling nondiscretionary spending isn't sufficient. Prioritization of discretionary spending should be clearly linked to business strategy in terms of the business-growth areas, new business models, and the respective business processes. For example, if the business strategy articulates a new emphasis on connecting with customers, or on networking with specific suppliers on a needs basis, the proportion of discretionary investments in IT should reflect the changes in these business processes.
In prioritizing IT investments, input from the existing portfolio of applications that support operational efficiency and business innovation is important. This information needs to be captured in an application-portfolio scorecard, as we'll discuss below.
IT application-portfolio management. Although all IT resources, including infrastructure and people, can be analyzed from a portfolio perspective, we believe that the portfolio of IT applications is most important from the business/IT governance perspective because applications are the central nervous system of an enterprise.
A best practice for application-portfolio management is to develop and maintain a scorecard of applications that support innovation and efficiency mapped to current and future strategies. The applications portfolio should capture the nature of business value—that is, operational efficiency versus innovation, quality and performance of applications, sourcing choices, and the domain of business processes supported by each application—and whether the processes are core to the business strategy.
At an operational level, this scorecard should describe the health, degree of flexibility, and scalability of applications for identifying potential upgrading and phaseout opportunities. The IT portfolio should be managed and updated by the business/IT council.
A summary report of the enterprise applications should be sent to the advisory committee for review. This application scorecard can become the shared agenda for IT and business leaders to discuss how the current IT architecture is tuned to the demands of the business strategy and the performance of basic IT-infrastructure performance. In some cases, this information can also be presented to the senior business and IT managers through real-time dashboards that link to the corporate balanced scorecard.
At one large auto manufacturer, for example, business units and the IT organization identify applications portfolios based on the business functions they service—that is, HR, marketing, and so forth. Each portfolio is periodically assessed for companywide risks related to business alignment, cost of operations, and robustness of the technology platform to help make decisions on issues such as re-engineering, retiring, rehosting on different technologies, and offshoring.
The portfolio is also analyzed from time to time at the regional level. For example, an analysis of the application portfolio in a high-growth market led the automaker to move toward a consolidation of disparate CRM applications on a common ERP platform, to be supported on a shared service basis across the region. However, the HR and payroll application portfolio was left unchanged, since consolidation would have made it unwieldy to support the vastly different country regulations in the region.
Supply management. There are two distinct process components to our business/IT governance strategy. First, there's the basic process that ensures delivery of IT services once the investments are approved by the advisory committee. Second, there's the process of continuously searching for emerging technologies and evaluating how they can produce new experiences for customers and partners through novel business processes.
Once the requests for IT services are prioritized and approvals for IT investments are given, there's a need for a distinct supply-management process that includes identifying the right sourcing mechanism, technologies, and partners to ensure on-time delivery of quality systems—for example, whether to keep things in-house or outsource. This decision should be based on the strategic nature of the systems, together with time, quality, and cost considerations. If the company chooses to outsource, it must have mechanisms for evaluating, selecting, and managing vendors. Monitoring quality and service-level agreements is essential to good supply-management practice. We believe that supply management should be left to a specialist group within IT and then reviewed by the CIO.
The second aspect of educating the business on the potential opportunities of new technologies should fall to a team under the CTO. This team, with the help of other IT staffers who are knowledgeable about how the various business processes are supported, is best positioned to explore proof of concepts with new technologies for the business units.
In the case of HIP Health Plan of New York, the CTO and the IT team in the supply-management function go beyond just providing IT services in sync with business demands. Indeed, the health insurer's IT team proactively takes the lead in experimenting with new technologies and services. HIP invests 30% of its IT budget on experimentation such as introducing new customer services based on innovative use of IT.
An example of this experimentation is the development of a device to remotely monitor vital signs of high-risk patients based on a few rules-based metrics. HIP faced significant and frequent claims from patients who had to be kept in the hospital just in case they experienced symptoms of deterioration. The nurses at the hospital did routine screening of certain body-fluid measures to check on the status of the patients. If these metrics crossed the predefined safety bands, doctors on duty would attend to the patients.
In the course of scanning for new technologies, the CTO and technology team at HIP identified a small company that had piloted remote monitoring of body-fluid statistics over the wireless data networks. This technology was integrated with the customer interface business process of HIP and piloted for a few patients. The pilot proved successful and was finally adopted for several low-risk patients, reducing their hospital stays. This IT-driven innovation increased the effectiveness of service while lowering costs.
Like HIP New York, financial-services firm Charles Schwab—which serves more than 6.7 million client brokerage accounts, 541,000 corporate retirement-plan participants, and 146,000 bank accounts, for a grand total of $1.2 trillion in client assets—maintains an internal IT group that scans new technologies for their relevance to the company's business processes. This aspect of IT supply management is critical for the IT organization to proactively inform business units on new possibilities through experimentation.
Internal compliance with enterprise IT architecture and security standards. The role of business/IT governance is also to see that in searching for new business value, the team doesn't pose a risk to the organization. As noted earlier, while new technologies such as SOA may offer new degrees of flexibility, the sanctity of the architecture and security must be guarded.
The architecture and security group should offer guidance by assessing the deviations from enterprise architecture and security standards at each round of new IT investments or major changes to existing systems.
Architecture and security standards are best defined at an enterprise level and communicated to all business units to ensure compliance. The important aspects of setting and maintaining standards are planning and definition, communication, enforcement, and audits and reviews. Architecture and security standards should be the responsibility of a specialist group of architects within IT and reviewed by the CIO.
The role of IT architecture and its link with business processes is becoming increasingly important as more enterprises implement SOA and Web 2.0 technologies such as internal blogs and wikis. The IT architecture group must understand the needs of business-process owners before they define the SOA architecture. Often, we find that the granularity of services is either a level higher or a level lower than what business users want. Another issue we observe is that services are often defined either by one dominant business group or a group of IT architects, resulting in a complex fabrication of services that are narrowly defined. This often defeats the reuse objective that enterprises want to achieve using SOA.
A robust IT-governance mechanism needs to address such issues and ensure that services are at the right level of granularity and transparent in a way that permits reuse. SOA and Web 2.0 initiatives can quickly turn into freedom at the cost of chaos. However, strong IT governance, spearheaded by the IT architecture group, can help restore order. For example, at one bank using SOA to drive cross-channel integration, the IT architecture group mediates between different business-process teams to ensure internal compliance. Similarly while wikis on the enterprise intranet can be a very useful medium for collaboration, guarding this infrastructure through a sound security policy becomes critical.
Armed with a tightly crafted governance framework, IT will be best positioned to receive the leadership baton.
We recommend a three-tiered approach to delivering best-in-class business/IT governance: a business/IT council, an advisory committee, and a group that includes business-process managers and various departments within IT.
These action steps can help you implement and refine the governance framework.
Obtain buy-in from stakeholders
The important pre-adoption challenge to dynamic synchronization is obtaining buy-in from both business units and IT for establishing the governance process. This is best overcome through sustained communication that originates from the CEO—who, among other things, initiates the business/IT council and advisory committee. In addition to traditional E-mail communication, it's essential to have live Q&A sessions that address any concerns that process and IT teams may have. The senior executives and CEO must articulate the significance of aligning this governance process to the business model.
Another part of the buy-in process involves communicating how business/IT governance objectives will benefit business units both individually and collectively. This includes both operational and strategic objectives, along with scorecards that measure whether these objectives are achieved. It's important for all participants to know early on that in addition to tactical IT project metrics, there are ways to measure how well IT is aligned with current and future business strategies. Executives often don't have a good sense of current performance, as the metrics in the scorecards fail to capture all relevant information.
Adopt the new framework
Initially, adopting the new framework may prove arduous, even to the point of derailing the process and impeding dynamic synchronization. To mitigate problems, the business/IT council must draw up and administer a detailed plan for the enterprise. It's prudent to have a full-time program manager for the council to help keep the governance process on track.
One way to make adoption easier is to have frameworks, templates, and timetables published wherever possible. This is a must for activities like segmenting and prioritizing IT investments, and for making business cases.
Keep dynamic synchronisation on track
The real business impact of the governance framework kicks in when business and IT work together to change demand management and the segmentation and prioritisation processes.
Senior management must continue to monitor developments closely and adhere to the plan.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
![Fed's digital ID system coming to myGov "this [financial] year"](https://i.nextmedia.com.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2fmygovid_app.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
