Magazine. Vol. 04, October, 2008.
David Robertson “IT focuses on short-term projects” 14
Bart Van den Bosch “Workflow condition for success” 10
Jan Dobbenie “Banning ‘ad hoc’ development” 15
Luc Verbist “IT closely involved in the business” 22
Jan Muchez “Reflect on your sourcing policy” 18
Editorial: Bigger value? Enterprise Architecture: The architect’s role CIOnet Survey: Benelux CIOs take the lead in change Document management: Still a thorny issue IT governance: Value Creation Column: Reflect on your sourcing policy IT security: Responsibility moves to the outsourcer Column: The flexibility of IT
3 4 8 10 14 18 20 22
Editorial
Bigger value ?
T
he shortage of talent on the IT market remains a hot topic. With all the good work done so far by CIOnet, a number of professional organisations and the academic world, it’s time to ask ourselves if CIOnet could do even more, or if we could better focus our current efforts. As we consider these actions (see summary on the CIOnet website of Academia Belgica June 24, 2008 meeting) we should overcome two key issues that suboptimise the interest in IT. 1. It’s a left-brain-skewed profession, while a heavier right-brain injection would foster more inspirational innovation and marketing/communication of the job/achievements, in other words, the lack of interest in IT could result from lack of good marketing/communication. 2. It’s a male-dominated profession, heavily underutilising the female talent pool while the work from home (e.g. 2-3 days a week) could be very attractive to women (and could attract more males as well). Here are some thoughts that hopefully will stimulate some dialogue and possibly additional action. First, what can we do within our companies to make the IT function (and thereby the IT jobs) more attractive? Should CIOnet create additional Special Interest Groups, such as ‘Strategy Development for IT based Value Creation’, or ‘IT based Process Innovation’, ‘How to Organise Work from Home’, ‘How to Broaden IT into Business Services Management’. Secondly, should we develop a more intense cooperation programme between CIOnet member companies and the academic world, by reaching out to students (not only in IT specific curricula, but also economics and other) with a well organised programme for internships, subjects for theses and projects, e.g. surveys on topics that are of interest to our CIOnet members and students. Thirdly, should we work with the government to develop a strategy to stimulate our knowledge industry? Our de facto economic strategy is still focused on manufacturing and distribution, our roads are getting more congested every single day, while an IT based knowledge industry doesn’t require massive transportation and allows work from home more than any other industry. I present you these brainstorming thoughts. Your comments, feedback and additional ideas are very welcome at jos.vanpee@cionet.com.
JOS VAN PEE
Associate Director CIOnet
3
Special feature
Enterprise Architecture
The architect’s role There might be some confusion about the role of the Enterprise Architect in the organisation and his reach within it can be limited, but there is a real job for him. As we learn from a meeting, organised by CIOnet in the Netherlands.
A
PICTURE
Steven Van ‘t Veld, Independent Principal Consultant at A/I/M bv: “In IT, there are too many architects.”
ccording to Steven Van ’t Veld, Independent Principal Consultant at A/I/M bv it is quite simple: most companies lack a real Information Architecture, with the emphasis on information. “Information is the reason why you have IT. If you don’t have information, there is no need for IT. It’s information that I want, and not data”, says Van ‘t Veld, and he points out the enormous growth in data over time, of which 75 per cent is a copy. “Information is a strategic resource for the business,” he continues, “and Information Technology is a tool.” But Van ‘t Veld thinks IT will vanish over time. “IT will disappear under the hood of the car”, he says. And that’s why organisations should care less about IT and more about their information. They will have to learn to determine exactly which IT solutions they want. The global trend of ‘outsource it’ should be stopped and or-
ganisations should only outsource what they cannot cope with themselves. They have to stay in charge and be able to manage what they do, whether outsourced or not. “Companies can never outsource the responsibility for their own information”, adds Van ‘t Veld. In IT, there are too many architects. “It has become a chaos,” says Van ‘t Veld, “and that is why there should be an architecture of architectures. A meta-architecture.” He distinguishes three kinds of architecture within an organisation. At the bottom of his chart there is the IT Infrastructure Architecture. “There are only wires and software there.” At the top, there is the Business or Process Architecture. “Missing in this picture is the Enterprise Information Architecture”, says Van ‘t Veld, and draws this in between the Business and the Infrastructure Architecture, creating a triangle. The Architects can be placed in this triangle; at the bottom the IT Infrastructure Architect, between infrastructure and business processes is the Enterprise Architect, responsible for Business Alignment, and at the side, there is the Enterprise Information Architect. “The Enterprise Information Architect is an information specialist who operates with information as a corporate resource”, explains Van ‘t Veld. “Whereas the Enterprise Architect is an IT specialist who oversees the IT infrastructure and the added value for the business. He is, in other
4
Special feature
words, responsible for Business Alignment. And the IT Architect is someone who works with the technology within the IT infrastructure.” Now where are these Architects within the organisation? At a strategic level we see the CIO and the Enterprise Information Architect. They are more or less on the ‘demand’ side. At the ‘supply’ side, we see the IT Enterprise Architect and the IT Infrastructure Architect, at a tactical level. “The Architect is a consultant; an advisor for the manager”, says Van ‘t Veld. A Merger of four companies Wouter Haasloop Werner is now the CIO of Maxeda. But he tells of his experiences in his job before that, at Vitens. At the time, Vitens was involved in a merger with three other companies, a process in which important decisions had to be taken. The merger was planned over three years. During the first step we had to decide when to do what. For that purpose, Haasloop Werner made on big sheets of paper designs of possible future information system landscapes, and used these to start the discussion with his colleagues from the other parts of the business. “That discussion turned out in a big chaos”, he says. “It was too difficult to discuss the integration of the full company on a corporate level with all relevant managers involved. Besides that, most of them at that moment did not have the urgency to think macro and integration, but were busy making micro-plans for their own departments. At one point in time, the conclusion was inevitable that this was not going to work. So we stood back, looked at our designs and made our own choices. We designed a central architecture with a clear distinction between fully integrated information systems and more ‘loosely coupled systems’. We saw that the biggest, most central chunk was formed by the financial processes. So we set ourselves the challenge to integrate all financial processes and in- and outgoing cash
flows in the first year. And so we did. For the post merger integration planning this architecture became leading. Because obviously, when you integrate the systems for billing, invoicing and cash collection, salary payments, procurement and accounting, you integrate these business processes as well. For decision making we made a financial planning for integrating the systems. The whole approach was very successful. Within the first year, all the financial systems were integrated, and in the mean time there was an enormous positive impact on the IT department in the form of a build-up of knowledge, which resulted in a great self-confidence of the IT department. Our experience is that when you integrate information systems, the connected processes will follow. Choices concerning these processes are much easier to make in the context of an integration project, than in process design workshops. By taking this route, we managed to do successful projects in terms of time and budget.”
PICTURE
Wouter Haasloop Werner, CIO of Maxeda, formerly active at Vitens: “Next time I would put more energy in attempts to get the business managers more involved.”
But there are certainly things that he would do differently a next time. So he shares his learning experiences. “On the positive side I learned that thinking in architectures can be very powerful. And with a project like this you get to know the power of the ‘intangible assets’. People do ‘grow’ and there you get something in return. And this is what I would do differently a next time. First I would put more energy in attempts to get the business managers more involved. Yes we tried, but maybe not >
5
Special feature
PICTURE
Tom Van Sante, Principal Consultant for Getronics PinkRoccade: “The role of architecture changes from pure design to the principles and policies within which future designs must fit.”
> hard enough. Having said that, I learned that it is
very hard for people to look above their own abstraction level. This is indeed very complex and to oversee more than your own area, at a higher level, is for most people difficult. Next it is most important to understand the incentives of other people. Everyone has his own interests and you have to be able to place yourself in the other’s position. Then, I would focus more on external factors, such as reducing external risks instead of internal, and on gathering knowledge, creation and enrichment. Besides that, we could have made IT more visible within the company.” Focus on TOGAF Tom Van Sante, in his daily life Principal Consultant for Getronics PinkRoccade, reveals that he probably is the only real architect in the room, for at university he studied architecture – of buildings that is. And so he opens his lecture with the question what architecture is, by posing that question with pictures of buildings. The answers seem to be easy looking at a picture of a creation of the famous architect Frank Lloyd Wright, but the reactions from the audience get more hesitant with pictures of more ordinary buildings and a picture of houses in a slum. Then he shows the definition of architecture according to IEEE 1471: ‘The fundamental organisation of a system embodied in its components, their relationship to each other and to the environment and the principles guiding its design and evolution’. “I think there is still a lot of confusion about the
6
word architecture,” says Van Sante, “I never studied architecture to make architecture. I studied architecture to help clients making beautiful and useful cities or buildings. And that by taking out the complexity with models and descriptions, and simplifying the process from idea to realisation.” “Architecture is a process,” he continues, “as we look at Enterprise Architecture, we can define the Enterprise as the organisation, or maybe a set of organisations with a common goal. And therefore Architecture is not only a description of a system, but most importantly it is the process to support its implementation. Enterprise Architecture is the process that helps organisations plan the future.” He again makes the connection with buildings, by describing how there the role of architects came into existence. “Once there was a time when there were no architects, there were just carpenters. But as the projects became larger and the number of carpenters increased, they had to communicate. And the one carpenter that took that job of ‘primus inter pares’ became the architect.” The world is changing in a rapid pace, and with that, Van Sante sees the role of the architect changing as well. “The world is growing into all kinds of networks that are no longer manageable. The only thing that you can do is applying standards, and continuing to understand what is happening”, he says. “The role of Architecture changes from pure design to the principles and policies within which future designs must fit.” And that brings us to TOGAF. TOGAF, which stands for The Open Group Architecture Framework, is a tool that Architects can use in their daily jobs, and Van Sante happens to be one of the authors of the pocket guide about TOGAF. He explains the essence of TOGAF. “TOGAF mainly consists of three elements; it’s an Architecture Development Method or ADM, it’s an Enterprise Continuum, that’s a repository with building blocks that you can use and reuse, and finally it’s a Resource Base, a series of ‘best practices’. And the building blocks in the continuum and the best practices in the Resource Base are there to support the Architecture Development Method. But it is not the Holy Grail. It is a tool to build the process in your own organisation.”
Does your company have the best security? Data theft, hacking, denial of service. You can get hit anywhere, anytime. So, you need to protect your business ’ critical applications and increase the security and resilience of your infrastructure. After all, you want to minimise digital intrusion that can create financial damage, loss of reputation and reduced productivity. BT knows the threats you face. As a leading IT Services company, we help our customers to develop and implement a comprehensive security policy. With over 100 years of own experience, but also with the unique expertise of Infonet, Counterpane Internet Security and International Network Services (INS), BT can offer an unrivalled set of managed security services. Ranging from secure networking, threat management, intrusion detection, application security to consultancy services. So, with BT ’s security solutions you can think bigger about the future of your business.
www.bt.com/globalservices
Survey
Benelux CIOs take the lead in change
Views about IT
CIOs in the Benelux are leading their companies through the processes of change. Cost-cutting and innovation generated by IT are having the greatest impact on business.
F PICTURE
Johan Conix of West Trax interviewed a panel of Benelux CIOs: “Benelux CIOs rate the effective value of IT more highly than their American counterparts. They also talk about it more within the company.”
or the third successive year, CIOnet conducted a survey among its member CIOs in the Benelux. Thirty-five CIOs accepted the invitation to take part in the survey, answering thirteen questions online, ranging in scope from the actual interpretation of their job to their views about IT. The figures do provide a valuable indication of views and trends. “To be able to position the Benelux CIO in a broader context,” says Johan Conix of West Trax, who carried out the survey for CIOnet, “we compared the results with the ‘State of the CIO’ survey conducted by CIO Magazine in the United States.”
Top priorities An initial important observation is that both Benelux and American CIOs believe that aligning business and IT is their absolute top priority, just as they did last year. Among Benelux CIOs, improving the satisfaction of internal end-users was ranked second. The Benelux CIOs questioned also thought it important to rate the added value of IT and then tell other people in the company about it. For their part, Americans pay more attention to the issues of business continuity and risk management. One striking thing is that both surveys indicate that better cost management of IT is further down the list of priorities than last year. If we look at the top priorities in terms of technology, we can also see a number of shifts. Integrating existing systems and processes stands clearly at the top of the agenda for both Benelux and American CIOs. Last year, the Belgians still saw their top priority as being data security. Business intelligence has now climbed into second position. Areas such as serviceoriented architecture, document and knowledge management also gained in importance. E-commerce fell out of the top ten for Benelux CIOs this year, while it was slightly higher with the Americans, climbing to seventh position. Leading change In terms of time spent, aligning business and IT still takes up the largest slice of the Benelux CIO’s available time. Leading change processes came second, followed by implementing new systems
8
Survey
and architecture in third place. Alongside aligning business and IT, American CIOs spend most time developing partnerships between business and IT, as well as improving operational IT activities. “Benelux CIOs see themselves first and foremost as providing leadership for the change processes in IT within the company”, states Mr Conix. “The American CIO considers himself as a strategist looking at long-term plans.” American CIOs also attach great importance to their IT expertise. Those Benelux CIOs interviewed only ranked that particular skill in eighth place. Reducing overall business costs and supporting innovation were the two areas of IT considered to have the greatest impact on the company in the opinion of Benelux CIOs. Budgets down for one CIO in four As part of the survey, CIOnet also asked about any changes to the IT budget. Upwards of 34 per cent of those Benelux CIOs questioned said they had an increase in budget of 1 to 9 per cent for 2008. This compared with 42 per cent last year. Almost 29 per cent of Benelux CIOs had a budget increasing by 10 to 19 per cent. Yet there were plenty of CIOs having to make do with fewer resources than last year. 14 per cent of respondents had budgets falling by 1 to 9 per cent, while for almost 9 per cent, budget cuts were anything from 10 to 19 per cent. Taking all the figures together, we can see that one quarter of the CIOs on the panel had to make do with lower budgets than in 2008. For our American counterparts, that figure was only 13.5 per cent.
INFO
Integrating existing systems and processes remains the top technology priority for Benelux CIOs. On the management side, aligning IT and business processes is still their number one concern and also the strategic goal on which they spend most time. These observations were revealed from the third successive CIOnet survey among Benelux CIOs.
9
Case study
Document management at UH Leuven, VDAB and RIZIV-INAMI
Still a thorny issue New document management solutions are making the classic flow of paper a thing of the past. These solutions provide greater efficiency and better cost controls. The evidential value of digital documents still remains a thorny issue, though.
PICTURE
Nancy Vercammen, VDAB communications manager: “The document management solution is linked to a workflow and a credit system. That both guarantees the quality of the communication and keeps costs under control.”
A
hospital is required to store information about patients for twenty-five to thirty years. This means that the University Hospitals of Leuven has around thirty kilometres of archives. To optimise the use of those records, the hospital decided to digitise the active part of its archives. Taken altogether, this runs to around a hundred million pages. So the hospital appointed an outside company, which is able to scan approximately 260,000 pages per day. “We have been working electronically for a while,” says Bart Van den Bosch, CIO of UH Leuven, “in conjunction with
paper documents: personal notes from doctors, letters of referral, certificates, insurance documents, you name it.” When they are scanned, all these documents go to make up a totally electronic set of patient records. “Paper is not totally a bad thing”, asserts Mr Van den Bosch. “In fact it’s quite versatile. When a doctor neglects to fill in a box on a paper form, he doesn’t see an error message pop up. Or a surgeon can use a piece of paper to make a sketch of the planned procedure. Paper is also portable.” Which is why the hospital needed a system with benefits that outweighed those of paper. “The doctor needs to be able to navigate easily through the scanned documents. It also needs to be straightforward to view documents on the screen, otherwise there is a risk that the doctor will print out the digital file so that he can read what it says on paper. Which, of course, is not the aim of the system.” UH Leuven opted for one of its own developments. “The integration costs for an existing package are usually higher than the actual purchase price”, continues Mr Bart Van den Bosch. “The condition for success, of course, is that you develop a workflow in which you can genuinely put everything into the electronic file. That means there are no more patient records where you might be lacking a particular paper document.” Quality and budget control A document management system is also one of >
10
11
Case study
PICTURE
(page 11) Bart Van den Bosch, CIO UH Leuven: “Paper is versatile. A document management system has to exceed the benefits of paper. Otherwise the user will just print out the electronic files and work with those.”
PICTURE
Alain Grijseels, CIO RIZIVINAMI: “What about the evidential value of digital documents? Will a court in ten, twenty, thirty years’ time grant evidential value to a scan of a paper document that has since disappeared?”
> the most recent achievements at the VDAB
(Flemish Public Employment and Vocational Training Service). This organisation supports two hundred local offices in their communication requirements, part of which includes leaflets about local training courses. “To develop these local leaflets, we used to work with a system of fixed templates adapted to our house-style”, says Nancy Vercammen, VDAB communications manager. “But these templates were not a success, because there was too little difference between each leaflet, which meant that part of the message was lost.” The result was that the local offices came up with an uncontrolled number of their own designs. These home-made designs were often of low quality and did not fit in with the values that the VDAB wanted to get across in its communication. A document management solution with a workflow system – hosted by partner Xerox – provided a new approach. Using a role-based web application, local offices can now create a leaflet design that goes into the central communications department for approval via the workflow system.
“At he same time there is a credit system linked to it”, explains Ms Vercammen. “Each region is allocated a budget for producing leaflets. If they want to produce more, the money has to come from their own pocket. So the new approach provides a double benefit. We can be sure of the high quality of the leaflets, plus we keep our costs under better control.” Electronic evidential value The RIZIV-INAMI health fund is responsible for funding healthcare. The payments made by the organisation include disability allowances and refunds on healthcare received by members. Last year this represented almost 28 billion EUR of refunds. To be able to do this, RIZIV-INAMI needs to handle huge quantities of information on a daily basis. Each year, the organisation processes 1.2 billion pieces of information and handles more than 500,000 active files. RIZIV-INAMI also has 2.5 million electronic documents and is responsible for managing a website that runs to 10,000 pages. “In our environment, a solution for document management first and foremost has to be scalable”, says Alain Grijseels, CIO of RIZIV-INAMI. “It also has to be able to provide version management, conclusive workflow and security, plus functionality in terms of reporting.” However, one important challenge lurking in the background consists of the evidential value of the electronic documents handled. “Dematerialising paper records is no longer a problem these days. But what about their evidential value in the longer term? Will a court grant evidential value to an electronic file in ten, twenty, thirty years’ time? Will it accept that the file really is a scan of a paper document that once had a real signature, but has now disappeared?” The challenge not only lies in the fact that an organisation may still need to produce hard evidence of content over the long term, but this is also probably not an easy task technologically speaking. “Today, there are documents in all sorts of sizes and formats”, says Mr Grijseels. “Will we still be able to view them easily in thirty years’ time? The challenge facing document management in the long term – especially in the area of documents that have evidential value – is that today we are looking mainly at procedures, and not just at the technology.”
12
HP Data Center Transformation Speed business innovation Consolidated Automated Energy Efficient Virtualized Resilient Agile and Flexible Technology for better business outcomes
Let us help you build your next-generation data center.
4AA1-8986ENW, April 2008
Consolidation
Data center automation
Data Center Transformation Energy and space efficiency
Business continuity and availability
Special feature
The new role of Enterprise Architecture
Value Creation
Reaching value from IT activities is achieved through innovation that results from adequate enterprise strategy and planning. Evolving a business without an Enterprise Architecture is like flying cross-country without a flight plan. You may reach your final destination, but with considerable risk and unknowns. Georges Ataya reports from The European Summit on IT Governance, a partnership event between Unisys, CIOnet, the IT Governance Institute and PwC.
PICTURE
David Robertson, professor at IMD International in Lausanne and co-author of the book, ‘Enterprise Architecture as a Strategy’, finds that IT focuses on short-term projects with little thought to long-term needs. The resulting architecture makes the company less flexible in the future, according to Robertson.
T
he goal of Enterprise Architecture is to provide a road map for enterprise innovation and the blueprints for the desired enterprise business, information, and technology architectures. It reduces complexity, creates adaptiveness, and improves the overall leverage of valuable IT resources. This year’s Summit focused on Enterprise Architecture and brought together a number of CIOs, academics and topic experts.
Operating Models In his keynote, David Robertson, professor at IMD International in Lausanne and co-author of the book, ‘Enterprise Architecture as a Strategy’, stressed the importance of standardisation and integration of Enterprise Architecture. Standardisation simplifies operations, reduces costs and increases efficiency. It allows measurement, comparison and improvement, and it accelerates innovation. According to Professor Robertson strategic alignment and innovation are making things worse. Strategic statements are either general promises (“build a leadership position”) or short-term operational directives (“enter Chinese market”). They provide little information on long-term direction of the company. IT focuses on short-term projects with little thought to long-term needs. The resulting architecture makes the company less flexible in the future. Innovation ‘bombs’ with short-term urgent deadlines violated the integrity of the architecture. The result is a reduction of Enterprise Architecture to silos and spaghetti. David stressed the importance of the company Operating Models. The operating model identifies the core activities in a company. What activities need to perform repeatedly, flawlessly and efficiently? What activities
14
Special feature
were performed yesterday, and will be performed today and tomorrow? How standardised and integrated do they need to be? An operating model should focus on the ‘sacred transactions’ of the company and should provide a stable view of the company. When addressing the issue related to the implementation costs of an adequate Enterprise Architecture, Professor Robertson indicated that if you have good engagement, most architecture efforts get funded through the projects. The projects need to do the work anyway, so all you’re doing is asking them to do the work in an architecturally sound way. The cost of doing something right is usually no greater, and often leads to overall savings for the project. Enterprise Architecture is the organising logic for the core of the company in terms of Business processes and IT systems. When architecture is hindering the execution of Enterprise strategy and current IT alignment and innovation practices are making the architecture worse, defining the operating model is the necessary first step in creating the right architecture for the business. To be successful, one must change his approach to architecture transformation: change project goals, prioritisation, process, roles, and management. Working together allows transforming the architecture at no additional cost. Impact on Bottom Line David Tetlock, Vice President Corporate Technology & Chief Architect at Power Financial in Canada, provided a perspective on how Enterprise Architecture (EA) is evolving in response to business drivers. It adds value to ensure people, information, applications and infrastructure contribute to both the IS and overall Business strategy. He illustrated a full implementation of
Enterprise Architecture in his organisation where they reduced the cost of ownership of applications and freed up resources for delivering new business capabilities. That was achieved through removing unnecessary redundancy and complexity in the IT environment. IT landscapes are currently typified by a collection of integrated applications. It’s assumed that the achievement of an environment with characteristics resembling a single system would be much more agile and have a lower total cost of ownership versus its business capability ratio.
PICTURE
David Tetlock, Vice President Corporate Technology & Chief Architect at Power Financial in Canada, indicated that new Enterprise Architecture helps organisations to resolve current questions.
David indicated that new Enterprise Architecture helps organisations to resolve current questions. It addresses maintenance cost and predictability challenges by reducing the cost of ownership of applications and by freeing up resources for delivering new business capabilities. It resolves issues that result from lack of a shared vision and/ or business support by determining an appropriate target IT architecture for a given Line of Business (LOB) that is signed off and firmly supported by senior business executives. Information Revisited For Jan Dobbenie, CIO at Nuon Belgium, organisations today face a global revolution in govern- >
15
Special feature
warehouse, both providing a single version of truth for the complete organisation.
PICTURE
Jan Dobbenie, CIO at Nuon Belgium, a company faced with the challenge of evolving from a start-up company to a mature organisation. This implies dramatically reducing the number of change requests and banning ‘ad hoc’ development.
> ance that directly affects their information man-
agement practices. Access to reliable information has become an indispensable component of conducting business. In a growing number of organisations, information is the business. IT within Nuon Belgium is based on the principles of cost reduction and of business value creation. No fundamental change in the CRM/ERP environment is planned for the next 2-3 years: no replacement projects and no large interventions in Siebel or SAP. Investments in the Nuon IT landscape will be based on supporting and enabling business projects and on immediate business benefits, where €1 spent should bring a return of at least €1 benefit. The I² program, launched mid 2008, will provide Nuon with a cohesive Service Oriented Architecture (SOA) that will be implemented and adopted on a project-by-project basis (so no big bang!). The program is based on the cornerstones Integration & Information. An Enterprise Service Bus provides integration by replacing point-to-point interfaces with real time interfacing. A Business Rules engine will govern all the orchestration and workflow. At the same time Nuon invests in a new enterprise data model and a new clean data
16
The I² program is sponsored by the CEO and the complete management team. The big challenge is to change Nuon’s culture: from a start-up company to a mature organisation. This implies dramatically reducing the number of change requests and banning ‘ad hoc’ development. Key in the overall governance is the role and place of the PMO, now reporting directly to the CEO and no longer to the CIO. This ensures a project agenda with fewer projects, more focus and a strategic top-down approach. The governance in IT is driven by the fact that all IT technical decisions need to be validated by the IT architect, which excludes more silo development. All IT people work according to architectural guidelines with approved exceptions where needed for business priorities.
Author Georges Ataya is Vice President IT Governance Institute and professor at Solvay Business School in charge of Information Technology Management. He is also Managing Partner of ICT Control NV-SA, a Brussels based consulting firm.
FEBRUARY 24−26, CANNES
Don’t miss the second VMworld Europe—where thousands of your peers, technology providers and industry experts from around the world will gather in Cannes, France to experience the latest and greatest in virtualization technology and business solutions.
REGISTER TODAY www.vmworld.com/europe
Column
Reflect on your sourcing policy
Traditional procurement? The cornerstone of the economic value (the stock price) of IT suppliers is growth. The market cap of the major vendors is driven by their ability to conclude new contracts. That’s why they compete fiercely for our business. Growth is everything to them.
T
he economic value of their customers is very often driven by becoming more efficient and more profitable. This generally means lower indirect costs expressed as a percentage of turnover. In other words we, the IT managers, need to support more volume with less money.
PICTURE
Jan Muchez, CIO at KPN: “The concept of a true (strategic) partnership between an IT supplier and an individual customer is the most overrated concept in our industry.”
18
Against this background, the concept of a true (strategic) partnership between an IT supplier and an individual customer is the most overrated concept in our industry. Over the long run we can never be aligned with our suppliers. Our and their interests are fundamentally contradictory. There is an easy way to test the true intentions of your supplier. Next time he uses the word partnership you propose to pay him with shares of your company. See what happens.
This non-alignment observation has a number of practical consequences for our sourcing policy. The only way we can be aligned with a supplier over the medium term is to let him increase his footprint or ‘share of wallet’ at the expense of other suppliers. If we spend 100 euros between A and B in year 1 and we spend 80 with A and 0 with B in year 2 then we are aligned. A grows and we spend less, which means alignment. And there is no need to be aligned with B. Commitment This analysis is the basis of our sourcing policy at KPN in The Netherlands. We start with defining a number of distinct areas within the application landscape (ERP, CRM, Business Intelligence etc.) and then we select a software supplier and often a system integrator for all new investments in each of these areas. Some of them get 2 or more areas and overall there is a handful of software suppliers and system integrators, each in their own area. We do the same for hardware and systems software. This means that we do have a single vendor policy in each of these areas, but we have multiple vendors over all the areas combined. We then enter into long-term framework agreements (3-5 years) with these suppliers and we then give the system integrators 3-6 month assignments under the framework agreement and we never purchase software licences before the project completes. We basically promise them that the area is theirs, undisputed. The only reason to change suppliers in a given area is non-
Column
performance. In such a case we threaten them to take away a piece of their area and give it to one of our other vendors. They in turn guarantee long-term predictable pricing. For software and hardware this is expressed as a discount from list price (nearly always unrelated to upfront volume commitments) and for system integrators this is expressed as future target rates (blended onshore and offshore rates ) that are decreasing over time (before inflation). We attach more importance to their commitment to our sourcing model (e.g. by agreeing to price predictability) than to obtaining the rock bottom unit prices. Especially with system integrators we try to give them gross margins of 20% and more depending on the risk they take and provided they deliver good performance. A system integrator who knows that good performance can yield approx. 10% of EBIT will pay attention to our account and provide us with best quality people. Benefits and challenges It results in a zero RFP sourcing policy. IT procurement is replaced by supplier relationship management. We basically save 6 months by cutting out the selection process for each and every initiative. Our people spend much less time talking to salespeople and they go to less user conferences. We have less architectural options to evaluate and the users have less influence on our supplier choices. We benefit from continuity. We never have a system integrator criticising and redoing what the previous one has realised. We also have very little interface problems within the areas. We do not have to work with penalties. In case of non-performance on one assignment we recover the deficit on the next assignment. Taken all of this into account we may not have the lowest unit price on each item or the lowest rate on any piece of work but we do have a very low total
cost. And we are aligned over the duration of the framework agreement. Cutting out procurement The challenges are mostly on the inside. In most of our companies we have this dominance of procurement people. You have to convince the executives in your company that after the initial selection you are basically cutting out the role of procurement. You also have to tell them that you want your suppliers to earn good money for good performance. You also have to explain to your IT people that it is not in their job description to continuously explore all options with all suppliers which means less invitations, conferences, lunches etc. You have to convince your suppliers that their sales practices (we can only give you a discount if you order at least X before the end of this quarter) are unacceptable and that they have to commit to long-term pricing that is not volume related. This typically exceeds the power of the local sales organisation and requires approvals from headquarters who will say that it is not acceptable for a million different reasons. The only way to get them to agree is to make your promise of undisputed territory credible. And once the suppliers are in place you have to manage them actively and quickly resolve borderline conflicts between the different areas. This works for us at KPN and I do not know whether it can work for you. But whatever you do, you should reflect on your sourcing policy. You should not automatically assume that a policy that favours traditional procurement, with continuous case by case selection and dual vendor policies, is always the best practice. And you should definitely not agree with the sales practices that have been there forever but are simply not acceptable.
19
Special feature
IT security
Responsibility moves to the outsourcer The fact that there is a separate IT security industry at all proves that there are failings within the IT industry as a whole, claims Bruce Schneier, BT’s Chief Security Technology Officer.
I
PICTURE
Bruce Schneier, Chief Security Technology Officer at BT: “The technology is far too complex. Anyone who doesn’t understand the technology is inclined to opt for the cheapest solution.”
20
“ t’s like buying a car with no brakes and then the manufacturer recommends you get the brakes from elsewhere. Or even better: the manufacturer promises that the brakes will be included in the next model.” Bruce Schneier doesn’t mind making the odd crack about the industry, even though he is one of the world’s leading security gurus. And since BT purchased his company, Counterpane, he has been BT’s Chief Security Technology Officer. Bruce Schneier spoke to Belgian CIOs at the annual BT CIO Lunch Forum. “Fortunately, the level of maturity in the IT industry is rising fast”, he says. “Once IT really becomes a commodity, companies will very much opt for outsourcing – just as they have for their electricity and water requirements. And when that happens, security will
come squarely under the responsibility of the outsourcer.” Schneier also refers to the move towards consolidation to back up his statement. “IBM has bought ISS and Counterpane is now part of BT. At the end of the day, security will be embedded in the various basic components of IT, as it should.” The psychology of IT security The fact that until now security has not been an intrinsic component of basic IT infrastructure has created many needless problems. “It all has to do with basic human nature”, says Bruce. “When there’s an opportunity for you to gain something, you want a guarantee. But if there’s a chance you’ll lose, you’re inclined to take the risk, hoping that nothing will happen.” It’s the sort of psychology that applies perfectly to IT security. “All too often companies think that if they invest in security, it’s money down the drain. So they keep their wallets in their pockets and assume that nothing will happen.” And when companies do spend money on security, Schneier says they are still buying the wrong products. “The technology is far too complex”, he says. “So the people who sell security products aren’t able to explain properly what they are for.” All of which means that bad products are shutting the good solutions out of the market. “Customers don’t fully understand what is going on, so they often go for the cheaper, inferior product.” But by the time IT has evolved into a real commodity, CIOs will no longer be taking decisions about purchasing security products. That’s a task that will fall on the shoulders of the outsourcer.
OB37854
NewIT NewIT: ICT-innovatie op Kanaal Z NewIT brengt innoverende ICT-toepassingen in beeld. In elke aflevering van dit nieuwe Kanaal Z-magazine presenteert Bruno De Keyser een concrete business case. Wat leveren ICT-investeringen op het terrein op? En hoe snel is alles in de praktijk terugverdiend? De eerste aflevering opent met de resultaten van een exclusieve enquĂŞte van Data News over ICT-innovatie. Daarnaast plant NewIT tot de verbeelding sprekende reportages over de digitalisering van het medisch archief van UZ Leuven. Daar worden momenteel kilometers papier gescand en op harde schijven opgeslagen. NewIT ging ook kijken hoe onze digitale identiteitskaart vervaardigd wordt en we vragen ons af hoe veilig dit identiteitsdocument is. Ook willen we alles weten over de vingerafdruktechnologie, toegepast bij pharmabedrijf Pfizer in Puurs. In plaats van het intoetsen van codes om je handtekening te plaatsen, volstaat het in dit pilootproject om je vingerafdruk te laten lezen. NewIT wil ICT-innovatie op een toegankelijke manier brengen met concrete inspirerende verhalen.
NewIT, vanaf 20 oktober vijf weken lang op Kanaal Z (op maandag en in de weekendlus). In samenwerking met:
Column
The flexibility of IT
I
n recent years, with the emergence of the Internet and other new technologies, both the product and the business model put forward by the media industry have come under heavy pressure. We are seeing two developments come out of all of this. On the one hand, the media have been extremely willing to embrace these new technologies – just consider the many successful newspaper websites that are now up and running, as well as the experiments with paperless publications based on E-ink technology and the many new mobile offerings. Yet on the other hand, great attempts are being made to safeguard the market share held by the traditional media. Product revamps, process optimisation and reusing content are just some of the examples that come to mind. This is creating enormous pressure in the IT department. Any change to the process or product has an impact on the supporting computer systems. In addition, things change incredibly quickly in the megacompetitive media industry. An additional challenge in all this is the robustness and availability required of the computer infrastructure. IT is expected to come up with new developments and systems at a hellish pace, while at the same time guaranteeing the stability and operating security of these systems 24/7. With this in mind, we have standardised to a great extent, technologically speaking – three hardware vendors and 3 development environments – and we intend to stick to that format. Using virtualisation and clustering technology provides us with the base for scalability and the availability of the infrastructure. And to optimise the development process, a great deal of attention is devoted to code reusability and an SOA has been set up. From an IT point of view, we have done as much consultation as possible with end-users – both formally in steering groups, management committees and project groups, as well as informally. The IT department has built up an in-depth knowledge of the business processes involved and so is very well placed to gear the IT systems to fit in with those processes. Short decision-making cycles mean that the IT department has to be set up in a highly flexible way and needs to think along with the business. This means that the full IT staff has to be closely involved in what the business is doing, as well as be very amenable to adjustment. These are two criteria that weigh heavily during selection procedures. LUC VERBIST
Director ICT Press Group Luc Verbist passes the baton to Koen Vermeulen, IT Director Telindus, Billing & Wholesale Belgacom Group. He will give his personal views on how to deal with innovation while managing the risks associated with it.
22
Let’s take IT to a higher level
XPLORE n.v., is Belgium's Leading Java Professional Services company. Since 1997, we are focusing on the development and implementation of advanced distributed IT systems. Xplore’s professional services team, offers you a high level of experience and knowledge to turn - together with you - your IT challenges into a success. Xplore provides : > Business Consulting & Business Process Engineering Services > Project Development Services: Agile, Scrum, RUP > Application Architecture & Quality Assurance Services > Application Development Services based upon Java JEE more information at www.xplore.be or call 02 702 60 90
STOP TALKING TUBSU EPJOH
/ QSP WPLF
.w/ UP TUJS PS TUJNVMBUF UP BDUJPO< UP GSFF DPMMFBHVFT GSPN UIF TUBUVT RVP/
Now more than ever, CIOs are driving change Ð change that encompasses innovation, global integration, evolving business models and corporate social responsibility. CEOs are turning to them to be the catalyst for safe and smooth change management. Uif 3119 Hmpcbm DFP tuvez; Jnqmjdbujpot gps uif DJP draws on five key insights from 1,130 thought leaders* about new ways to bring business and IT together. Insights that let you put opportunities into action. EPXOMPBE UIF XIJUFQBQFS BU JCN/DPN0EPJOH0DJP2
* Thought leaders include CEOs, general managers, and senior public sector and business leaders worldwide. IBM, the IBM logo, ibm.com, and STOP TALKING START DOING are registered trademarks or trademarks of International Business Machines Corporation in the United States and/or other countries. Other company, product and service names may be trademarks or service marks of others. © IBM Corporation 2008. All rights reserved.