New IT management reform from the White House.
Very exciting development.
The plan is published at this link.
Showing posts with label Project Management. Show all posts
Showing posts with label Project Management. Show all posts
December 10, 2010
September 12, 2010
Earned Value Management - Made Easy
Some exceptional Earned Value Management (EVM) instructional videos. These are great whether you are studying for your Project Management Professional (PMP) exam or wanting to apply EVM to your projects at work:
- Part I: Basic Concepts
- Part II: Calculating Variances and Indexes
- Part III: Forecasting Completion
June 25, 2010
TEAM: Together Everyone Achieves More
People are selfish; they think in terms of win-lose, not win-win. The cost of this kind of thinking is increasingly unacceptable in a world where teamwork matters more than ever.
Today, the problems we face are sufficiently complex that it takes a great deal more collaboration than ever to yield results. For example, consider the recent oil spill in the Gulf, not to mention the ongoing crises of our time (deadly diseases, world hunger, sustainable energy, terrorism).
When we don’t work together, the results can be catastrophic. Look at the lead-up to 9-11, the poster child for what can happen if when we fail to connect the dots.
A relay race is a good metaphor for the consequences of poor teamwork. As Fast Company (“Blowing the Baton Pass,” July/August 2010) reports, in the 2008 Beijing Olympics, the USA’s Darvis Patton was on the third leg of the race, running neck and neck with a runner from Trinidad when he and his relay partner, Tyson Gay, blew it:
“Patton rounded the final turn, approaching…Gay, who was picking up speed to match Patton. Patton extended the baton, Gay reached back, and the baton hit his palm. Then, somehow it fell. The team was disqualified.”
Patton and Gay were each world-class runners on their own, but the lack of coordination between them resulted in crushing defeat.
In the business realm, we saw coordination breakdown happen to JetBlue in February 2007, when “snowstorms had paralyzed New York airports, and rather than cancel flights en masse, Jet Blue loaded up its planes…and some passengers were trapped for hours.”
Why do people in organizations bicker instead of team? According to FC, it’s because we “underestimate the amount of effort needed to coordinate.” I believe it’s really more than that – we don’t underestimate it, but rather we are too busy competing with each other (individually, as teams, as departments, etc.) to recognize the overarching importance of collaboration.
This is partly because we see don’t see others as helping us. Instead we (often erroneously) see them as potential threats to be weakened or eliminated. We have blinders on and these blinders are facilitated and encouraged by a reward system in our organizations that promotes individualism rather than teamwork. (In fact, all along the way, we are taught that we must compete for scarce resources – educational slots, marriage partners, jobs, promotions, bonuses and so on.)
So we think we are hiring the best and the brightest. Polished resume, substantial accomplishments, nice interview, solid references, etc. And of course, we all have the highest expectations for them. But then even the best employees are challenged by organizational cultures where functional silos, “turf wars”, and politicking prevail. Given all of the above, why are we surprised by their failure to collaborate?
Accordingly, in an IT context, project failure has unfortunately become the norm rather than an exception. We can have individuals putting out the best widgets, but if the widgets don’t neatly fit together, aren’t synchronized for delivery on schedule and within budget, don’t meet the intent of the overall customer requirements, and don’t integrate with the rest of the enterprise—then voilá, another failure!
So what do we need to become better at teamwork?
- Realize that to survive we need to rely on each other and work together rather than bickering and infighting amongst ourselves.
- Develop a strong, shared vision and a strategy/plan to achieve it—so that we all understand the goals and are marching toward it together.
- Institute a process to ensure that the contributions of each person are coordinated— the outputs need to fit together and the outcomes need to meet the overarching objectives.
- Reward true teamwork and disincentivize people who act selfishly, i.e. not in the interest of the team and not for the sake of mission.
Teamwork has become very cliché, and we all pay lip service to it in our performance appraisals. But if we don’t put aside our competitiveness and focus on the common good soon, then we will find ourselves sinking because we refused to swim as a team.
February 5, 2010
When Commitment is Just a Crowd-Pleaser
In the organization, you can’t really do anything without management commitment and a certain degree of consensus. In fact, management commitment is usually at the top of the list when it comes to a project’s critical success factors.
But when is commitment real and when is it just lip service?
Sometimes, when the boss tells you to do something, he means it and gives you the authority and resources to make it happen. Other times, “go do” is superficial and denotes more of a “this isn’t really important”, but we need to make a good show of it for political, compliance, or other reasons. In the latter case, there is usually no real authority implied or resources committed to getting the job done. But at least we gave it our best (not!).
As an employee, you have to be smart enough to know the difference in what you’re being asked to do (and not do), so you don’t end up stepping in the muck—trying to do something that no one really wants anyway or the opposite, not delivering on a project that others are depending on.
Knowing the difference between what’s real and what isn’t can mean the difference between a successful and rewarding career (i.e. “you get it”) or one that is disappointing and frustrating (because you’re sort of clueless).
It was interesting for me to read in the Wall Street Journal, 5 February 2010, about how looks can be deceiving when it comes to support for someone or some cause: apparently, in certain European countries, such as Ukraine, it is common place for rallies to be attended not by genuine supporters, but by people paid to show up. In other countries, you may not be paid to show up, but instead be punished for not doing so.
The Journal reports that “rent-a-crowd entrepreneurs find people fast to cheer or jeer for $4 an hour…[and] if you place an order for a rally, you can have it the next day.”
So what looks like thousands of people turning out to support someone or something is really just a sham. This is similar to leaders who turn out to support a program or project, but really they are just paying lip service with no intention of actually helping the project make an inch of progress. Their superficial support is paid for by goodwill generated by their apparent support or what one of my friends used to call by “brownie points” (for brown-nosing their boss or peers)—but of course, they aren’t really behind the initiative.
The article summarizes it this way: “For now, people see the same old politicians and hear the same old ideas. If someone fresh brings a new idea, people will come out and listen for free.”
Good leaders need to actually say what they mean and mean what they say, so employees are able to focus on the work that’s really important and get the results the organization needs. This contrasts with ineffectively telling employees to “go do”, but no one is standing with or behind them—not even for 4 dollars an hour.
Of course, leaders must get on board with the direction that the overall organization is going. That is just part of being a team player and accepting that first of all, we are not always right as individuals, and second of all that we live in an imperfect world where sometimes our choices are not ideal.
However, when employees are required to rally for causes they truly don’t believe in or leadership feels compelled to pay lip service to initiatives they will not ultimately fund or commit to, the result is a dysfunctional organization. The outward reality does not match the actual feelings or thoughts of its people. (Sort of like having a diversity initiative headed by all white males over the age of 50.)
Let us commit to a spirit of honesty in all our dealings. If a conflict needs to be addressed, let’s address it directly rather than avoiding or glossing over it. One very basic and simple step toward this end is to recognize and reward the people who are brave enough to say when the emperor has no clothes and who are able to provide alternatives that make sense.
And finally—when we do commit to something—let’s see it through.
January 10, 2010
Motivated by Progress
There are all sorts of theories about what motivates people. The two most popular are Maslow’s Hierarchy of Needs and Hertzberg’s Theory of Motivation.
Maslow (1954) believed that people fulfill needs from the lowest to the highest order in terms of physiological, safety, social, esteem, and self-actualization.
Herzberg (1959) understood that more specifically at work, there were five key motivators to job satisfaction: achievement, recognition, the work itself, responsibility, and advancement. Things like salary and working conditions were believed to not provide satisfaction, but could lead to job dissatisfaction.
An article in Harvard Business Review (January-February 2010) underscores Hertzberg’s belief that achievement is the greatest work satisfier of all, as the article states: “we now know what the top motivator of performance is…It’s progress.”
Bottom line is that most people generally want to work and be productive human beings: when we contribute positively to the world, we feel a purpose to life. Achievement and progress means that we somehow leave this world a little bit better than when we arrived, and the whole thing is not meaningless. The daily growing pains of life are not in vain—we are contributing to something greater—something that outlasts ourselves.
Recently, I read that only 45% of workers were satisfied with their jobs (based on finding from the Corporate Executive Board). Even in a horrible economy, people are not satisfied with a paycheck. They want to feel good about what they are doing and that they are doing something.
Something is getting in the way of people’s feeling of progress at work or their level of job satisfaction wouldn’t be the worst in decades.
The authors of the Harvard Business Review article state “the strongest advice we offer [to leaders] from this study…”scrupulously avoid impeding progress by changing goals autocratically, being indecisive or holding up resources.”
The point is that a leader is first and foremost an enabler for progress. If they are holding back their people, rather than helping them, we have dysfunctional leadership at its core.
So in simple terms—effective leaders must:
Progress and employee satisfaction will not be achieved with just one or two of the three: If the employees want to move forward on leadership vision, but they can’t get needed decisions to really execute, the vision is for all intensive purposes, dead on arrival. And even if employees have a vision and the needed decisions to operationalize it, but they can’t get the resources to really see it through, progress is slowed, stunted, or perhaps, not even possible at all.
Perhaps this is one reason for the high project failure rate in organizations that we’ve seen for years now resulting in cost overruns, missed project schedules, and requirements that go unmet.
Yes, workers will always seek job satisfaction, but its not just about more money, more benefits, more recognition, more advancement, like so many erroneously still believe. Rather, the Holy Grail to worker satisfaction is a leadership that knows how to let them really be productive.
January 1, 2010
The Forgotten 60%
IT Leaders are often worried (almost exclusively) about the technology—Is it reliable? Is it robust? Is secure? Is it state-of-the-art? Is it cost-effective? And more.
This is what typically keeps IT management up at night—a server outage, the network being down, an application not available, a project off track, or a security issue such as a virus or worm.
While much lip service has been paid to the statement that “people are our most important asset;” in reality, too little emphasis is generally placed here—i.e. people are not kept high on the IT leadership agenda (for long, if at all), technology is.
Hence, we have seen the negative effects of outsourcing, layoffs, cut training budgets, pay and incentive stagnation, and other morale busting actions on our workforce, along with customers who have been disappointed by magnificent IT project failure rates—with projects over cost, behind schedule, and not meeting customer spec.
Our people—employees and customers—are not being properly cared for and the result is IT projects failure all around us (the stats speak for themselves!).
In essence, we have lost the connection between the technology outcomes we desire and the people who make it happen. Because what drives successful technology solutions are people—knowledgeable, skilled, well trained, and passionate people—working collaboratively together on behalf the mission of the organization.
A book review in ComputerWorld (21 December 2009) on World Class IT by Peter A. High identifies the 5 elements of IT leadership, as follows:
1. Recruit, train, and retain world-class IT people.
2. Build and maintain a robust IT infrastructure.
3. Mange projects and portfolios effectively.
4. Ensure partnerships within the IT department and with the business.
5. Develop a collaborative relationship with external partners.
Interestingly enough, while IT leaders generally are focused on the technology, information technology is not #1 of the 5 elements of IT leadership, but rather employees are—they are identified at the top of the list—and the author states that CIO's should tackle these issues in the order presented.
Further, of the 5 key IT leadership elements, fully 3—or 60% are all about people and relationships, not technology. #1 are employees, #4 is business-IT partnership (customers), and #5 is external collaboration or outreach.
So unfortunately for our organizations, people are the all too forgotten (or neglected) 60%.
I do want to note that I do not fully agree on the order presented by Mr. High; in particular I do not think the customer should be 4th on the list, but rather as the customer represents the mission and the requirements to carry it out, the customer should be unquestionably to me at the very top of the list of IT leadership focus—always. We are here to serve them, period.
Overall though, the key point is that IT leaders need to reorient themselves to people and not overemphasize the technology itself, because if they generally respect and take care of the people and the relationships, the technology will follow and be more successful then ever.
December 16, 2009
Project Failure, Why People Can’t Own Up
I saw this funny/sad Dilbert cartoon on project management by Scott Adams (BTW, he’s terrific!).
It goes like this:
Office colleague (water cooler talk): How’s your project coming along?
Dilbert: It’s a steaming pile of failure. It’s like fifteen drunken monkeys with a jigsaw puzzle.
New scene….
Boss: How’s your project coming along?
Dilbert: Fine.
END
This common work scenario is sort of like a game of truth or dare: you either have to tell the project truth or take the dare and do something embarrassing like proceed with the project that isn’t on track.
Teammates, colleagues, peers often talk frankly and honestly about the problems with their projects and often the talk may become sarcastic or even somewhat cynical, because they know that they can’t tell their bosses what is REALLY going on.
What a shame in terms of lost opportunities to communicate, solve problems, and drive project success for the organization.
People are afraid to be honest, direct, tell the truth, and work together with their management on constructive solutions.
Instead, people simply say everything is fine, period.
Sort of like when your boss asks politely at work how are you doing? And rather than say, well I woke up late, missed my train, spilled coffee on my tie, and am having trouble meeting my deadlines this week, the person almost always replies, reflexively, “I’m fine” and “How are you?”
Another manifestation of the it’s fine syndrome is with executive dashboards or project scorecard reviews where virtually all the metrics show up as “green”, even when you know they are not—does yellow or red sound too scary to have to put on paper/screen and explain to the boss.
We are conditioned NOT to talk casually or to report to our superiors about issues, problems, or anything that can be perceived as negative, least they be labeled as trouble-makers or “the problem,” rather than the solution. Ultimately, employees don’t want to be blamed for the failures, so they would rather hide the truth then own up to the project issues, and work constructively with their management on solutions or course correction—before it’s too late.
Now isn’t that a novel idea? Management and staff working together, actually identifying the issues—proactively and in forthright manner—and working together to resolve them, rather than sitting across the table, sugar-coating or pointing the accusatory finger.
People have to take responsibility and own up when there is a problem and be willing to talk about them with their management, and management needs to encourage frankness, a “no surprises” culture, and a team-collaborative environment to solving problems rather than instilling fear in their employees or implicitly or explicitly communicating that they only want to hear “good news.”
Good news is not good news when it’s fabricated, a distortion, or a complete sham.
A culture of teamwork, collaboration, honesty, and integrity is the underpinning of project success. If everything in the project “is fine”, it’s probably not.
November 22, 2009
Personal Technology Trumps Work IT
The pendulum has definitely swung—our personal and home technology is now often better than what we are using in the office.
It wasn’t always that way. Early on, technology was mysterious to those not professionally engaged as system engineers or IT professionals. Technology was expensive and made sense for business purposes, but not for home use. IT was a professional enabler to get the job done, but consumer applications were scarce and not intuitive for anything but the office.
The world has turned upside down. Now as consumers, we are using the latest and greatest computers, smart phones, gaming devices, and software applications, including everything social media and e-Commerce, while in the office, we are running old operating systems, have nerdy phones, locked down computers, applications that aren’t web-enabled, and social media that is often blocked.
The Wall Street Journal (16 November 2009) summed up the situation this way:
“At the office, you’ve got a sluggish computer running aging software, and the email system routinely badgers you to delete message after you blow through the storage limits set by your IT department. Searching your company’s internal website feels like being transported back to the pre-Google era of irrelevant results…This is the double life many people lead: yesterday’s technology for work, today’s technology for everything else…The past decade has brought awesome innovations to the marketplace--Internet search, the iPhone, Twitter, and so on, but consumers, not companies, embrace them first and with the most gusto.”
What gives and why are we somehow loosing our technical edge in the workplace?
Rapid Pace of Change—We have been on technological tear for the last 20 years now; virtually nothing is the same—from the Internet to cloud computing, from cell phones and pagers to smart phones and iPhones, from email to social media, and so much more. From a consumer perspective, we are enamored with the latest gadgets and capabilities to make our life easier and more enjoyable though technology. But at work, executives are tiring from the pace of technological change and the large IT budgets that are needed to keep up with the Jones. This is especially the case, as financial markets have seized in the last few years, credit has tightened, revenue and profitability has been under extreme pressure, and many companies have laid off employees and others have even gone kaput.
Magnificent Technology Failures—Along with the rapid pace of change, has come huge IT project failure rates. The Standish group reported this year that 82% of IT projects are failing or seriously challenged. Why in the world would corporate executives want to invest more money, when their past and present IT investments have been flushed down the toilet? Executives have lost faith in IT’s ability to upgrade their legacy systems and fulfill the promises behind the slew of IT investments already made. Related to this is the question of true cost-benefit and total cost of ownership of all the new technologies and their associated investments—if we haven’t been able to achieve or show the return on investment on all the prior investments, why should we continue investing and investing? Is the payoff really there? Perhaps, we are better off putting the dollars into meeting core mission requirements and not overhead, like IT?
Security Risks Abound—With all the technology has come a whole new organizational risk set in terms of IT security. Organizations are hostage to cyber criminals, terrorists, and hostile nation states who can with a few keyboard strokes or mouse clicks disable the company transaction capability, wipe out its memory, steal its information, or otherwise neutralize it from functioning. And the more technology we add, the more the risk level seems to increase. For example, the thinking goes that we were safer when we ran everything in a locked down, tightly controlled, mainframe environment. The more we push the envelope on this and have moved to client server, the web, and now to even more transparency, information sharing, and collaboration—through social media, cloud computing, and World 2.0—the thinking is that we are potentially more open to local and global threats than ever before. Further, with the nation under virtually constant cyberattack and our capabilities to slow or stop these attacks seemingly not existent at this time, executives are reluctant to open up the technology vulnerability spigot any further.
While there are many other reasons slowing or impeding our technology adoption at work, we cannot stop our march of IT advancement and progress.
We are in a global competitive marketplace and the world waits for no one. The problems resulting from the speed and cost of change, the high IT project failure-rate, and the cybersecurity danger/challenges cannot be allowed to inhibit us from progress. We must address these issues head on: We have got to achieve efficiencies from technological advancement and plow the cost-savings into next generation technologies. We have got to drastically improve our IT project success rate though mature implementations of enterprise architecture, IT governance, project management, customer relationship management, and performance measurement (Reference: The CIO Support Services Framework). And we must invest heavily in IT security—with money, people, policy, training, new technology safeguards, and more.
Innovation, technological prowess, and information superiority is what gives us our edge—it is tip of our spear. So yes, we must carefully plan/architect, wisely invest, execute well, and secure our IT. But no, we cannot dismiss the evolving technologies outright nor jump in without proper controls. We must move rationally, but determined into the future.
September 18, 2009
August 7, 2009
How to Strengthen the Office of the CIO - Part II
Punlished at Government Technology
[Editor's Note: This article is the second in a series that explores the CIO Support Services Framework in government.]
In Part 1 of The CIO Support Services Framework, I presented the six major components needed to support the public CIO in managing IT strategically and proactively. In this article, I will explain what IT best practices framework inform these six components and propose a structure for implementing it.
The six CIO Support Services Framework (CSSF) functions are distinct areas that require subject-matter expertise and need to be managed based on the various IT best practice frameworks. While I am not endorsing any particular best practice government or industry framework, below is a sampling according to CSSF functional area:
Enterprise Architecture (EA) -- Federal Enterprise Architecture (FEA), Department of Defense Architecture Framework (DoDAF), and The Open Group Architecture Framework (TOGAF).
Capital Planning and Investment Control (CPIC) -- Office of Management and Budget (OMB) Circular A-130--"Management of Federal Information Resources" and the Control Objectives for Information and related Technologies (COBIT) by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).
Project Management Office (PMO) -- the Project Management Book of Knowledge (PMBOK) by the Project Management Institute is the de facto standard project management best practices from initiation through project closeout.
Customer Relationship Management (CRM) -- the IT Infrastructure Library (ITIL) by the United Kingdom's Office of Government Commerce (OGC) and International Standards Organization (ISO) 20000--"IT Service Management." While both are very much operational frameworks, they can also be used to guide service and support at a strategic level in the OCIO.
IT Security (ITS) -- the Federal Information Security Management Act (FISMA), various Federal Information Processing Standards (FIPS) from the National Institute of Science and Technology (NIST), and International Organization for Standardization ISO/IEC 17799 -- Information Technology Code of Practice for Information Security Management.
Business Performance Measurement (BPM) -- the Balanced Scorecard (BSC) by Kaplan and Norton from Harvard Business School -- examines financial, customer, internal business process, and learning and growth measures for the organization.
Although each of the six main functional areas and their supporting best practice frameworks are unique, they can and will overlap, and it is imperative that the OCIO develop a simple and streamlined process for managing these, so that IT and business personnel are not confused or burdened by redundant or circuitous IT processes that hinder, rather than spur innovation and agility. For example, while EA planning guides CPIC IT investment decisions, those decisions inform the next round of EA planning -- it is inherently cyclical. Nevertheless, we must ensure that the overall process flow between all six areas is as clear and simple as possible.
I like to use the example of a Monopoly game board as an analogy for how IT processes should ideally progress from "Go" all the way through -- logically, and more or less sequentially -- without project mishap, ending up on the OMB Watch List for risky IT projects, the equivalent of landing in Monopoly "jail."
The CSSF provides the functional resources to fully support the OCIO and provide the capability to move from simply fighting day-to-day operational problems to strategically managing IT service provision, improving performance and increasing program and project success, through:
Planning (EA)
Investing (CPIC)
Executing (PMO)
Servicing (CRM)
Securing (ITS)
Measuring (BPM)
Each of these OCIO component functions is helpful in managing IT by providing the CIO the capability to better plan, invest, execute, service, secure and measure -- but these are not stand-alone functions -- they are all necessary and complementary.
An organization can have the best EA plan, but without the structured investment processes of CPIC, the plan will not drive, guide, influence and shape IT investment decision-making. In fact, I would propose that CPIC is an enforcement mechanism for carrying out the EA plan.
Similarly the organization can have a wonderful CPIC process for making IT investment decisions, but without a PMO to develop and enforce sound PM policies and practices, IT projects will continue to fail miserably. With an effective PMO, we will have more successful project execution, but without CRM to manage customer requirements and service and support issues, we run a very high risk of rolling out IT capabilities that the customer neither wants nor is happy with. Further, CRM will increase customer satisfaction, but without ITS, CIOs will not ensure the security of the information and systems that the users are depending on.
Finally, with ITS, CIOs will provide users for information security, but without BPM, will miss the opportunity to perform structured performance measurement and management, so that the CIO has visibility to how IT is performing in all areas and on an ongoing basis and can take timely corrective action as needed.
The result is that the CIO is better supported, without being overwhelmed, and the CTO has a clear mandate for strategically implementing the CIO's vision for the organization.
Of course, one of the biggest challenges to implementing the CSSF is finding and allocating the needed funding to support these OCIO functions. IT operations tend to be underfunded already and stuck in the perpetual firefighting mode. Executives often fearf siphoning the needed money or people away from the short-term firefight to work on long-term strategy and implementation. This is a serious mistake!
Firefighting is a losing battle if you attack only the symptoms, but never address the cause or core strategic issues. Moreover, in the fast-paced technology environment of the 21st century, no IT leader can afford to be looking backward -- managing legacy systems that do not leverage modern technologies, techniques and methodologies for information sharing, collaboration and business intelligence.
If you are spending close to 100 percent on IT operations today, is it really unreasonable to allocate 3 to 5 percent of this to strategy, planning and control? Of course, this needs to adjust when IT budgets get extremely large or small and as the complexity of the organization shifts.
As the prior chief enterprise architect of the U.S. Coast Guard and of the United States Secret Service, I have always been a deep proponent of EA and CPIC to drive better IT investment decision-making. However, now as the chief technology officer (CTO) of the Bureau of Alcohol, Tobacco, Firearms and Explosives, I more fully understand how the CSSF functions and interplay are needed for the CIO to perform effectively.
Clearly EA and CPIC are not enough to adequately support the CIO's needs, and thus, they need to be extended with PMO, CRM, ITS and BPM. Moreover, these areas function best that function together for the reasons I mentioned prior -- it's a clear domino effect, where astute planning, sound governance, skilled project management practices, competent customer service, solid IT security and meaningful performance measurement are all necessary for the CIO to manage IT more strategically and effectively.??This is why I firmly believe that the CIO Support Services Framework is how we are going to have to manage IT to achieve genuine success for the CIO in the 21st century and beyond.
_______________________________________
Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.
August 6, 2009
How to Strengthen the Office of the CIO - Part I
Published at Government Technology
[Note: This is a two-part article on strengthening the office of the CIO to improve IT operations. Part 1 examines the six components of a CIO Support Services Framework. Part 2 will explore best practices and implementation.]
Information technology is plagued with what federal CIO Vivek Kundra recently called "magnificent failures." A recent research survey by theStandish Group identified that more than 80 percent of IT projects were either failing or significantly at risk. Another article described the CIO's role as a nearly impossible job, trying to manage day-to-day firefighting with limited to no ability to get control and manage strategically.
We are investing massive sums of money, time and effort, only to disappoint customers, miss the mark on requirements and fail to deliver on time, within budget and to specifications.
The CIO Support Services Framework (CSSF) is an approach for changing the dynamic of failed IT projects and putting the CIO and other IT leadership back in the driver's seat, by ensuring that the structural components for success are identified, elevated and resourced appropriately.
The focus of this article is to identify, describe and link the core elements that make up and support an Office of the CIO for the purpose of demonstrating how that will lead to improved IT operations. When the CIO is properly supported, program and project management can be executed with strategic intent and alignment.
It is not my aim to discuss the pros and cons of the many solid approaches to IT project and program management today, such as the Federal Enterprise Architecture (FEA), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), Project Management Body of Knowledge (PMBOK), Federal Information Processing Standards (FIPS) and International Organization for Standardization (ISO) 20000. I will say that while each is comprehensive in its own right, they are skewed by a particular emphasis on a particular function. For instance, FEA looks at architecture planning, ITIL on service support and delivery, PMBOK on project management and so on. What the CIO needs for ultimate success is a way to incorporate elements of all of these perspectives into a bigger picture.
So what is the CSSF? It is an IT framework aimed at standing up and strengthening an office of the CIO so that it can lead strategically and drive improved IT operations. The idea is that just as business drives (or ought to drive) technology within the greater organization, so too within the function of IT, the CIO and his or her strategy must drive technology operations rather than just fighting fires.
In the typical IT organization, CIOs are expected to be both strategist and problem-solver, with little supporting strategic infrastructure to guide, influence, shape and drive their key decisions about IT operations. All too often, problems crop up and even the most skilled and well intentioned CIOs are left to make decisions based on gut, intuition, politics and subjective management whim.
Even if the CIO has an IT governance board to shoulder some of this responsibility, together they are still like blind people grasping in the dark for answers. This framework corrects the structural defects in today's IT organization that cause this situation to occur.
The CSSF has six major components:
1. Enterprise Architecture (EA) -- for strategic, tactical, and operational planning in the organization. EA includes all perspectives of the organization's architecture including: performance, business, information (data and geospatial), services or systems), technology, security, and human capital (this last one is currently missing from the Federal Enterprise Architecture).
In EA planning, we develop the current architecture--where we are today in terms of business and technology resources, the target--where we want to be in the future through business process improvement and technology enablement, and the transition plan--how do we get from where we are today to where we want to be in the future.
More mature EA's provide business, data, and systems models, and identify gaps, redundancies, inefficiencies, and opportunities in the business and IT and recommend business process improvement, reengineering, and new technologies to improve organizational performance.
2. Capital Planning and Investment Control (CPIC) or IT governance -- manages the IT investment decision processes of selecting, controlling, and evaluating new or major changes to the IT portfolio ( i.e. to put those plans to work and make them pay-off). CPIC can ensure that IT investments maximize return on investment, minimize or mitigate risk and provide for strategic alignment to the business.
CPIC also helps make IT investments technically compliant by ensuring that desirable IT behaviors are followed, such as information sharing and quality, interoperability, component reuse, standardization, simplification, cost-efficiency, and of course security.
3. Project Management Office (PMO) -- oversees the effective execution on the IT projects. These projects derive from the EA technical roadmap and transition strategy and from IT investment decisions coming out of the governance board(s) in CPIC. Project management is how we manage all facets of a project to include scope, schedule, cost, quality, project resources, integration, communications, and more, from the initiation of a project through its closeout. Project managers typically develop the work breakdown structures, project schedules, and monitor and manage progress to these.
4. Customer Relationship Management (CRM) or IT service management -- for managing service and support to our customer with "one call does it all". As opposed to customer management within IT operations which is focused on helpdesk, availability, break-fix, and support issues, CRM in support of the CIO is focused on serving as IT liaisons to the business responsible for overall customer satisfaction, generating and managing customer requirements, supporting business case development, and handling internal business complaints, issues, and coordinating problem resolution with IT operations.
5. IT Security (ITS) -- how we conduct IT security policy and planning. This function encompasses how we plan, assess, and enforce IT security, and not the actual implementation of IT Security, which is an operational IT function. This functional area includes preparing certifications and accreditations, risk assessments, security plans, vulnerability testing, security awareness training, and security policies. IT security ensures the confidentiality, availability, integrity, and privacy of the organizations information.
6. Business Performance Management (BPM) -- how we measure and drive performance, so we know whether we are hitting the EA target or not. BPM involves identifying performance measures, capturing, analyzing and reporting on metrics, and providing the CIO with IT executive dashboard views to inform which programs and projects that are on track, challenged and in jeopardy of failure.
Typically BPM provides for a drill-down capability, so high-level "red-yellow-green" program/project indicators and milestones can be decomposed into lower levels of detail for trends, analysis and making course corrections. BPM should provide a feedback mechanism for how the IT function is performing and drive continuous process and performance improvement in the CIO organization.
Together these six areas make up a holistic and synergistic set of support functions constitute a fully capable Office of the Chief Information Officer (OCIO) in the center.
In creating a strong OCIO, the CIO Support Services Framework wisely separates the policy, planning and oversight functions from the IT operations. This is beneficial in two main ways: First, this enables the CIO to strategically and proactively direct IT operations, rather than being in perpetual firefighting and reactive mode. Second, the separation of duties -- strategy from operations -- creates a healthier organizational dynamic and interplay in IT, where the fox is not left guarding the chicken coop.
Part 2 of this article will explore IT best practice frameworks and implementation of the CIO Support Services Framework.
_____________________________________
Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.
July 4, 2009
CIO Support Services Framework
The CIO Support Service Framework (CSSF) has 5 major components:
So that we move the mindset of the CIO from fighting day to day operational problems to instead strategically managing IT service provision through:
- Enterprise Architecture--for strategic, tactical, and operational planning
- Capital Planning & Investment Control (or IT governance)--for managing the IT investment decision process (i.e. "putting those plans to work")
- Project Management (or a project management office)--to effectively execute on the programs and projects in the transition strategy
- Customer Relationship Management (or IT service management)--for managing service and support to our customer (i.e. with a single--belly button; one call does it all)
- Business Performance Management--how we measure & drive performance (like with an IT executive dashboard--so we know whether we are hitting the target or not!)
So that we move the mindset of the CIO from fighting day to day operational problems to instead strategically managing IT service provision through:
- Planning
- Investing
- Executing
- Servicing
- Measuring
March 7, 2009
6 CIO Tools for Managing IT Risk
“The consequences of not managing risk have hit Americans square in the jaw.”-- Government Executive magazine, March 2009
Too often CIOs see themselves very literally as managing IT. What they need to do is manage risk along with all of the other key leadership issues such as innovation, information-sharing, collaboration, and so on.
Context
The IT environment today is part of a larger social, political, and economic context that is more fraught with risk than ever. The mortgage meltdown, the financial crisis, job losses, volatility in commodity prices (e.g. oil), and so much more—it seems like it will never end. I would add that recently we had birds collide with an airline in NY, satellites that collided in space, and submarines that collided from France and the U.K. Oh, let’s not forget Russia’s invasion of Georgia and the terrorist attacks in India in November that killed at least 173 and wounded 308 and the Asian Tsunami in 2004 that killed over 225,000 people from 11 countries.
This is scary beyond belief!
Is G-d punishing us, teaching us, ignoring us?
Expectations
Whatever is going on, people are crying out for help--they are praying, and they are also turning to their government for “recovery” (as in the Recovery Act), “bailout” (as in taxpayer bailout), “relief” (as in the Troubled Asset Relief Program). The CIO is operating in an environment in which risk management is increasingly something that the average citizen expects from their leaders (and IT is not immune):
--“Citizens are increasingly calling on government to prevent bad things from happening and to ride in to help when they do.” (Donald Kettl).
--“American want life to be less risky…[and so] without realizing it, federal officials are risk managers at their core.”
--“The public, not only demands that the government manage the consequences of risk, but that it deals with problems before they turn into catastrophes. Merely reacting to risk is eroding the people’s trust in government.”
Challenges
While risk management is clearly a critical need, it is also more difficult than ever, for the following reasons:
--Pace and impact—“the problem now is the rapid pace of the challenges—that whatever it is that happens punishes and punishes instantly.”
--Scope—“’we obviously don’t want to get to a state where the government is running everything.’ But with no clear definition of the limit, the number of public risks the government should manage appears endless.”
In my opinion, cost is a huge factor as well. Just the financial crisis so far has cost us trillions of dollars and added to our debt probably for generations to come, and at a time when we are already on the brink with unfunded social security and Medicare liabilities for the baby boomers that are quickly nearing retirement and is feared will overwhelm the system. How much more financial burden can the system take before there are dire consequences?
Framework
There are no easy answers to these trying times or to how we manage the incredible risk that we seem to face virtually every day. However, there are three common approaches to risk management set forth by Moss:
--Reduce it (or eliminate it, if possible)
--Spread it
--Shift it
We often reduce risk, by having a backup plan (such as in IT having backup and recovery), and we mitigate risk by spreading or shifting it (such as through insurance policies or government social programs, and so forth).
6 Tools for CIOs
These lessons in risk management are critical to professionals in information technology, a field that is always in rapid transition with changing products, skill sets, and practices and where the scope of IT impacts almost everything we do (from online finance, health IT, e-commerce, robotics, and more). And where the price of keeping up with Jones in technology is does not come cheap to any organization these days.
In IT, where more than half of projects are over budget or behind schedule and many end up cancelled all together, we need to manage project risk. Here is a suggested toolkit for CIOs to do so:
--First, we need an architecture plan to ensure that we are aligning to business requirements and complying with technical requirements. This helps reduce the risk that we are doing IT the “wrong” way.
--Second we need to have sound IT governance to manage the selection of our investments, the control of cost, schedule, and performance, and the evaluation for lessons for the future. This helps reduce and spread the risk that we are doing the “wrong” IT investments.
--Third, we need solid project management to guide projects from initiation through close out in a defined, repeatable, and measureable way. This helps reduce the risk that we doing projects the “wrong” way.
--Fourth, we need robust IT security that protects our data from manipulation, interception, interjection, or other malice. This helps reduce and spread the risk of our IT working “wrong”.
--Fifth, we need adept customer relationship management so that we are fully engaged with our customers in building solutions that meet their needs and solves their business problems. This helps spread and shift the risk that we are managing our IT customers the “wrong” way.
--And sixth, and not least, we need to focus on our human capital to ensure they have the leadership, motivation, tools, and training to perform at their peak. This helps reduce and spread the risk of human error.
Together, these six CIO tools are the keys to the kingdom when it comes to managing IT risk and we can never take risk management for granted.
November 11, 2008
Improving Project Management and The Total CIO
IT projects are notorious for coming in late, over cost, and not meeting the customer’s needs.
CIO.com has an excellent article on ways to improve project management in an article entitled, “When Failure is Not an Option,” by Meredith Levinson (3 July 2008).
For organizations, good project management is a critical success factor!
“Project management is the number-one success factor for getting anything done in the organization. A firm’s ability to execute its strategy lies with its ability to manage projects,” according to Sam Lawler, the director of GlassHouse Technologies’ project management practice.
Yet, for years, organizations have faulted CIOs and IT departments with failed IT projects. As recently as 2004, a study by The Standish Group found that only 29% of IT projects “were completed on time, on budget, and with all features and functions originally specified.”
Project management methodologies work when business and IT work together as a team.
There are various methodologies being employed to try to improve project’s success, such as PMBOK and ITIL. However, IT projects’ success depends on IT and business people working together to achieve results; if this partnership and collaboration doesn’t happen, then no PM framework will bring us the project success we desire. Our organization’s business people are critical to ensuring project success—they develop the business case, identify requirements/functional specifications, realign and improve business processes, and test technical solutions to ensure they meet mission and business needs.
No longer is it about tossing the proverbial hot potato to IT and then pointing fingers and assigning blame when something doesn’t work right. Instead, the business and IT people are on the same team, sharing accountability, and working toward the success of the project and the enterprise.
Performance measurement is a must:
Improved project management needs to be accompanied by measurement of project success and reporting on these to executive management. We can’t manage what we don’t measure. And we need transparency to senior management to ensure that everyone—business and IT—have “skin in the game.”
July 20, 2008
A Net-centric Military and Enterprise Architecture
Information is central to the Department of Defense’s arsenal for fighting and defeating our enemies and the ability to share information across interoperable systems in the way ahead.
National Defense, March 2008 reports that while a net-centric military is our goal, the transformation is a work in progress.
Brig. Gen. David Warner, director of command and control at DISA stated: “in this war, information is truly our primary weapon. You can’t move, you can’t shoot, if you can’t communicate.”
Yet, “the Defense Department continues to acquire stovepiped systems…the requirements change, the system grows, and then there are cost overruns. One of the first items to cut from the budget is interoperability.”
Air Force Gen. Lance L. Smith says, “the dream of a truly net-centric U.S. military will not happen overnight. But progress could be achieved within the next five to 10 years, It will be a matter of waiting for the stovepiped legacy systems to come to the end of their lifespan. If the services get onboard and stop building non-interoperable technologies now, then the new generation of net-centric communications can take over and become the norm.”
This sounds to me like the problem isn’t limited to legacy systems, but that there are still cultural, project management, and change management issues that are obstacles to achieving the net-centric goal.
The challenges are even greater and more complex when it comes to sharing information with “federal civilian agencies and foreign allies…NATO, for example, has no mechanism to ensure its members are interoperable with each other.”
“Today the normal way to do business is to ‘exchange hostages’ which means sending personnel from one service, agency, or coalition partner to each other’s command centers so they can verbally relay information.” This typically takes the form of interagency operation command center, and is not very net-centric.
So we continue to have stovepipes for “communications or data sharing systems built by different agencies, armed services, or coalition partners that cannot link to each other…[yet] the U.S. military is trying to make itself more lethal, faster, and more survivable. [And] the key to doing that is the ability to share information.”
Net-centricity, interoperability, and information sharing are true cornerstones to what enterprise architecture is about, and it is where we as architects are needed to take center stage now and in the years ahead in the war on terrorism and the other challenges we will face.
July 18, 2008
To Be A CIO and Enterprise Architecture
Public CIO Magazine, June/July 2008, has some interesting articles on what it takes to be a next generation CIO (and many of these have to do with enterprise architecture).
Here are some tips (adapted from Public CIO):
- Develop your EA and IT Governance Capabilities—one of the first moves of Michael Locatis, the CIO of Colorado, was “hiring an enterprise architecture team leader and the development of new governance structures.” This is critical in effectively planning and change managing the consolidation of IT. In Colorado it means uniting “20 disparate IT departments into a single citywide Technology Services Division.”
- Be a strategist—Liza Massey, CEO of The CIO collaborative, a Las Vegas-based consultancy believes that a “CIO needs to make the leap from being a technologist to being a strategist [what EA planning is all about!]…’you have to be seen as a peer working for the good of the organization, not as the chief geek.’” She says, “if you know the version number of the operating system running on your mainframe, you’re probably not a CIO.”
- Understand that mission drives technology—Pat Schambach, retired CIO of the Secret Service, ATF, and the TSA said “it was his ability to understand his organization’s business imperatives that made him CIO material.” Pat states about the Service, “they wanted someone who knew the mission well and could bring technology to bear against that mission.” Again, this is good EA and IT governance in practice: where business drives technology and not doing technology for technology’s sake.
- Focus on business processes—Vivek Kundra, the CTO of Washington DC believes that “The key is to focus on the business process.” He stated, “My approach is to go after the core of the problem, to look at how the employees do their jobs and then look for how we can affect change.” Again, this is EA synthesizing business and technology to satisfy mission and end-user needs and requirements.
- “Behave like an enterprise”—Dave Wennergren, Deputy CIO for the Department of Defense and prior CIO of the Navy, said “we have to behave like an enterprise. We don’t need 50 smart card solutions or 50 collaboration tools.” He believes “the enterprise can be responsible for tools everyone uses, freeing up agency developers to work on tools specific to their needs.” In other words, we can leverage enterprise architecture and IT governance to develop enterprise solutions that are cost effective and efficient, but at the same time remain nimble in meeting niche or localized needs.
- Be able to translate business to technology and vice versa—Alan Shark, executive director for the Public Technology Institute said, “I’m seeing a big shift from issues that were purely technology to issues have much more to do with IT governance and leadership—being a translator between the technologists who work in the trenches and the politicians or the [higher-level] people who just want to hear the facts.” Again, EA plays a critical role here in synthesizing business and technology to enable better IT decision making for the mission/business.
- Leadership skills—In the latest survey of the National Association of State CIOs, the traits that rose to the top for CIO success: “communication skills, negotiation skills, being able to collaborate and work across the agencies, to work with their executive team.” Laura Fucci, the CIO of Clark County Nevada (home to the Las Vegas strip) echoes these sentiments for a CIO and talks in terms of team building [and networking], being a consensus builder, improving customer service (ITIL), studying metrics, and good project management.
A few other traits worth mentioning from David Wennergren, from DoD, is continuous learning and studying and driving best practices. This again ties strongly to enterprise architecture which builds the target architecture, transition plan, and IT strategic plan, bringing together the best practices from inside and outside the organization to move it steadily forward.
Clearly, the enterprise architecture is the foundation for a successful CIO and the organization he/she serves.
Subscribe to:
Posts (Atom)
