Can't Live With Them, Can't Live Without Them

I remember years ago, my father used to joke about my mother (who occasionally got on his nerves :-): "you can't live with them, and you can't live without them."

Following the frequently dismal state of IT project performance generally, I'm beginning to think that way about technology projects.

On one hand, technology represents innovation, automation, and the latest advances in engineering and science--and we cannot live without it--it is our future!

On the other hand, the continuing poor track record of IT project delivery is such that we cannot live with it--they are often highly risky and costly:

• In 2009, the Standish Group reported that 68% of IT projects were failing or seriously challenged--over schedule, behind budget, and not meeting customer requirements.


• Most recently, according to Harvard Business Review (September 2011), IT projects are again highlighted as "riskier than you think." Despite efforts to rein in IT projects, "New research shows surprisingly high numbers of out-of-control tech projects--ones that can sink entire companies and careers."


• Numerous high profile companies with such deeply problematic IT projects are mentioned, including: Levi Strauss, Hershey's, Kmart, Airbus, and more.


• The study found that "Fully one in six of the projects we studied [1,471 were examined] was a black swan, with a cost overrun of 200% on average, and a schedule overrun of almost 70%."


• In other words there is a "fat tail" to IT project failure. "It's not that they're particularly prone to high cost overruns on average...[rather] an unusually large proportion of them incur massive overages--that is, there are a disproportionate number of black swans."


• Unfortunately, as the authors state: "these numbers seems comfortably improbable, but...they apply with uncomfortable frequency."

In recent years, the discipline of project management and the technique of earned value management have been in vogue to better manage and control runaway IT projects.
At the federal government level, implementation of such tools as the Federal IT Dashboard for transparency and TechStats for ensuring accountability have course-corrected or terminated more than $3 billion in underperforming IT projects.
Technology projects, as R&D endeavors, come with inherent risk. Yet even if the technical aspect is successful, the human factors are likely to get in the way. In fact, they may be the ultimate IT "project killers"--organizational politics, technology adoption, change management, knowledge management, etc.

Going forward, I see the solution as two-pronged:

• On the one hand we must focus on enhancing pure project management, performance measurement, architecture and governance, and so on.


• At the same time, we also need to add more emphasis on people (our human capital)--ensuring that everyone is fully trained, motivated, empowered and has ownership. This is challenging considering that our people are very much at a breaking point with all the work-related stress they are facing.

These days organizations face numerous challenges that can be daunting. These range from the rapid pace of change, the cutthroat global competition at our doorsteps, a failing education system, spiraling high unemployment, and mounting deficits. All can be helped through technology, but for this to happen we must have the project management infrastructure and the human factors in place to make it work.

If our technology is to bring us the next great breakthrough, we must help our people to deliver it collaboratively.

The pressure is on--we can't live with it and we cannot live without it. IT project failures are a people problem as much as a technology problem. However, once we confront it as such, I believe that we can expect the metrics on failed IT projects to change significantly to success.

(Source Photo: here)

Can't Live With Them, Can't Live Without Them

Federal IT Management Reform

New IT management reform from the White House.

Very exciting development.

The plan is published at this link.

Federal IT Management Reform

Earned Value Management - Made Easy

Some exceptional Earned Value Management (EVM) instructional videos. These are great whether you are studying for your Project Management Professional (PMP) exam or wanting to apply EVM to your projects at work:

• Part I: Basic Concepts

• Part II: Calculating Variances and Indexes

• Part III: Forecasting Completion

Earned Value Management - Made Easy

TEAM: Together Everyone Achieves More

People are selfish; they think in terms of win-lose, not win-win. The cost of this kind of thinking is increasingly unacceptable in a world where teamwork matters more than ever.

Today, the problems we face are sufficiently complex that it takes a great deal more collaboration than ever to yield results. For example, consider the recent oil spill in the Gulf, not to mention the ongoing crises of our time (deadly diseases, world hunger, sustainable energy, terrorism).

When we don’t work together, the results can be catastrophic. Look at the lead-up to 9-11, the poster child for what can happen if when we fail to connect the dots.

A relay race is a good metaphor for the consequences of poor teamwork. As Fast Company (“Blowing the Baton Pass,” July/August 2010) reports, in the 2008 Beijing Olympics, the USA’s Darvis Patton was on the third leg of the race, running neck and neck with a runner from Trinidad when he and his relay partner, Tyson Gay, blew it:

“Patton rounded the final turn, approaching…Gay, who was picking up speed to match Patton. Patton extended the baton, Gay reached back, and the baton hit his palm. Then, somehow it fell. The team was disqualified.”

Patton and Gay were each world-class runners on their own, but the lack of coordination between them resulted in crushing defeat.

In the business realm, we saw coordination breakdown happen to JetBlue in February 2007, when “snowstorms had paralyzed New York airports, and rather than cancel flights en masse, Jet Blue loaded up its planes…and some passengers were trapped for hours.”

Why do people in organizations bicker instead of team? According to FC, it’s because we “underestimate the amount of effort needed to coordinate.” I believe it’s really more than that – we don’t underestimate it, but rather we are too busy competing with each other (individually, as teams, as departments, etc.) to recognize the overarching importance of collaboration.

This is partly because we see don’t see others as helping us. Instead we (often erroneously) see them as potential threats to be weakened or eliminated. We have blinders on and these blinders are facilitated and encouraged by a reward system in our organizations that promotes individualism rather than teamwork. (In fact, all along the way, we are taught that we must compete for scarce resources – educational slots, marriage partners, jobs, promotions, bonuses and so on.)

So we think we are hiring the best and the brightest. Polished resume, substantial accomplishments, nice interview, solid references, etc. And of course, we all have the highest expectations for them. But then even the best employees are challenged by organizational cultures where functional silos, “turf wars”, and politicking prevail. Given all of the above, why are we surprised by their failure to collaborate?

Accordingly, in an IT context, project failure has unfortunately become the norm rather than an exception. We can have individuals putting out the best widgets, but if the widgets don’t neatly fit together, aren’t synchronized for delivery on schedule and within budget, don’t meet the intent of the overall customer requirements, and don’t integrate with the rest of the enterprise—then voilá, another failure!

So what do we need to become better at teamwork?

• Realize that to survive we need to rely on each other and work together rather than bickering and infighting amongst ourselves.
• Develop a strong, shared vision and a strategy/plan to achieve it—so that we all understand the goals and are marching toward it together.
• Institute a process to ensure that the contributions of each person are coordinated— the outputs need to fit together and the outcomes need to meet the overarching objectives.
• Reward true teamwork and disincentivize people who act selfishly, i.e. not in the interest of the team and not for the sake of mission.

Teamwork has become very cliché, and we all pay lip service to it in our performance appraisals. But if we don’t put aside our competitiveness and focus on the common good soon, then we will find ourselves sinking because we refused to swim as a team.

TEAM: Together Everyone Achieves More

When Commitment is Just a Crowd-Pleaser

In the organization, you can’t really do anything without management commitment and a certain degree of consensus. In fact, management commitment is usually at the top of the list when it comes to a project’s critical success factors.

But when is commitment real and when is it just lip service?

Sometimes, when the boss tells you to do something, he means it and gives you the authority and resources to make it happen. Other times, “go do” is superficial and denotes more of a “this isn’t really important”, but we need to make a good show of it for political, compliance, or other reasons. In the latter case, there is usually no real authority implied or resources committed to getting the job done. But at least we gave it our best (not!).

As an employee, you have to be smart enough to know the difference in what you’re being asked to do (and not do), so you don’t end up stepping in the muck—trying to do something that no one really wants anyway or the opposite, not delivering on a project that others are depending on.

Knowing the difference between what’s real and what isn’t can mean the difference between a successful and rewarding career (i.e. “you get it”) or one that is disappointing and frustrating (because you’re sort of clueless).

It was interesting for me to read in the Wall Street Journal, 5 February 2010, about how looks can be deceiving when it comes to support for someone or some cause: apparently, in certain European countries, such as Ukraine, it is common place for rallies to be attended not by genuine supporters, but by people paid to show up. In other countries, you may not be paid to show up, but instead be punished for not doing so.

The Journal reports that “rent-a-crowd entrepreneurs find people fast to cheer or jeer for $4 an hour…[and] if you place an order for a rally, you can have it the next day.”

So what looks like thousands of people turning out to support someone or something is really just a sham. This is similar to leaders who turn out to support a program or project, but really they are just paying lip service with no intention of actually helping the project make an inch of progress. Their superficial support is paid for by goodwill generated by their apparent support or what one of my friends used to call by “brownie points” (for brown-nosing their boss or peers)—but of course, they aren’t really behind the initiative.

The article summarizes it this way: “For now, people see the same old politicians and hear the same old ideas. If someone fresh brings a new idea, people will come out and listen for free.”

Good leaders need to actually say what they mean and mean what they say, so employees are able to focus on the work that’s really important and get the results the organization needs. This contrasts with ineffectively telling employees to “go do”, but no one is standing with or behind them—not even for 4 dollars an hour.

Of course, leaders must get on board with the direction that the overall organization is going. That is just part of being a team player and accepting that first of all, we are not always right as individuals, and second of all that we live in an imperfect world where sometimes our choices are not ideal.

However, when employees are required to rally for causes they truly don’t believe in or leadership feels compelled to pay lip service to initiatives they will not ultimately fund or commit to, the result is a dysfunctional organization. The outward reality does not match the actual feelings or thoughts of its people. (Sort of like having a diversity initiative headed by all white males over the age of 50.)

Let us commit to a spirit of honesty in all our dealings. If a conflict needs to be addressed, let’s address it directly rather than avoiding or glossing over it. One very basic and simple step toward this end is to recognize and reward the people who are brave enough to say when the emperor has no clothes and who are able to provide alternatives that make sense.

And finally—when we do commit to something—let’s see it through.

When Commitment is Just a Crowd-Pleaser

Motivated by Progress

There are all sorts of theories about what motivates people. The two most popular are Maslow’s Hierarchy of Needs and Hertzberg’s Theory of Motivation.

Maslow (1954) believed that people fulfill needs from the lowest to the highest order in terms of physiological, safety, social, esteem, and self-actualization.

Herzberg (1959) understood that more specifically at work, there were five key motivators to job satisfaction: achievement, recognition, the work itself, responsibility, and advancement. Things like salary and working conditions were believed to not provide satisfaction, but could lead to job dissatisfaction.

An article in Harvard Business Review (January-February 2010) underscores Hertzberg’s belief that achievement is the greatest work satisfier of all, as the article states: “we now know what the top motivator of performance is…It’s progress.”

· Workers are energized when “they’re making headway in their jobs, or when they receive support that helps them overcome obstacles.”

· Workers are demoralized when “they feel they are spinning their wheels or encountering roadblocks to meaningful accomplishment.”

Bottom line is that most people generally want to work and be productive human beings: when we contribute positively to the world, we feel a purpose to life. Achievement and progress means that we somehow leave this world a little bit better than when we arrived, and the whole thing is not meaningless. The daily growing pains of life are not in vain—we are contributing to something greater—something that outlasts ourselves.

Recently, I read that only 45% of workers were satisfied with their jobs (based on finding from the Corporate Executive Board). Even in a horrible economy, people are not satisfied with a paycheck. They want to feel good about what they are doing and that they are doing something.

Something is getting in the way of people’s feeling of progress at work or their level of job satisfaction wouldn’t be the worst in decades.

The authors of the Harvard Business Review article state “the strongest advice we offer [to leaders] from this study…”scrupulously avoid impeding progress by changing goals autocratically, being indecisive or holding up resources.”

The point is that a leader is first and foremost an enabler for progress. If they are holding back their people, rather than helping them, we have dysfunctional leadership at its core.

So in simple terms—effective leaders must:

· VISION: Set and articulate a compelling vision/strategic direction for organization bringing their people into the process through genuine inclusion.

· DECISION: Make decisions with a reasonable and responsible level of analysis and consideration, but avoid analysis-paralysis, wavering, and indecision.

· EXECUTION: Give your people the authority, accountability, resources, training, and tools to execute or as the saying goes, “put your money where your mouth is.”

Progress and employee satisfaction will not be achieved with just one or two of the three: If the employees want to move forward on leadership vision, but they can’t get needed decisions to really execute, the vision is for all intensive purposes, dead on arrival. And even if employees have a vision and the needed decisions to operationalize it, but they can’t get the resources to really see it through, progress is slowed, stunted, or perhaps, not even possible at all.

Perhaps this is one reason for the high project failure rate in organizations that we’ve seen for years now resulting in cost overruns, missed project schedules, and requirements that go unmet.

Yes, workers will always seek job satisfaction, but its not just about more money, more benefits, more recognition, more advancement, like so many erroneously still believe. Rather, the Holy Grail to worker satisfaction is a leadership that knows how to let them really be productive.

I believe that true leadership success is measured in progress, and a sure sign of organizational progress is when employees feel productive. A good metric for “progress” is whether employees are engaged and (to put it simply) happy.

Motivated by Progress

The Forgotten 60%

IT Leaders are often worried (almost exclusively) about the technology—Is it reliable? Is it robust? Is secure? Is it state-of-the-art? Is it cost-effective? And more.

This is what typically keeps IT management up at night—a server outage, the network being down, an application not available, a project off track, or a security issue such as a virus or worm.

While much lip service has been paid to the statement that “people are our most important asset;” in reality, too little emphasis is generally placed here—i.e. people are not kept high on the IT leadership agenda (for long, if at all), technology is.

Hence, we have seen the negative effects of outsourcing, layoffs, cut training budgets, pay and incentive stagnation, and other morale busting actions on our workforce, along with customers who have been disappointed by magnificent IT project failure rates—with projects over cost, behind schedule, and not meeting customer spec.

Our people—employees and customers—are not being properly cared for and the result is IT projects failure all around us (the stats speak for themselves!).

In essence, we have lost the connection between the technology outcomes we desire and the people who make it happen. Because what drives successful technology solutions are people—knowledgeable, skilled, well trained, and passionate people—working collaboratively together on behalf the mission of the organization.

A book review in ComputerWorld (21 December 2009) on World Class IT by Peter A. High identifies the 5 elements of IT leadership, as follows:

1. Recruit, train, and retain world-class IT people.

2. Build and maintain a robust IT infrastructure.

3. Mange projects and portfolios effectively.

4. Ensure partnerships within the IT department and with the business.

5. Develop a collaborative relationship with external partners.

Interestingly enough, while IT leaders generally are focused on the technology, information technology is not #1 of the 5 elements of IT leadership, but rather employees are—they are identified at the top of the list—and the author states that CIO's should tackle these issues in the order presented.

Further, of the 5 key IT leadership elements, fully 3—or 60% are all about people and relationships, not technology. #1 are employees, #4 is business-IT partnership (customers), and #5 is external collaboration or outreach.

So unfortunately for our organizations, people are the all too forgotten (or neglected) 60%.

I do want to note that I do not fully agree on the order presented by Mr. High; in particular I do not think the customer should be 4^th on the list, but rather as the customer represents the mission and the requirements to carry it out, the customer should be unquestionably to me at the very top of the list of IT leadership focus—always. We are here to serve them, period.

Overall though, the key point is that IT leaders need to reorient themselves to people and not overemphasize the technology itself, because if they generally respect and take care of the people and the relationships, the technology will follow and be more successful then ever.

The Forgotten 60%

Project Failure, Why People Can’t Own Up

I saw this funny/sad Dilbert cartoon on project management by Scott Adams (BTW, he’s terrific!).

It goes like this:

Office colleague (water cooler talk): How’s your project coming along?

Dilbert: It’s a steaming pile of failure. It’s like fifteen drunken monkeys with a jigsaw puzzle.

New scene….

Boss: How’s your project coming along?

Dilbert: Fine.

END

This common work scenario is sort of like a game of truth or dare: you either have to tell the project truth or take the dare and do something embarrassing like proceed with the project that isn’t on track.

Teammates, colleagues, peers often talk frankly and honestly about the problems with their projects and often the talk may become sarcastic or even somewhat cynical, because they know that they can’t tell their bosses what is REALLY going on.

What a shame in terms of lost opportunities to communicate, solve problems, and drive project success for the organization.

People are afraid to be honest, direct, tell the truth, and work together with their management on constructive solutions.

Instead, people simply say everything is fine, period.

Sort of like when your boss asks politely at work how are you doing? And rather than say, well I woke up late, missed my train, spilled coffee on my tie, and am having trouble meeting my deadlines this week, the person almost always replies, reflexively, “I’m fine” and “How are you?”

Another manifestation of the it’s fine syndrome is with executive dashboards or project scorecard reviews where virtually all the metrics show up as “green”, even when you know they are not—does yellow or red sound too scary to have to put on paper/screen and explain to the boss.

We are conditioned NOT to talk casually or to report to our superiors about issues, problems, or anything that can be perceived as negative, least they be labeled as trouble-makers or “the problem,” rather than the solution. Ultimately, employees don’t want to be blamed for the failures, so they would rather hide the truth then own up to the project issues, and work constructively with their management on solutions or course correction—before it’s too late.

Now isn’t that a novel idea? Management and staff working together, actually identifying the issues—proactively and in forthright manner—and working together to resolve them, rather than sitting across the table, sugar-coating or pointing the accusatory finger.

People have to take responsibility and own up when there is a problem and be willing to talk about them with their management, and management needs to encourage frankness, a “no surprises” culture, and a team-collaborative environment to solving problems rather than instilling fear in their employees or implicitly or explicitly communicating that they only want to hear “good news.”

Good news is not good news when it’s fabricated, a distortion, or a complete sham.

A culture of teamwork, collaboration, honesty, and integrity is the underpinning of project success. If everything in the project “is fine”, it’s probably not.

Project Failure, Why People Can’t Own Up

Personal Technology Trumps Work IT

The pendulum has definitely swung—our personal and home technology is now often better than what we are using in the office.

It wasn’t always that way. Early on, technology was mysterious to those not professionally engaged as system engineers or IT professionals. Technology was expensive and made sense for business purposes, but not for home use. IT was a professional enabler to get the job done, but consumer applications were scarce and not intuitive for anything but the office.

The world has turned upside down. Now as consumers, we are using the latest and greatest computers, smart phones, gaming devices, and software applications, including everything social media and e-Commerce, while in the office, we are running old operating systems, have nerdy phones, locked down computers, applications that aren’t web-enabled, and social media that is often blocked.

The Wall Street Journal (16 November 2009) summed up the situation this way:

“At the office, you’ve got a sluggish computer running aging software, and the email system routinely badgers you to delete message after you blow through the storage limits set by your IT department. Searching your company’s internal website feels like being transported back to the pre-Google era of irrelevant results…This is the double life many people lead: yesterday’s technology for work, today’s technology for everything else…The past decade has brought awesome innovations to the marketplace--Internet search, the iPhone, Twitter, and so on, but consumers, not companies, embrace them first and with the most gusto.”

What gives and why are we somehow loosing our technical edge in the workplace?

Rapid Pace of Change—We have been on technological tear for the last 20 years now; virtually nothing is the same—from the Internet to cloud computing, from cell phones and pagers to smart phones and iPhones, from email to social media, and so much more. From a consumer perspective, we are enamored with the latest gadgets and capabilities to make our life easier and more enjoyable though technology. But at work, executives are tiring from the pace of technological change and the large IT budgets that are needed to keep up with the Jones. This is especially the case, as financial markets have seized in the last few years, credit has tightened, revenue and profitability has been under extreme pressure, and many companies have laid off employees and others have even gone kaput.

Magnificent Technology Failures—Along with the rapid pace of change, has come huge IT project failure rates. The Standish group reported this year that 82% of IT projects are failing or seriously challenged. Why in the world would corporate executives want to invest more money, when their past and present IT investments have been flushed down the toilet? Executives have lost faith in IT’s ability to upgrade their legacy systems and fulfill the promises behind the slew of IT investments already made. Related to this is the question of true cost-benefit and total cost of ownership of all the new technologies and their associated investments—if we haven’t been able to achieve or show the return on investment on all the prior investments, why should we continue investing and investing? Is the payoff really there? Perhaps, we are better off putting the dollars into meeting core mission requirements and not overhead, like IT?

Security Risks Abound—With all the technology has come a whole new organizational risk set in terms of IT security. Organizations are hostage to cyber criminals, terrorists, and hostile nation states who can with a few keyboard strokes or mouse clicks disable the company transaction capability, wipe out its memory, steal its information, or otherwise neutralize it from functioning. And the more technology we add, the more the risk level seems to increase. For example, the thinking goes that we were safer when we ran everything in a locked down, tightly controlled, mainframe environment. The more we push the envelope on this and have moved to client server, the web, and now to even more transparency, information sharing, and collaboration—through social media, cloud computing, and World 2.0—the thinking is that we are potentially more open to local and global threats than ever before. Further, with the nation under virtually constant cyberattack and our capabilities to slow or stop these attacks seemingly not existent at this time, executives are reluctant to open up the technology vulnerability spigot any further.

While there are many other reasons slowing or impeding our technology adoption at work, we cannot stop our march of IT advancement and progress.

We are in a global competitive marketplace and the world waits for no one. The problems resulting from the speed and cost of change, the high IT project failure-rate, and the cybersecurity danger/challenges cannot be allowed to inhibit us from progress. We must address these issues head on: We have got to achieve efficiencies from technological advancement and plow the cost-savings into next generation technologies. We have got to drastically improve our IT project success rate though mature implementations of enterprise architecture, IT governance, project management, customer relationship management, and performance measurement (Reference: The CIO Support Services Framework). And we must invest heavily in IT security—with money, people, policy, training, new technology safeguards, and more.

Innovation, technological prowess, and information superiority is what gives us our edge—it is tip of our spear. So yes, we must carefully plan/architect, wisely invest, execute well, and secure our IT. But no, we cannot dismiss the evolving technologies outright nor jump in without proper controls. We must move rationally, but determined into the future.

Personal Technology Trumps Work IT

The CIO Support Services Framework Improves IT Operations

The CIO Support Services Framework Improves IT Operations

How to Strengthen the Office of the CIO - Part II

Punlished at Government Technology

[Editor's Note: This article is the second in a series that explores the CIO Support Services Framework in government.]

In Part 1 of The CIO Support Services Framework, I presented the six major components needed to support the public CIO in managing IT strategically and proactively. In this article, I will explain what IT best practices framework inform these six components and propose a structure for implementing it.

The six CIO Support Services Framework (CSSF) functions are distinct areas that require subject-matter expertise and need to be managed based on the various IT best practice frameworks. While I am not endorsing any particular best practice government or industry framework, below is a sampling according to CSSF functional area:

Enterprise Architecture (EA) -- Federal Enterprise Architecture (FEA), Department of Defense Architecture Framework (DoDAF), and The Open Group Architecture Framework (TOGAF).

Capital Planning and Investment Control (CPIC) -- Office of Management and Budget (OMB) Circular A-130--"Management of Federal Information Resources" and the Control Objectives for Information and related Technologies (COBIT) by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

Project Management Office (PMO) -- the Project Management Book of Knowledge (PMBOK) by the Project Management Institute is the de facto standard project management best practices from initiation through project closeout.

Customer Relationship Management (CRM) -- the IT Infrastructure Library (ITIL) by the United Kingdom's Office of Government Commerce (OGC) and International Standards Organization (ISO) 20000--"IT Service Management." While both are very much operational frameworks, they can also be used to guide service and support at a strategic level in the OCIO.

IT Security (ITS) -- the Federal Information Security Management Act (FISMA), various Federal Information Processing Standards (FIPS) from the National Institute of Science and Technology (NIST), and International Organization for Standardization ISO/IEC 17799 -- Information Technology Code of Practice for Information Security Management.

Business Performance Measurement (BPM) -- the Balanced Scorecard (BSC) by Kaplan and Norton from Harvard Business School -- examines financial, customer, internal business process, and learning and growth measures for the organization.

Although each of the six main functional areas and their supporting best practice frameworks are unique, they can and will overlap, and it is imperative that the OCIO develop a simple and streamlined process for managing these, so that IT and business personnel are not confused or burdened by redundant or circuitous IT processes that hinder, rather than spur innovation and agility. For example, while EA planning guides CPIC IT investment decisions, those decisions inform the next round of EA planning -- it is inherently cyclical. Nevertheless, we must ensure that the overall process flow between all six areas is as clear and simple as possible.

I like to use the example of a Monopoly game board as an analogy for how IT processes should ideally progress from "Go" all the way through -- logically, and more or less sequentially -- without project mishap, ending up on the OMB Watch List for risky IT projects, the equivalent of landing in Monopoly "jail."

The CSSF provides the functional resources to fully support the OCIO and provide the capability to move from simply fighting day-to-day operational problems to strategically managing IT service provision, improving performance and increasing program and project success, through:

Planning (EA)

Investing (CPIC)

Executing (PMO)

Servicing (CRM)

Securing (ITS)

Measuring (BPM)

Each of these OCIO component functions is helpful in managing IT by providing the CIO the capability to better plan, invest, execute, service, secure and measure -- but these are not stand-alone functions -- they are all necessary and complementary.

An organization can have the best EA plan, but without the structured investment processes of CPIC, the plan will not drive, guide, influence and shape IT investment decision-making. In fact, I would propose that CPIC is an enforcement mechanism for carrying out the EA plan.

Similarly the organization can have a wonderful CPIC process for making IT investment decisions, but without a PMO to develop and enforce sound PM policies and practices, IT projects will continue to fail miserably. With an effective PMO, we will have more successful project execution, but without CRM to manage customer requirements and service and support issues, we run a very high risk of rolling out IT capabilities that the customer neither wants nor is happy with. Further, CRM will increase customer satisfaction, but without ITS, CIOs will not ensure the security of the information and systems that the users are depending on.

Finally, with ITS, CIOs will provide users for information security, but without BPM, will miss the opportunity to perform structured performance measurement and management, so that the CIO has visibility to how IT is performing in all areas and on an ongoing basis and can take timely corrective action as needed.

CIO Support Service Framework - Implementation Structure

View more documents from ablumen.

Most organizations either don't do any of these CSSF functions well or they don't do them all. The six components need to be executed together -- the whole being greater than the sum of its parts. Further, I would propose that the six CSSF functions be implemented under the auspices of the CTO of the organization in order to centralize and holistically manage the functions in support of the CIO.

The result is that the CIO is better supported, without being overwhelmed, and the CTO has a clear mandate for strategically implementing the CIO's vision for the organization.

Of course, one of the biggest challenges to implementing the CSSF is finding and allocating the needed funding to support these OCIO functions. IT operations tend to be underfunded already and stuck in the perpetual firefighting mode. Executives often fearf siphoning the needed money or people away from the short-term firefight to work on long-term strategy and implementation. This is a serious mistake!

Firefighting is a losing battle if you attack only the symptoms, but never address the cause or core strategic issues. Moreover, in the fast-paced technology environment of the 21st century, no IT leader can afford to be looking backward -- managing legacy systems that do not leverage modern technologies, techniques and methodologies for information sharing, collaboration and business intelligence.

If you are spending close to 100 percent on IT operations today, is it really unreasonable to allocate 3 to 5 percent of this to strategy, planning and control? Of course, this needs to adjust when IT budgets get extremely large or small and as the complexity of the organization shifts.

As the prior chief enterprise architect of the U.S. Coast Guard and of the United States Secret Service, I have always been a deep proponent of EA and CPIC to drive better IT investment decision-making. However, now as the chief technology officer (CTO) of the Bureau of Alcohol, Tobacco, Firearms and Explosives, I more fully understand how the CSSF functions and interplay are needed for the CIO to perform effectively.

Clearly EA and CPIC are not enough to adequately support the CIO's needs, and thus, they need to be extended with PMO, CRM, ITS and BPM. Moreover, these areas function best that function together for the reasons I mentioned prior -- it's a clear domino effect, where astute planning, sound governance, skilled project management practices, competent customer service, solid IT security and meaningful performance measurement are all necessary for the CIO to manage IT more strategically and effectively.??This is why I firmly believe that the CIO Support Services Framework is how we are going to have to manage IT to achieve genuine success for the CIO in the 21st century and beyond.

_______________________________________

Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.

How to Strengthen the Office of the CIO - Part II

How to Strengthen the Office of the CIO - Part I

Published at Government Technology

[Note: This is a two-part article on strengthening the office of the CIO to improve IT operations. Part 1 examines the six components of a CIO Support Services Framework. Part 2 will explore best practices and implementation.]

Information technology is plagued with what federal CIO Vivek Kundra recently called "magnificent failures." A recent research survey by theStandish Group identified that more than 80 percent of IT projects were either failing or significantly at risk. Another article described the CIO's role as a nearly impossible job, trying to manage day-to-day firefighting with limited to no ability to get control and manage strategically.

We are investing massive sums of money, time and effort, only to disappoint customers, miss the mark on requirements and fail to deliver on time, within budget and to specifications.

The CIO Support Services Framework (CSSF) is an approach for changing the dynamic of failed IT projects and putting the CIO and other IT leadership back in the driver's seat, by ensuring that the structural components for success are identified, elevated and resourced appropriately.

The focus of this article is to identify, describe and link the core elements that make up and support an Office of the CIO for the purpose of demonstrating how that will lead to improved IT operations. When the CIO is properly supported, program and project management can be executed with strategic intent and alignment.

It is not my aim to discuss the pros and cons of the many solid approaches to IT project and program management today, such as the Federal Enterprise Architecture (FEA), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), Project Management Body of Knowledge (PMBOK), Federal Information Processing Standards (FIPS) and International Organization for Standardization (ISO) 20000. I will say that while each is comprehensive in its own right, they are skewed by a particular emphasis on a particular function. For instance, FEA looks at architecture planning, ITIL on service support and delivery, PMBOK on project management and so on. What the CIO needs for ultimate success is a way to incorporate elements of all of these perspectives into a bigger picture.

CIO Support Service Framework

Image copyright by Andy Blumenthal

So what is the CSSF? It is an IT framework aimed at standing up and strengthening an office of the CIO so that it can lead strategically and drive improved IT operations. The idea is that just as business drives (or ought to drive) technology within the greater organization, so too within the function of IT, the CIO and his or her strategy must drive technology operations rather than just fighting fires.

In the typical IT organization, CIOs are expected to be both strategist and problem-solver, with little supporting strategic infrastructure to guide, influence, shape and drive their key decisions about IT operations. All too often, problems crop up and even the most skilled and well intentioned CIOs are left to make decisions based on gut, intuition, politics and subjective management whim.

Even if the CIO has an IT governance board to shoulder some of this responsibility, together they are still like blind people grasping in the dark for answers. This framework corrects the structural defects in today's IT organization that cause this situation to occur.

The CSSF has six major components:

1. Enterprise Architecture (EA) -- for strategic, tactical, and operational planning in the organization. EA includes all perspectives of the organization's architecture including: performance, business, information (data and geospatial), services or systems), technology, security, and human capital (this last one is currently missing from the Federal Enterprise Architecture).

In EA planning, we develop the current architecture--where we are today in terms of business and technology resources, the target--where we want to be in the future through business process improvement and technology enablement, and the transition plan--how do we get from where we are today to where we want to be in the future.

More mature EA's provide business, data, and systems models, and identify gaps, redundancies, inefficiencies, and opportunities in the business and IT and recommend business process improvement, reengineering, and new technologies to improve organizational performance.

2. Capital Planning and Investment Control (CPIC) or IT governance -- manages the IT investment decision processes of selecting, controlling, and evaluating new or major changes to the IT portfolio ( i.e. to put those plans to work and make them pay-off). CPIC can ensure that IT investments maximize return on investment, minimize or mitigate risk and provide for strategic alignment to the business.

CPIC also helps make IT investments technically compliant by ensuring that desirable IT behaviors are followed, such as information sharing and quality, interoperability, component reuse, standardization, simplification, cost-efficiency, and of course security.

3. Project Management Office (PMO) -- oversees the effective execution on the IT projects. These projects derive from the EA technical roadmap and transition strategy and from IT investment decisions coming out of the governance board(s) in CPIC. Project management is how we manage all facets of a project to include scope, schedule, cost, quality, project resources, integration, communications, and more, from the initiation of a project through its closeout. Project managers typically develop the work breakdown structures, project schedules, and monitor and manage progress to these.

4. Customer Relationship Management (CRM) or IT service management -- for managing service and support to our customer with "one call does it all". As opposed to customer management within IT operations which is focused on helpdesk, availability, break-fix, and support issues, CRM in support of the CIO is focused on serving as IT liaisons to the business responsible for overall customer satisfaction, generating and managing customer requirements, supporting business case development, and handling internal business complaints, issues, and coordinating problem resolution with IT operations.

5. IT Security (ITS) -- how we conduct IT security policy and planning. This function encompasses how we plan, assess, and enforce IT security, and not the actual implementation of IT Security, which is an operational IT function. This functional area includes preparing certifications and accreditations, risk assessments, security plans, vulnerability testing, security awareness training, and security policies. IT security ensures the confidentiality, availability, integrity, and privacy of the organizations information.

6. Business Performance Management (BPM) -- how we measure and drive performance, so we know whether we are hitting the EA target or not. BPM involves identifying performance measures, capturing, analyzing and reporting on metrics, and providing the CIO with IT executive dashboard views to inform which programs and projects that are on track, challenged and in jeopardy of failure.

Typically BPM provides for a drill-down capability, so high-level "red-yellow-green" program/project indicators and milestones can be decomposed into lower levels of detail for trends, analysis and making course corrections. BPM should provide a feedback mechanism for how the IT function is performing and drive continuous process and performance improvement in the CIO organization.

Together these six areas make up a holistic and synergistic set of support functions constitute a fully capable Office of the Chief Information Officer (OCIO) in the center.

In creating a strong OCIO, the CIO Support Services Framework wisely separates the policy, planning and oversight functions from the IT operations. This is beneficial in two main ways: First, this enables the CIO to strategically and proactively direct IT operations, rather than being in perpetual firefighting and reactive mode. Second, the separation of duties -- strategy from operations -- creates a healthier organizational dynamic and interplay in IT, where the fox is not left guarding the chicken coop.

Part 2 of this article will explore IT best practice frameworks and implementation of the CIO Support Services Framework.

_____________________________________

Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.

How to Strengthen the Office of the CIO - Part I

CIO Support Services Framework

The CIO Support Service Framework (CSSF) has 5 major components:

1. Enterprise Architecture--for strategic, tactical, and operational planning
2. Capital Planning & Investment Control (or IT governance)--for managing the IT investment decision process (i.e. "putting those plans to work")
   
3. Project Management (or a project management office)--to effectively execute on the programs and projects in the transition strategy
   
4. Customer Relationship Management (or IT service management)--for managing service and support to our customer (i.e. with a single--belly button; one call does it all)
   
5. Business Performance Management--how we measure & drive performance (like with an IT executive dashboard--so we know whether we are hitting the target or not!)
   

Together these five areas make up a holistic and synergistic set of CIO support functions.

So that we move the mindset of the CIO from fighting day to day operational problems to instead strategically managing IT service provision through:

• Planning
  
• Investing
  
• Executing
  
• Servicing
  
• Measuring
  

This is how we are going to achieve genuine success for the CIO in the 21st century and beyond.

CIO Support Services Framework

6 CIO Tools for Managing IT Risk

“The consequences of not managing risk have hit Americans square in the jaw.”-- Government Executive magazine, March 2009

Too often CIOs see themselves very literally as managing IT. What they need to do is manage risk along with all of the other key leadership issues such as innovation, information-sharing, collaboration, and so on.

Context

The IT environment today is part of a larger social, political, and economic context that is more fraught with risk than ever. The mortgage meltdown, the financial crisis, job losses, volatility in commodity prices (e.g. oil), and so much more—it seems like it will never end. I would add that recently we had birds collide with an airline in NY, satellites that collided in space, and submarines that collided from France and the U.K. Oh, let’s not forget Russia’s invasion of Georgia and the terrorist attacks in India in November that killed at least 173 and wounded 308 and the Asian Tsunami in 2004 that killed over 225,000 people from 11 countries.

This is scary beyond belief!

Is G-d punishing us, teaching us, ignoring us?

Expectations

Whatever is going on, people are crying out for help--they are praying, and they are also turning to their government for “recovery” (as in the Recovery Act), “bailout” (as in taxpayer bailout), “relief” (as in the Troubled Asset Relief Program). The CIO is operating in an environment in which risk management is increasingly something that the average citizen expects from their leaders (and IT is not immune):

--“Citizens are increasingly calling on government to prevent bad things from happening and to ride in to help when they do.” (Donald Kettl).

--“American want life to be less risky…[and so] without realizing it, federal officials are risk managers at their core.”

--“The public, not only demands that the government manage the consequences of risk, but that it deals with problems before they turn into catastrophes. Merely reacting to risk is eroding the people’s trust in government.”

Challenges

While risk management is clearly a critical need, it is also more difficult than ever, for the following reasons:

--Pace and impact—“the problem now is the rapid pace of the challenges—that whatever it is that happens punishes and punishes instantly.”

--Scope—“’we obviously don’t want to get to a state where the government is running everything.’ But with no clear definition of the limit, the number of public risks the government should manage appears endless.”

In my opinion, cost is a huge factor as well. Just the financial crisis so far has cost us trillions of dollars and added to our debt probably for generations to come, and at a time when we are already on the brink with unfunded social security and Medicare liabilities for the baby boomers that are quickly nearing retirement and is feared will overwhelm the system. How much more financial burden can the system take before there are dire consequences?

Framework

There are no easy answers to these trying times or to how we manage the incredible risk that we seem to face virtually every day. However, there are three common approaches to risk management set forth by Moss:

--Reduce it (or eliminate it, if possible)

--Spread it

--Shift it

We often reduce risk, by having a backup plan (such as in IT having backup and recovery), and we mitigate risk by spreading or shifting it (such as through insurance policies or government social programs, and so forth).

6 Tools for CIOs

These lessons in risk management are critical to professionals in information technology, a field that is always in rapid transition with changing products, skill sets, and practices and where the scope of IT impacts almost everything we do (from online finance, health IT, e-commerce, robotics, and more). And where the price of keeping up with Jones in technology is does not come cheap to any organization these days.

In IT, where more than half of projects are over budget or behind schedule and many end up cancelled all together, we need to manage project risk. Here is a suggested toolkit for CIOs to do so:

--First, we need an architecture plan to ensure that we are aligning to business requirements and complying with technical requirements. This helps reduce the risk that we are doing IT the “wrong” way.

--Second we need to have sound IT governance to manage the selection of our investments, the control of cost, schedule, and performance, and the evaluation for lessons for the future. This helps reduce and spread the risk that we are doing the “wrong” IT investments.

--Third, we need solid project management to guide projects from initiation through close out in a defined, repeatable, and measureable way. This helps reduce the risk that we doing projects the “wrong” way.

--Fourth, we need robust IT security that protects our data from manipulation, interception, interjection, or other malice. This helps reduce and spread the risk of our IT working “wrong”.

--Fifth, we need adept customer relationship management so that we are fully engaged with our customers in building solutions that meet their needs and solves their business problems. This helps spread and shift the risk that we are managing our IT customers the “wrong” way.

--And sixth, and not least, we need to focus on our human capital to ensure they have the leadership, motivation, tools, and training to perform at their peak. This helps reduce and spread the risk of human error.

Together, these six CIO tools are the keys to the kingdom when it comes to managing IT risk and we can never take risk management for granted.

6 CIO Tools for Managing IT Risk

Improving Project Management and The Total CIO

IT projects are notorious for coming in late, over cost, and not meeting the customer’s needs.

CIO.com has an excellent article on ways to improve project management in an article entitled, “When Failure is Not an Option,” by Meredith Levinson (3 July 2008).

For organizations, good project management is a critical success factor!

“Project management is the number-one success factor for getting anything done in the organization. A firm’s ability to execute its strategy lies with its ability to manage projects,” according to Sam Lawler, the director of GlassHouse Technologies’ project management practice.

Yet, for years, organizations have faulted CIOs and IT departments with failed IT projects. As recently as 2004, a study by The Standish Group found that only 29% of IT projects “were completed on time, on budget, and with all features and functions originally specified.”

Project management methodologies work when business and IT work together as a team.

There are various methodologies being employed to try to improve project’s success, such as PMBOK and ITIL. However, IT projects’ success depends on IT and business people working together to achieve results; if this partnership and collaboration doesn’t happen, then no PM framework will bring us the project success we desire. Our organization’s business people are critical to ensuring project success—they develop the business case, identify requirements/functional specifications, realign and improve business processes, and test technical solutions to ensure they meet mission and business needs.

No longer is it about tossing the proverbial hot potato to IT and then pointing fingers and assigning blame when something doesn’t work right. Instead, the business and IT people are on the same team, sharing accountability, and working toward the success of the project and the enterprise.

Performance measurement is a must:

Improved project management needs to be accompanied by measurement of project success and reporting on these to executive management. We can’t manage what we don’t measure. And we need transparency to senior management to ensure that everyone—business and IT—have “skin in the game.”

Further, there are trade-offs in project management between cost, schedule, and scope/performance. Changing one affects the others, so we need to manage projects harmoniously in this triad. If for example, a project is delayed or costs more, but delivers on added functionality requested by the business, then the project can still be a success. At the end of the project, success is defined by the business!

Improving Project Management and The Total CIO