Strategic management in the IT department
Alexander N. Biryukov
Associate Professor, Department of Business Informatics Financial University under the Government of the Russian Federation Address: 49, Leningradskiy Prospect, Moscow, 125993, Russian Federation E-mail: [email protected]
Abstract
This paper describes a new approach to strategic management in IT departments as compared with the existing approach, traditionally based on the development of an IT strategy aligned with the enterprise's business strategy. The proposed method assumes gaining greater trust from the business to be the principal goal of an IT department. Meanwhile, all the other goals are treated as implications of the trust, because none of them can be achieved if the IT department is not considered a trusted partner by the business management. Trust in the IT department is an aggregate of individual trust exhibited by its customers, some of which are interrelated and mutually affect their opinions. To obtain maximal personal trust, the IT department should apply an individual approach to each of its customers. In terms of IT Service Management (ITSM), this means that an individual Service Level Agreement (SLA) should be designed and used with respect to each customer. As a result, the IT Department will be able to gain the maximal integral trust. The IT Department can benefit from the acquired trust for different purposes. For example, the IT Department can use the increasing customer trust to justify modifications of SLA conditions so as to reduce IT costs without affecting the customer. Another way is using the integral trust to guarantee support of the corporate management when the IT Department starts some innovative undertaking in its own field. In the conclusion, it is shown that the problem of maximizing integral trust is not easier than the well-known knapsack problem.
Key words: IT department, IT strategy, business strategy, trust, Service Level Agreement (SLA), knapsack problem.
Citation: Biryukov A.N. (2017) Strategic management in the IT department. Business Informatics, no. 2 (40), pp. 17-24. DOI: 10.17323/1998-0663.2017.2.17.24.
Introduction
The traditional approach to the strategic management of the organization's IT department is based on the concept of an IT strategy aligned with the business strategy of the enterprise. This concept forms the basis of the most known IT management methodologies and frameworks [1, 3] and standards describing the best IT management practices (for example, [2]). A detailed comparative analysis of various implementations of this concept can be found in [4].
Being highly consistent and reasonable this approach is not widely used (at least in Russia), although the majority of practitioners agree with its basic ideas. This contradiction is sometimes explained by immaturity of the Russian IT management practice, low qualifications
of CIOs and business management, and many other human-specific reasons. However, the actual reason appears to be much deeper and is impersonal by its nature.
The very concept of IT strategy is based on the following assumptions [1]:
♦ all enterprises must have a business strategy;
♦ structural units of the enterprise (such as the IT department) must have their own strategies resulting from the business strategy of the enterprise.
It is worth noticing that both of the above statements are only theoretical hypotheses that have no precise justification. This article does not discuss the causes for these hypotheses to occur and survive (those who are interested can refer to [5], for example), but describes an alternative approach to practical strategic
IT management that does not require the existence of business and IT strategies. This approach conceptualises the common practices of strategic IT management successfully used by many Russian enterprises and organizations, not only in the small and medium business segment.
1. Trust-based interaction of the IT department and the business
The modern look on the IT department as a cost center leads to the fact that the only set of measures proposed for the evaluation of its activities is that describing the costs. Therefore, IT cost savings become the only universal goal of the IT management. In this connection, two problems turn up. Firstly, the decision on large-scale IT investments and costs is often made by the top management, while the opinion of the IT department is not taken into account. The situation with the implementation of a corporate ERP solution can be used as an example. The IT department is essentially has no choice and is forced to take responsibility for future work within the IT budget which is not completed by the time. Secondly, even during stable periods focus on continual cost reduction interferes with the development of the IT department. In particular, it puts the IT department in an unfavorable position as compared with other participants of the labor market, leads to a loss of qualified personnel, unnecessary investment savings in staff development. Thirdly, local savings in the technical area do not always lead to global savings within the IT infrastructure of the entire organization.
A universal solution to these problems is to develop an IT strategy which is aligned with the business strategy so that a balance is reached between IT benefits and costs that would completely satisfy business customers of IT services. Unfortunately, even when the business strategy does exist (which is not always the case), this is very specific case that one can manage to assess the benefits of these or those IT solutions for the business as a whole. Therefore, the purpose of the IT department in the IT strategy is normally considered to reduce the costs, while responsibility for assessing the benefits of using IT and, consequently, determining the acceptable level of these costs is accepted by business management having no intimate knowledge in this area.
There are other problems associated with the idea of IT strategy. Among these are specifically:
♦ nonexistence of a straightforward method for synchronizing business and IT strategies (for example, [3] proposes to build IT goals, assuming their achievement
will contribute to the achievement of business goals, although it is clear that this is not a solution, but simply another formulation of the problem);
♦ the complexity of synchronizing changes in both strategies, which requires a very sophisticated practice of organizational change management to exist;
♦ a complicated mechanism of assessing the impact of changes in the IT on business results and vice versa.
Finally, the business strategy like any corporate decision always represents a complicated compromise of interests and influences of the top managers of the organization. This means that any serious IT decision that can affect the approved business strategy (for example, unplanned additional costs required to solve a serious IT problem encountered) are less possible to have been approved for purely technical reasons due to lots of negotiations and communications which have to be made, new budget decisions which may appear to be necessary, etc. Normally, top managers simply have no time for this, and the budgetary policy does not always allow for prompt changes to the budget. Therefore, such decisions are taken as appropriate without changing the strategies, which devalues these strategies making them formal documents no more reflecting the current reality.
This important conclusion of the above is that to make the process of negotiating and coordinating the strategy changes fast and efficient, the IT department must have a high credit of trust from the business. With a high level of trust, the IT department is delegated with all decision-making rights in this area. As a result, the IT strategy becomes an internal and non-public document which only concerns IT-department and doesn't restrict it anyhow. This dramatically simplifies the corporate decision-making process in the IT area. Thus, not following the language of the formal document, but a constant drive to boost business trust is the essence of the IT department strategy.
It is possible to draw (of course, a very superficial) an analogy between the trust earned by the IT department and the profit of an IT company working on the external market. Trust, like the profit, can be invested in growth, lost as a result of an incorrect risk assessment, or increased by abandoning external borrowings. The latter may be interpreted as the commitment of the IT-department to do work with not enough or obviously insufficient resources.
A general definition of trust is unlikely to exist. Much depends on the policies and traditions of a particular enterprise and personal attributes of the people. Neverthe-
less, it is possible to define some common symptoms of trust. Some people say that the level of trust earned by the IT department increases if:
& the actions of the IT department can be predicted and understood by its customers (both in the positive and negative aspects);
the IT department makes every effort to solve the customer's problems;
the IT department is always ready to help the customer, even at its own expense, i.e. by performing unanticipated work;
the quality of work of performed by the IT department is at an acceptable (though not necessarily the highest possible) level.
As a consequence, the process of interaction between the customers and the IT department is simplifying (in particular, customers may no more require documentary evidence of the works performed by the IT department), decision-making in the IT area is accelerating (for example, by simplifying the document management), the IT department's susceptibility to innovations is increasing, etc.
The most common factor of the level of trust earned by the IT department may be the level of commercial risk resulting from the amount of responsibility in the IT management area delegated from business management. For example, the risk of unreasonable costs (including corruption costs) arises on developing the list of external contractors of a complicated IT project or IT program. The risk of loss in income arises from the use of highly innovative IT solutions in the organization products and services. In both cases not only the IT department but also the business is interested in building trust in the IT department.
It is significant that trust is not just limited to trust in the qualifications or knowledge of the IT department, but in all its characteristics affecting the business risk.
The exact equivalent of trust for the IT company does not exist, although in some aspects trust is similar to the market reputation or the company brand. The important part of the corporate IT policy is to determine what trust in the IT department depends on.
2. The IT department and its customers
The most common approach considers the enterprise as a whole or "business" to be the counterpart of the IT department. With respect to trust, this level of generality is not very productive. Of course, trust in the IT depart-
ment is composed of the trust of individual employees of the enterprise, but no process of averaging such trust exists in reality, as there is no document which would define this average trust. Even if there is a business strategy which is an agreed document, it normally has nothing to do with trust in the IT department.
The common point of view on the IT department's activity is that it is a provider of IT services for the enterprise. This very productive point of view was first explicitly formulated in the early publications of the IT Infrastructure Library (ITIL) [1] and evolved further for example, in standard [6] and procedure IT4IT proposed by the Open Group (www.opengroup .org / IT4IT).
However, neither ITIL nor IT4IT provides answers to a number of questions concerning the activities of the IT department, for example:
♦ Who are the customers of the IT department?
♦ Are all customers equally important for the IT department?
♦ How is the IT department and customer interaction implemented?
♦ Who are the competitors of the IT department?
Therefore, it's necessary to define more precisely how do the IT-services look like. Normally, only the most general answer is given to this question (for example, in [1]), that does not imply any practical consequences as for the trust resulting from the activities related to services. It appears to be useful to look at the types of customers and sets of services provided to them by the IT-department. Table 1 shows the principal types of customers of the IT department and the services provided to them.
Table 1.
Customers and services of an IT department
Customer groups Services
Participants of business processes (users of information systems) Facilitating the working conditions, automating routine operations
Business processes owners (middle management) Increasing the efficiency (and also reliability, fault tolerance, flexibility, etc.) of business processes
Top management Optimizing corporate IT costs, defining automation goals, managing corporate data, providing consulting services
Investors and business owners Protecting IT investments, reducing IT risks, performing IT industry expertise
We have to emphasize that ordinary users of information systems, are classified as customers, although they obviously do not "pay for" IT department services. However, from the point of view of trust, the role of users is very high: it is the most numerous category of customers of the IT department services, which deals with it almost permanently, and largely affect a corporate perception of how the IT department works. For the enterprise owners Table 2 shows only one option for their interaction with the IT department. In practice, this interaction is much more complicated, since much depends on the ownership structure and the objectives of investors. Therefore the set of services listed in the table should be considered only as an example.
Below are some examples of services for different categories of customers:
4- facilitation of working conditions (for the users):
• perform input data checks thus preventing of input errors;
• effecively assist in case of difficulties in information systems handling;
• accurately determinate the responsibility of each business process participant in any situation and conflict resolution among the participants;
• provide comfortable psychological working conditions, including, for example, mitigation of the impact of the mistakes on the work results of other participants;
4- increase the efficiency of business processes (for their owners):
• enhance business process characteristics without placing an additional responsibility on their owners;
• ensure a permanent participation in execution of the business processes throughout their life cycles, including the development and reengineering of the processes; constant responsibility for functionality of the process automation tools;
• provide a strict division of responsibility for the results of the work of business processes between their owners and the IT department;
• provide a mutually comfortable level of interaction of the IT department with the business-process owners;
♦ cost saving, corporate data management, consultation services (for top management):
• provide consultations and expert services associated with consideration of feasibility and expediency of automation of any given business processes;
• perform master data management;
• ensure IT cost optimization;
• participate in the development of IT budget;
• increase the level of management qualifications in the IT area.
4- IT investment protection, industry expertise (for investors and owners):
• select and use, if possible, well-proven IT solutions and reliable suppliers of solutions and services;
• provide expert opinions on IT solutions dominating the market, their reliability, associated risks, etc., providing information on new trends in the IT area and their prospects at the enterprises;
• inform about IT-related threats and capabilities of the external environment.
We emphasize the fundamental difference between the IT department and an IT company operating in the common market: the IT department is not allowed to choose its customers; it cannot abandon the existing customer or service demand from a new customer. On the other hand, the customer cannot apply for IT services to anyone except the IT department.
The above examples do not provide a comprehensive look at the services of an IT department, but demonstrate some important points for the rest of the paper. Firstly, the services provided to different groups of customers differ significantly and virtually do not overlap. At the same time, customer satisfaction with services depends not only on services rendered directly to them, but also on services rendered to their subordinate employees. Thus, the business process owner cannot ignore the opinion of his employees when assessing the service quality to improve the effectiveness of this business process. Secondly, the reality is that services do not compensate for each other. For example, there are known cases when the owner simply ignores the opinion of the IT department when choosing a corporate IT solution, notwithstanding the fact that all owners of business processes and top management are completely satisfied with the services rendered to them. On the other hand, there are examples of IT departments that are in good standing with top management and ignore the requests of some business process owners. Thirdly, not all services are available in the IT department portfolio. This depends not only on historical reasons, but also on the sourcing strategy adopted in the IT department.
The value chain of the IT department can be outlined as shown in Figure 1.
IT strategic management System life cycle management Quality management
Subcontracting and outsourcing management Project management Human resource management Financial management
Marketing Purchase of software, Development, Providing Monitoring
and sale hardware and design and services and service
of services services of external deployment of improvement
suppliers services
Fig. 1. Value chain of the IT department
The lower part of the chain depicts basic processes, and the upper part depicts secondary processes. The human resource management and financial management processes are the same as the appropriate enterprise processes. The basic processes are to a greater extent specific for each IT department. The secondary processes, vice versa, are rather multipurpose: a large variety of process models reflecting the best management practices exists for them.
The trust of one customer is not automatically converted into the trust of another, although the trust of both can definitely interact. Thus, the trust of the management approving the IT budget minimization by the IT department may result in mistrust of the IS users facing an increase of the service time and apparent disregard for their interests. There is also a reverse effect: distrust of subordinate employees of a particular business process owner may undermine their loyalty to the IT department and the owner himself; the owner's distrust will influence the trust of the management, etc.
We should also mention the format of the relationship between the IT department and the customers. ITIL version 2011 [1] does not insist on a rigid contract form of the Service Level Agreement (SLA) for managing the IT department's relationship with customers. ITIL also notes that the formal monitoring of the service level does not always allow us to estimate the perception of the service by the customer, who can demonstrate positive attitude in spite of low level of service or, conversely, a negative attitude even though the target levels of the service have been formally achieved. Thus, the meaning of SLA is more likely to achieve closer and more stable (and therefore, more trust-based) relations between the IT department and its customers, as compared to the description of formal service quality criteria.
From the point of view of the SLA format, an agreement on strategic partnership with the customer seems to be the most appropriate one. For each customer of the IT department, such an agreement will be its own, and the customer's trust will be determined not only (and not so much) by the service level, but by the confidence that the IT department has done its utmost to provide the highest-quality service.
The result of the strategic partnership is generally not to gain benefit from the market exchange between the partners, but to gain the benefits from the third party, in this case, the business customers. It is partnership relations where trust plays a key role being the most important factor the relationships depend on.
3. A trust management model for the IT department
Based on the assumption that the main goal of the IT department is to build trust, it is possible to build a strategic map of R. Kaplan and D. Norton for it, which includes a perspective of trust. The important point is that the perspective of trust merges two classical perspectives, namely, the results-based (financial) perspective and the perspective associated with customer satisfaction. Here it is necessary to emphasize that the perspective of trust is not identical to the perspective of customer satisfaction. There can be cases when the customer is not satisfied with the service, but trusts the IT department, believing that in the present conditions the department has done its best. Conversely, the customer can be completely satisfied with the service, but sure that it is not the merit of the IT department, since the service was provided by an external supplier.
The building of trust should be accompanied by a transition SLA to a new format which extends the IT depart-
Table 2.
Strategic map of an IT department
Perspectives Customer groups
Participants of processes Owners of processes Management Owners
Trust Agreement with a participant (group of participants), implying an increase in trust Agreements with the owners, implying an increase in trust Agreement with the management, implying an increase in trust Agreement with the owner, implying an increase in trust
Internal processes The objectives in terms of providing services to process participants The objectives in terms of providing services to process owners The objectives in terms of providing services to the management The objectives in terms of providing services to the owners
Development The objectives that characterize the development of services for process participants The objectives that characterize the development of services for process owners The objectives that characterize the development of services for the management The objectives that characterize the development of services for the owners
ment's authority in providing services to the customer. For example, a new SLA may allow the IT department to modify a service without a preliminary consulting with the customer, or assign a high priority to certain internal IT department projects while reducing it for customer services.
Which SLA parameters are the most desirable to be changed for the IT department at the moment depends on a variety of reasons. As an example, below we consider the parameters that enable the IT department, to save resources when providing service to a customer due to the increased trust (here, the resources are considered to be IT personnel labor costs expressed in man-hours). Other parameters or combinations of such parameters may also be of interest. This particular case demonstrates only one of a variety of aspects of strategic IT department management.
It is obvious that not all customers are equally important for the IT department in terms of their contribution to the overall trust in it. For example, the trust of the manager is more important than the trust of an ordinary participant of the business process. Therefore, a weight can be assigned to every customer to enforce his trust when calculating the overall trust gained by the IT department.
Therefore, the IT department should set up and solve a complicated optimization problem of maximizing the overall trust of all customers provided it has a limited amount of IT resources. The aim of the IT department in this situation is to optimize the resource management. Having realized the overall trust the IT department may releases resources for its further activities. Here are some examples of such situations:
mutual abandonment of the development of formal system specifications for some customers will result in savings of business analyst resources which can be used in other projects. Here, a amount of work necessary to develop the technical specification serves as an important parameter of the agreement;
mutual abandonment of a formal tender documentation agreed upon with the IT department customer demonstrates trust in the IT department as an impartial trading authority. An important parameter here is the amount of work for preparing and coordinating the tender documentation;
mutual abandonment of a part of project documentation (for example, detailed work breakdown structures, detailed project schedules, etc.) allowing the savings of resources involved in the project management processes. An important parameter is the amount of work on project management.
This informal approach to trust management is refined and formalized below. As a result, a trust management model for the IT department is built. The model is designed under the following assumptions:
♦ the IT department has got N customers;
♦ each customer is assigned the weight p., /=1,2,..., N, reflecting the customer's contribution to the overall level of trust in the IT department;
♦ the j-th customer has got a finite number V. of possible options of service level agreement (SLA) sa, sa, ..., (each option covers all services provided to this customer).
♦ only one Service Level Agreement can be made with each customer. The selection of the agreement option is
defined by variable x..e {0, 1} (x.. = 1, if j-th agreement option is applied to /-th customer, otherwise x = 0);
♦ various agreement options provide for various scopes of using resources by the IT department rn, ra,..., fy (with the current trust level);
♦ various agreement options vary in the degree of their impact on the level of trust in the IT department on the part of this customer: the more resources the IT department spends on this customer, the more prerequisites exist in the future to increase the level of trust;
♦ all resources of the IT department used for providing services to the customers are considered to be interchangeable. The total amount of resources is limited by the value R.
In this case, the task of optimizing the distribution of IT department resources among its customers in order to increase the overall level of trust in the IT department is similar to the well-known knapsack problem and is as follows:
N V, /=1 j=1
V,
^X=l,/ = 1,2,
j=i
i v v, /=1 ]= 1
Once again, we note that in this problem the amount of resources needed to implement any service level agreement is determined for the current level of trust in the IT department. In the long term, with the trust being built, these costs may decrease (and vice versa, if the trust level is reduced, the costs increase).
There are cases when an important parameter of the agreement with the customer is not the amount of work or other numerical parameter, but some qualitative characteristic. For example, let us have an SLA
providing for a passive participation of the IT department in a discussion on business plans and tasks. The organization management can offer the IT department to provide, by a certain period of time, its own detailed justifications and recommendations regarding the timing and ways of automating certain business processes, as well as choosing the processes themselves. Such an agreement demonstrates higher trust in the IT department and also requires more resources to provide the service. In this and similar cases, it is possible to evaluate, for example, an increase of the IT budget if the IT department proposals are accepted, growth of the number of IT employees, increased influence of the IT department in interaction with other customers, etc.
It is hardly possible to accurately define a general set of capabilities associated with increasing trust in the IT department, and methods for their numerical evaluation. The above model of trust management can be useful, since it demonstrates that the problem can be effectively solved in many practical cases.
Conclusion
This article proposes a new approach to strategic management in the IT department, based not on the commonly recognized alignment between the business and IT strategy, but on the use of the trust concept as a universal target for the IT department. The trust is considered to be tightly closed with a level of risk for the organization arising from the delegation of the additional authority to the IT department. The principal conclusion is that both the IT department and the business as a whole are interested in increasing the trust in the IT department. The above formal model of trust management enables IT department to optimize the distribution of its resources among its customers in order to increase the common trust in the IT department. ■
References
1. The Stationary Office (2011) ITIL V3 - Service Strategy, 2011 edition. Best Management Practice. London, 2011.
2. ISO/IEC (2008) Corporate governance of information technology. International standard ISO/IEC 38500:2008.
3. ISACA ( 2012) COBIT 5. A business framework for the governance and management of enterprise IT. Rolling Meadows, IL: ISACA.
4. Zelenkov Yu.A. (2013) Iskusstvo bega po grablyam. Strategicheskoe upravlenie IT v usloviyakh neopredelennosti [Art of rake running. IT strategic management in the conditions of uncertainty]. Moscow: CROC (in Russian).
5. Rozin M. (2011) Uspekh bezstrategii [Success without strategy]. Moscow: Alpina Publisher (in Russian).
6. Standardinform (2014) GOSTR ISO/IEC 20000-1-2013. Informatsionnaya tekhnologiya. Upravlenie uslugami. Chast' 1. Trebovaniya k sisteme upravleniya uslugami [ISO/IEC 20000-1-2013. Information technology. Service management. Part 1. Service management system requirements]. Moscow: Standardinform (in Russian).
ИНФОРМАЦИОННЫЕ СИСТЕМЫ И ТЕХНОЛОГИИ В БИЗНЕСЕ
Стратегическое управление ИТ-службой
А.Н. Бирюков
кандидат физико-математических наук, доцент кафедры бизнес-информатики Финансовый университет при Правительстве РФ Адрес: 125993, г. Москва, Ленинградский пр-т, д. 49 E-mail: [email protected]
Аннотация
В статье описывается новый подход к стратегическому управлению ИТ-службой организации, в сравнении с существующим подходом, который обычно основывается на разработке ИТ-стратегии, соответствующей бизнес-стратегии организации. В предложенном методе единственной принципиальной целью ИТ-службы считается достижение высокого уровня доверия к ней со стороны бизнеса. При этом остальные цели являются производными этого доверия, поскольку ни одна из них не будет достигнута, если бизнес-руководство не относится к ИТ-службе как к надежному партнеру. Доверие к ИТ-службе представляет собой комбинацию доверия со стороны отдельных клиентов, взаимосвязанных и влияющих на мнения друг друга. Для того, чтобы максимизировать доверие со стороны отдельных клиентов, ИТ-служба должна придерживаться индивидуального подхода к каждому из них. С точки зрения управления ИТ-услугами (IT Service Management, ITSM) это означает, что нужно разрабатывать и использовать индивидуальные соглашения об уровне услуг (Service Level Agreement, SLA) с каждым клиентом. В результате будет обеспечено высокое суммарное доверие к ИТ-службе. Доверие можно использовать для разных целей. Например, ИТ-служба может использовать возросшее доверие клиента для модификации условий SLA с этим клиентом, чтобы снизить собственные издержки, не затрагивая интересов клиента. Другой вариант — использование суммарного доверия для обеспечения поддержки менеджментом организации инновационных работ в области ИТ. В заключение показано, что задача максимизации общего доверия не проще, чем хорошо известная задач о рюкзаке.
Ключевые слова: ИТ-служба, ИТ-стратегия, бизнес-стратегия, доверие, соглашение об уровне услуг, задача о рюкзаке.
Цитирование: Biryukov A.N. Strategic management in the IT department // Business Informatics. 2017. No. 2 (40). P. 17-24. DOI: 10.17323/1998-0663.2017.2.17.24.
Литература
1. ITIL V3 — Service Strategy, 2011 edition // Best Management Practice. London: The Stationary Office, 2011.
2. Corporate governance of information technology. International standard ISO/IEC 38500:2008. ISO/IEC, 2008.
3. COBIT 5. A business framework for the governance and management of enterprise IT. Rolling Meadows, IL: ISACA, 2012.
4. Зеленков Ю.А. Искусство бега по граблям. Стратегическое управление ИТ в условиях неопределенности. М.: КРОК, 2013.
5. Розин М. Успех без стратегии. М.: Альпина Паблишер, 2011.
6. ГОСТ Р ИСО/МЭК 20000-1-2013. Информационная технология. Управление услугами. Часть 1. Требования к системе управления услугами. М.: Стандартинформ, 2014.
БИЗНЕС-ИНФОРМАТИКА № 2(40) - 2017