Thursday, November 12, 2009

Raising the ROI of IT

IBM’s Institute for Business Value recently published a report titled “The New Voice of the CIO.” It is based on an exhaustive series of interviews with CIO’s across industries and around the globe. Based on insights from CIO’s the study attempts to describe what makes a CIO, and by extension, an IT organization successful (for more background on the study’s findings try this link). The chart below is the centerpiece of the study and this blog’s focus is on the concept at its center, raising the ROI of IT. IBM finds that in order to raise the ROI of IT a CIO and the IT team must be “savvy value creators” while cutting costs. One CIO quoted in the study says “the balance between new projects and cost control is the dichotomy of my life.”

Source: “The New Voice of the CIO” - IBM Institute for Business Value

Creating value combines selecting when and where to invest and when doing so, hitting sweet spots. In terms of “value” the CIO’s IBM spoke to are looking to enable superior customer experiences, help the business cope with burgeoning amounts of information, and to extract value from that data especially to understand what customers want. In the near term this includes collaborative relationships with customers, transparency, and active input from and interaction with customers.

Cutting costs involves increasing either or both efficiency and effectiveness. One CIO in IBM’s study says that companies “need to position IT to handle increased activity with minimal additional cost.” This is creating leverage from efficiency. Throughout the history of IT in business, three tools: standardization, automation and centralization have proven to be well worn tools for generating efficiency. From the original one’s and zero’s to Assembler and Cobol, from a dogs breakfast of machines and operating systems to System 360/370 and Dec VAX and the like, from various PC OS’s and word processors to MS-DOS and Word, economies of scale and standardization has provided efficiency (though some argue about the cost of lost effectiveness or economies of scope).

Standardized business processes for IT are also a key method to be efficient and effective. ITIL, COBit, CMM and similar approaches create a lexicon and a definition of what best practices are. They enable measurement, training, review a
nd audit for continuous improvement. They help limit home-grown innovation to those areas of IT management that particularly need it. But they can be overused and over applied. CMM Level 5 is almost certainly overkill as a general standard although for certain business units at certain times it may be a requirement. ITIL 3.0 won’t save you costs if your needs are pieces of 2.0, a slice of 3.0 in one or two key areas, and leaving the rest alone. Targeting the scope and sophistication of an applied standard says much about efficiency and effectiveness.

Here is, admittedly, a moderately academic question. Why must it be so that raising the ROI of IT requires both value creation and cost cutting at the same time? Can’t one keep efficiency constant in return for continuous value creation? For a short time, perhaps, but long term the math won’t let you.

Working on Step 2

The reason why enhancing the ROI of IT mandates both value creation and cost cutting is that each new item of value buil
t today requires both operations and support resources and maintenance and enhancement resources for the useful life of the system, application or feature that’s been built.

There are in today’s world myriad options for how systems are developed, the environments in which they are run and the methods used to keep the systems current and to enhance or adjust them for changing business opportunities. Because of this “your mileage may vary” but the dynamic of needing to reduce the cost of owning systems in order to create budget to develop new ones won’t. Left unchanged in efficiency and effectiveness and IT budget is starved of funds for innovation.

If you change the efficiency by which you maintain and enhance systems
over time you can have significant impact on IT spending over time. The traditional assumption is that for every 5 person team building a system one person must be allocated to maintain that system over time. In other words, each Development dollar, on average, results in 20 cents of Maintenance and Enhancement (M+E) dollars. D --> M+E = 20%.

Some organizations claim 15% or lower impact. On the other hand, Bart Perkins of Leverage Partners points out that if you buy a package that is a mis-fit in function or scale the M+E load can be significant. He cites a company with a small IT team and a small IT budget that implemented PeopleSoft when a more middle-market solution may have been advisable. The result is a 40% D --> M+E ratio for that firm. Similarly a large company could buy a middle-market solution and enhance it themselves, when they should have bought PeopleSoft or its equivalent, with a like result. Fit is important.

In the initial versions of this analysis when “IT Operations” meant data centers, the ratio of Development dollars to Production dollars was one half. D --> P = 50%. Anyone who has priced out the cost of a secure data center knows that prices can be all over the map.

In one situation I observed a customer in the financial services market had such stringent requirements for back-up, recovery, fail-over and the like that the projected cost of operations for a major new system doubled over the configuration normally seen by its vendor. Policies have an impact. In another example, one client’s charge-back policies were not regularly modified leading them to under-charge for services that required relatively high manual activities and to over-charge for once leading-edge technologies that were now highly reliable and required little IT Operations personnel to operate. Their costs for like applications portfolios were double their peers’.

If you assume $1,000 spend on development each year and D --> M + E ratios and D --> P ratios of 20%, 30% and 40% in subsequent years you get quite a spread. The development spending is the same but the total IT spend over the term is 20% higher or lower based on lower or higher efficiency by which systems are operated, maintained or enhanced.

If you project into the endless future, especially with moderate to low efficiency assumptions, the IT spend quickly outpaces any prediction you may have for increases in overall company revenue. “Straight line” a model like this and soon all spending is IT spending and that’s a problem. Relying on Moore’s Law to reduce the cost of technology is not enough. This is why IBM found what they found. Unless the IT organization constantly pays attention to efficiencies their budget will be consumed by Maintenance and Operations. Development requests will go un-served and IT management will soon be replaced by people who can get something done.

As the man said, “the balance between new projects and cost control is the dichotomy of my life.”

1 comment:

  1. IT processes such as maintaining applications are like anything else an organization undertakes; if you're not pursuing continuous improvement, it will soon cost more than it needs to and ultimately more than you can afford in a competitive world. But HOW this efficiency in maintenance is improved is critical. Quick and dirty approaches will look good on current timesheet records but will exact a stiff price down the road and the likelihood is that maintenance will become ever more slow and dirty since nobody will want to bite the bullet and fund cleanup.

    Pressuring people to reduce time spent on maintenance needs an accompanying effort to ensure the quality of the work they do, especially in an application's earliest years. Otherwise the costs just get pushed downstream. It's like the mechanic's tag line in the old ads for Fram (?) oil filters—"pay me now or pay me later".

    On the operations side, spending on security and fail-safe availability should be subject to hard-nosed risk assessment. Obviously it's stupid to build an ironclad 24/7 configuration that's not mission-critical or sensitive, but it's also not very smart to cut corners when it is. Just ask anyone about the cost of, say, a service outage a data security breach that hits the press, not just to clean up after it but in the loss of customers' and suppliers' confidence.