You are here
Business & IT-Alignment: Game on!
ISACA and itSMF Belgium once again organized a joint event. Using a business simulation game to explore how frameworks and approaches such as COBIT 5.0,BRM and ITIL® can be used to enable Business and IT alignment. At the end of the session delegates captured some key insights and concrete takeaways. More about these at the end of this article.
Business & IT alignment is still a hot topic, scoring highly in global trend surveys, an article in Information week ‘CIO Worries: Security, Talent and (Sadly) Alignment’ reviewed trend findings from the Society for Information management . Number 3 in the list of CIO priorities was “Aligning” IT and the business!!! A more recent analysis ‘Key European IT Management Trends 2015’ placed ‘Business & IT Alignment’ at the number 1 position of ‘Most important IT Management concerns’. This report went on to add that‘Governance/Relationship with the business’ represent a significant change that needs to occur. These articles placed the emphasis on the need for IT to change.
However, it isn’t all IT. A recent ISACA study (Benchmarking and Business value assessment of COBIT 5) reveals ‘More business involvement in the Governance of Enterprise IT (GEIT) is required’ and highlighted a low maturity score on benefits realization’.
The cartoon below sums up the situation. This is a top scoring card taken from our Attitude, behavior, Culture (ABC) global workshops with literally thousands of organizations. Business & IT need a marriage guidance counsellor to help them repair their relationship.
Who needs to take the initiative? How can IT convince the business to take its role in Governing IT seriously? How can Business and IT make effective decisions on governing IT? How can the Business ensure that IT becomes a value added partner?
In this interactive session we used the business simulation game ‘Grab@Pizza’ to explore these questions, showing how the role of BRM can facilitate the dialogue and help align Business & IT, and align the Governance of Enterprise IT (GEIT) and IT Service management. BRM (Business Relationship Management) is a fast growing capability and trend in IT. COBIT is an ideal instrument for the BRM function to facilitate the business & IT dialogue and enable effective decision making to realize benefits, optimize resources and risks. ITIL is a framework that can help ensure the ‘What’ and ‘Why’ decisions can be translated into the ‘How’.
Governance of Enterprise IT
“Firms with superior IT governance
have at least 20% higher profits…than
firms with poor governance given
the same strategic objectives.”
Jurgen suggested a call for action based upon the ISACA research findings:
- More business involvement in GEIT required
- More board level GEIT required
- Need more focus on Agility
Christian Tijsmans representing itSMF Belgium explained the relationship between COBIT, BRM and ITIL and facilitated the simulation game together withPaul Wilkinson fromGamingWorks and Eppo Luppes from KPN Consulting.
What is the governance of enterprise IT all about? The diagram below explains it in COBIT terms (Copyright ISACA). Governance is about Value creation which is a combination of Benefits realization whilst at the same time optimizing your (corporate) resources and optimizing your risk.
The sheet below shows how ISACA, BRMI and itSMF are complimentary in helping to align business and IT. The sheet shows similarities between the practices: COBIT, BRM and ITIL all focusing on value and risk or value leakage.
Grab@Pizza – A Business & Alignment simulation
Grab@Pizza is a very successful company selling millions of Pizza’s every year. But after 6 months in the current year, the sales figures are far below expectations. IT is posing a significant business risk due to downtime and the inability of IT to respond to changing business needs (Risk Optimization). The CEO urged the Business Manager to make a challenging recovery plan. This plan is based on a 6 month strategy to bring the sales and profit back on target (Benefit realization). Existing IT capabilities are poor, resources are tied up in ‘Keeping the lights on’ rather than supporting and enabling new innovations. The IT department must ensure the appropriate capabilities are in place to execute the strategic plan and sufficient, appropriate and effective resources are provided to ensure both benefits realization and risk mitigation ( Resource optimization).
Two teams played the Grab@Pizza organization. Each team had 4 groups of observers who would act as COBIT assessors (and advisors). During the game round the observers would assess the teams’ capabilities and observe the impact on benefits realization. During the de-brief of the game theobservers would give advice on how the team can improve their capabilities.
The observer groups focused on the following 4 areas, representing governance, strategic, tactical and operational aspects. These 4 areas were chosen because of time constraints and because we wanted the delegates to get a taste of the breadth and depth of COBIT:
At the start of the simulation the IT organization created a ‘Huddle’ to discuss what IT needed to do….without engaging with the business. The Business managers in the simulation threw demands ‘over the wall’ telling IT what they wanted and telling them to get on with it! Without agreeing on reporting needs, or checks or controls to manage the strategy realization. The business adopted an attitude of managing by HOPING. The IT organizations in both simulation games made little investment into BRM capabilities and were unable to help harvest and shape the business demands, hereby creating a constraint at the demand shaping capability. (Causing delays and lost business opportunities).
There was a pile of changes at the change management desk, with little insight as to where they all came from and how they would contribute to benefits realization or risk reduction.
The business was not represented in a CAB (Change Advisory Board), in one team there was no CAB. The decision making seemed to be who shouts the loudest! In one team the IT director took the decision to maximize change ‘flow’ realizing 3 ‘Agile (in the game quick and dirty) changes which resulted in $20 million lost revenue and a massive workload on IT support who were unaware of these upstream decisions. Change management represented a second constraint to flow in the organization. Changes piled up and because of ineffective ‘resource optimization’ value leakage occurred. The wrong changes were planned (causing additional downtime, lost revenue and delayed business opportunities).
Manage incidents and Problems
A third constraint to the flow of work and value creation occurred at IT support. The business knew the impact of outages and disruptions in terms of lost revenue but did not share this with IT, nor did they request an IT strategy for reducing business disruptions (Value leakage), at the same time BRM did not ensure that IT support was aware of business impact. IT support was not aware of the changes in the pipeline (new business functionality), nor which changes were executed. They had insufficient resources and inappropriate skills. They could not handle the amount of work, nor prioritize theWork in Progress in relation the business value. In one team $5 Million was lost due to downtime, in the second team $6.5 million. Representing significant ‘value leakage’.
A critical capability for managing risks and reducing the ‘flow’ of work to the Incident team is Problem management. Neither team invested in developing the capabilities to identify and reduce the causes of outages. Problem management was unable to make a ‘business case’ for getting changes onto the change calendar. Business changes went first! Yet there were significant risks and lost revenue (value Leakage) because of downtime which could have been avoided.
The BRM role in the game served as an ‘Order taker’ – translating business demands into required changes to fulfill the order – but not looking further to embed the new service into operational capabilities.
The BRM role did not take a leading position in helping IT and the Business to develop an appropriate relationship and level of maturity.
The CEO was not happy: Benefits were not realized and inappropriate controls were in place to protect against risks and minimize the impact of downtime. The CEO in the game, played by the game leader, deliberately did not take ownership for Governance. This was to see which role(s) in the simulation would initiate the need for boardroom ownership of Governance. In one team the Business team suggested a strategic committee (Business, CEI, CIO) to balance decisions (Direct). However when the CEO attended the meeting there was insufficient information to enable effective monitoring or evaluation to make the right decisions.
At the end of the game round neither team has realized the potential or desired Value.
One team had realized the revenue generating initiative but had lost significant value through downtime and leakage (as well as lack of training in the new business functionality to exploit the solution). The second team did not realize the innovation and lost more than $25 million dollars.
Discoveries and takeaways
One of the key COBIT enablers is ‘People, skills and competences’ which was seen as a ’very important enabler’ in the ISACA benchmarking study. One of the goals of this session was to give people new insights and actionable information to take away and apply as new behavior.
We asked people for their personal take-away actions. What did you recognize from this experience as issues in YOUR organization? What have you discovered, or reconfirmed, that YOU will now take-away and do differently?
- Make sure information about business priority and impact is made available to operations, in a timely way to enable them to plan resources, prioritize effectively and manage impact (Value Leakage).
- Ensure people know the ‘Why’, ‘What are they working for!’ – Everybody needs to be aware of ‘Value creation’, ‘Value leakage’ and how their work contributes to, or impacts this.
- I need to be harder in my decision making – balance facts, focus on value, be clear in decisions toavoid assumptions.
- Ensure we qualify risks better, linking to benefits realization, the impact to value
- To ‘Empower’ people to be able to make decisions. Empower with them with clear tasks, roles, responsibilities and enable them.
- Don’t be too nice, confront people on responsibilities, on agreements, on behavior (also this means reward and recognize desirable behavior and reinforce this).
- Ensure people have the right information – ‘What do you need to know to get your job done’ , ‘What do you need from me’
- Effective lines of communication throughout the end-to-end delivery chain – Priority, impact, decision making, and escalation mechanisms must be known.
- Ensure a good communications plan, with the right channel to the different stakeholders,
- Ensure CEO and Directors understand IT better (and the need for Governance). BRM has an important role to play in bridging the communications gap between business and IT. IT must enable the CEO to make the right investment decisions
- Ensure an effective communications process and responsibilities. Too many times information isn’t passed on, people make ‘assumptions’ resulting in wrong decisions and wrong allocation of resources and priorities.
- Ensure a common language and effective communication (Content & Channel) – language focused around Value, benefits, resources, risks
- Our BRM has to be two way. Not just an Account management role to the business, it must also help translate Business needs into the operations and ensure a business understanding at all levels.
- Gain insight into risk-appetite, help quantify risks and impact.
- Gain more insight into costs, not just development costs but all downstream costs relating to capacity, support, changes to support an ROI proposal, IT finance can help IT roles learn to justify business case.
- We need to consciously address ‘who shouts loudest gets changes done’ – we need to ensure all changes have a business case and have business agreement and sign-off.
- Ensure we avoid making ‘Assumptions’ – verify understanding and justification.
- Design touchpoints with customer experiences (strategic, tactical and operational).
- Focus on more benefits and added value throughout the complete delivery chain.
“I really recognized how I need to change my decision making and risk taking. I need to be aware of making too many assumptions and the potential downstream impact’.
“Seeing the complete end-to-end chain together in one room really shows the importance of end-to-end consistent communication and information sharing to make effective decisions”.
“This really showed the need for end-to-end processes to ensure the correct and efficient flow of information upstream and downstream to avoid wastage (rework, double work, things being left too long).
My brief summary:
It was clear from the take away’s that the majority of learning points are ‘people’ and ‘relationship’ related. What surprised me in the Bench marking results was although ‘People, Skill and competences’, ‘Information’ and ‘Process’ were seen as ‘very important’ enablers ‘Culture,ethics & behavior’ was not. This is the topic of a related blog and a call to action to ISACA to prioritize the guidance around this enabler.
Some of the key elements within the approaches that you could explore and use:
- COBIT 5.0 The goals cascade, showing how to agree and align strategic business & IT goals. The Core enablers, particularly ‘People, skills and competences’ and ‘Culture,ethics & behavior’.
- BRMI – the relationship maturity model, helping identify current maturity and mismatches between Business & IT and help create a roadmap to grow from ‘order-taker’ to ‘strategic partner’
- ITIL – The ITIL practitioner ‘Guiding principles’ which help focus on ‘Value’ , ‘Design for (User) experience’ and ‘Observe directly’ to understand business impact and priority. ITIL practitioner also explores how ITIL can align with approaches such as DEVOPS, LEAN-IT and Agile. Helping take ITIL to the next level of maturity.