Transcript TR IT Risk Assessment and Planning Tool Presentation

Val IT – Overview and Application
January 11, 2006
©©2006
Inc.Inc.
Confidential:
2004Protiviti
Protiviti
EOE This document is for your company’s internal use only and may not be distributed to any other third party.
Agenda
•
Introduction and Protiviti
•
Why Val IT?
•
Val IT Overview
•
The Val IT Framework
•
Val IT – The Business Case
•
The ING Business Case
•
Val IT – An IT Audit
•
Discussion – Use of Val IT in My Organization
•
Wrap up and Questions
|2
Introduction and Protiviti
|3
Val IT Definition
|4
Val IT: The standard framework for
organizations to select and manage ITrelated business investments and IT
assets by means of investment programs
such that they deliver the optimal value to
the organization. Based on COBIT.
|5
Why Val IT?
|6
Why Val IT?
• Executives many times do not know what return
they expect to achieve on an IT investment.
• If they do know what return they expect to
achieve, they do not know if they are achieving it.
• Research indicates that IT investment presents a
tremendous opportunity, but it is also one that is
often wasted.
|7
Why Val IT?
Top 5 complaints of business executives regarding IT1:
•
•
•
•
•
IT investments are unrelated to business strategy
Payoff from IT investments is inadequate
There’s too much “technology for technology’s sake”
Relations between IT users and IT specialists are poor
Systems designers do not consider users’ preferences
and work habits.
1
Bensaou, M. and Earl, Michael. “The Right Mindset for Managing Information Technology”. Harvard
Business Review.
|8
Why Val IT?
• A 2002 Gartner publication claimed that 20 percent of all
expenditure on IT is wasted, representing, on a global
basis, annual value destruction of US $600 billion.
• A 2004 IBM survey of Fortune 1000 CIOs reported that,
on average, 40 percent of all IT spending brought no
return to their organizations.
• A 2004 Standish report found that only 29 percent of all IT
projects succeeded, while the remainder were either
challenged or failed.
|9
Why Val IT?
“To learn how IT investment practices are changing,
we interviewed business and IT executives at 30
US and European companies… 25 of these firms
said they traditionally relied on business cases for
IT investment funding. All but three, however,
had funded at least one… without a business
case. Instead, senior management had simply
allocated funding for initiatives perceived to be
strategic priorities.”
Ross, Jeanne and Beath, Cynthia. “Beyond the Business Case: Strategic IT Investment.” Center for Information Systems
Research, MIT Sloan School of Management.
| 10
Val IT Overview
| 11
Val IT Overview
Three documents have been published by ITGI regarding “Enterprise Value: Governance
of IT Investments” (Val IT)
• The Val IT Framework
• The Business Case
• The ING Case Study
http://www.isaca.org
Initial focus of Val IT is purely on new IT-enabled investments
Future considerations
• Expand the scope to include all IT services and assets, including legacy systems and
infrastructure.
• Establish a non-commercial service offering to provide benchmarking, performance
measurement and performance attribution services.
• Enable enterprises to exchange experiences on best practices for value management
of IT-enabled business investments.
• Much more…
| 12
Val IT Overview
•
“The Val IT initiative is intended to respond to the need for organizations to
optimize the realization of value from IT investments.”
•
Whereas CobiT is a framework to assist with the delivery of high quality IT
services, Val IT is a framework that provides the “means to monitor and
optimize the realization of business value from IT investments.”
•
Val IT (what should we be doing) and CobiT (how should we do it) are
complementary - - value delivery (shareholder value).
•
“Help organizations realize optimal value from IT-enabled business
investments, at an affordable cost, with a known and acceptable level of risk.”
•
The Val IT framework is organized into three key processes:
-
Value Governance (VG)
Portfolio Management (PM)
Investment Management (IM)
| 13
Val IT Overview
Val IT Objectives
• Increasing the understanding and transparency of costs, risks and
benefits.
• Increasing the probability of selecting those investments with the
highest potential return.
• Increasing the likelihood of success of executing selected
investments such that they realize or exceed the expected return.
• Reduce costs by not doing things they should not be doing and
taking early corrective action on or terminating investments that are
not delivering to their expected potential.
• Reduce the risk of failure, especially high-impact failure.
• Reduce the surprises relative to IT cost and delivery, and in so doing
increase business value, reduce unnecessary costs and increase
the overall level of confidence in IT.
| 14
Val IT Overview
Val IT Principles
• IT-enabled investments will be managed as a portfolio of
investments.
• IT-enabled investments will include the full scope of activities that
are required to achieve business value.
• IT-enabled investments will be managed through their full economic
life cycle.
• Value delivery practices will recognize that there are different
categories of investments that will be evaluated and managed
differently.
• Value delivery practices will define and monitor key metrics and
respond quickly to any changes or deviations.
• Value delivery practices will engage all stakeholders and assign
appropriate accountability for the delivery of capabilities and the
realization of business benefits.
• Value delivery practices will be continually monitored and evaluated
| 15
Val IT Overview
Val IT and Governance
• ITGI regards value delivery as one of the five focus areas of IT
governance, alongside strategic alignment, performance
measurement, resource management, and risk management.
• A recent CISR study and a number of other related projects claim
that:
‘Effective IT Governance is the single most important predictor of the
value an organization generates from IT’ and ‘firms with focused
strategies and above average IT Governance had more than 20%
higher profits than other firms following the same strategies.’
| 16
Val IT Overview
Val IT and CobiT
• “Val IT provides a value lens into CobiT.”
• All Val IT management practices are cross-referenced to
CobiT as primary and secondary links. Usually
referenced to Planning and Organization or Monitoring
and Evaluating.
• A version of the CobiT RACI chart is also provided.
| 17
Val IT Overview
| 18
Val IT Overview
“This will require a culture of change in
many organizations.”
| 19
The Val IT Framework
| 20
The Val IT Framework
3 Val IT Processes
• Value Governance – establish a governance and control
framework, provide strategic direction, and define
investment portfolio characteristics
• Portfolio Management – align IT investments with an
organization’s strategic objectives
• Investment Management – business case development,
program management, benefits realization
| 21
The Val IT Framework
| 22
The Val IT Framework
Val IT Processes: Value Governance
Goal: to optimize value of investments by:
• Establishing a control framework
• Providing strategic direction
• Defining investment portfolio characteristics
| 23
The Val IT Framework
Val IT Processes: Value Governance - Sample Practices
• VG1 – Ensure informed and committed leadership
(strategy awareness, IT linkage)
• VG2 – Define and implement processes (planning &
budgeting, resource allocation, benefits management)
• VG4 – Ensure appropriate accountability
• VG6 – Establish reporting requirements (targets and
metrics)
• VG9 – Define investment categories (mandatory,
sustaining or continuity, or discretionary)
• VG10 – Determine a target portfolio mix
• VG11 – Define evaluation criteria (risk level, financial
and non-financial, etc.)
| 24
The Val IT Framework
Val IT Processes: Portfolio Management
Goal: align IT-enabled investments with an
organization’s strategic objectives by:
• Establishing and managing resource profiles
• Defining investment thresholds
• Evaluating, prioritizing and selecting, deferring,
or rejecting new investments
• Managing the overall portfolio
• Monitoring and reporting on portfolio
performance
| 25
The Val IT Framework
Val IT Processes: Portfolio Management – Sample
Practices
• PM1 - PM4 – Maintain HR inventory, Define
Requirements, Perform Gap Analysis, Develop a Plan
• PM6 – Establish an investment threshold (overall budget
and current spend)
• PM8 – Evaluate & assign a score to the business case
• PM9 – Create an overall portfolio view (impact
assessment of new business case)
• PM14 – Monitor & report on portfolio performance (to
senior management and the board)
| 26
The Val IT Framework
Val IT Processes: Investment Management
Goal: to ensure that individual IT-enabled investment
programs deliver optimal value, at an affordable cost,
with a known and acceptable level of risk by:
•
•
•
•
•
•
•
Identifying business requirements
Developing a clear understanding of candidate investment programs
Analyzing the alternatives
Defining the program and documenting a detailed business case, including the
benefits details
Assigning clear accountability and ownership
Managing the program through its full economic life cycle
Monitoring and reporting on program performance
There are three key components of investment
management:
•
•
•
Business case development—Supporting selection of the right investment programs
Program management—Managing execution of the program
Benefits realization—Actively managing the realization of benefits from the programs
| 27
The Val IT Framework
Val IT Processes: Investment Management –
Sample Practices
• IM2 – Develop an initial business case (benefits and
assumptions)
• IM4 – Perform alternatives analysis (other ways to
deliver the outcomes)
• IM6 – Develop a benefits realization plan (metrics and
targets)
• IM7 – Identify full life cycle costs and benefits
• IM8 – Develop a detailed program business case
• IM9 – Assign accountability and ownership
• IM12 – Manage/ track benefits
• IM14 – Monitor and report on program performance
• IM15 – Retire the program (formal approval by sponsor)
| 28
Val IT – The Business Case
| 29
Val IT - The Business Case
•
Should answer 4 questions:
– Are we doing the right things?
– Are we doing them the right way?
– Are we getting them done well?
– Are we getting the benefits?
•
The decision whether to proceed with an IT-enabled investment is first
made at the individual program level by the sponsor – makes determination
it should be assessed at the portfolio level.
•
Includes 8 steps in business case development (Fact Sheet development
through Review of Life Cycle Results
•
Some basic discussion of financial analysis (discounted cash flow analysis/
npv)
•
Example of a fact sheet, decision matrix, and overall structure of a business
case
| 30
Val IT - The Business Case
| 31
Val IT - The Business Case
| 32
The ING Business Case
| 33
The ING Business Case
• The ING Business Case suggests that ING’s success, in
part, is due to its IT practices
• Some facts about ING:
– Global financial services company in the Netherlands, in 60
countries w/ millions of customers; 15,000 IT staff.
– Annual IT spend of $2.5Bn (25% of operating expenditures, 40%
of net operating income).
– In 2005, there was profitable growth in all LOB; ROC was 18.8%
(risk adjusted).
| 34
The ING Business Case
• ING views the CIO and business owner as partners to be
the Chief Investment Officer.
• IT Dashboard Components
–
–
–
–
How much are we spending?
Is that the right amount?
Benchmarking against peers
Spend and performance measurements
• Rigid, detailed measurement of investments that balance
risk and return (NPV – Risk Analysis using CAPM)
• Incorporation of many of the Val IT principles
| 35
The ING Business Case
| 36
The ING Business Case
| 37
The ING Business Case
| 38
Val IT – An IT Audit
| 39
Val IT – An IT Audit
Scope
• Internal Audit reviewed the 2005 benefits realization process and
performed an assessment to determine whether the 2005 “direct
and measurable” benefits contained in four business cases were
realized as stated. Other “soft” benefits, such as improved
employee satisfaction, were not considered.
• Internal Audit did not review any of the costs that were incurred to
fund the achievement of benefits, nor was the overall ROI
considered.
• It was the responsibility of the initiative team to provide evidence
substantiating the benefits attained.
| 40
Val IT – An IT Audit
Example Findings
•
Implement additional, more specific requirements around the timing of
benefits achievement.
•
Require future initiative requests to develop other generally accepted
project investment metrics such as return on investment or net present
value calculations.
•
Develop a process to address initiatives that have not achieved scheduled
benefits or have incurred cost overruns.
•
Perform an annual audit of the benefits scheduled for realization that
requires initiative management to substantiate the achievement of stated
benefits. Additionally, consider initiating a more complete audit that reviews
the costs incurred to achieve benefits.
•
Develop a very clear communication that outlines the process by which the
IT Steering Committee will participate in measuring and evaluating
initiatives.
| 41
Val IT – An IT Audit
Some Challenges
• Politics
• Scope definition
• Testing
• Financial expertise
| 42
Discussion – Use of Val IT Within My
Organization
| 43
Discussion: Use of Val IT in My Organization
•• Benefits
Realization – An IT Audit
How much do you know about the IT investment management process at
your company?
•
Have you ever been invited to participate in the process?
•
Have you ever performed a review of the systems development life cycle?
If so, where does the scope begin?
•
Have you ever performed an audit of the investment management process?
•
How would IT management respond to a potential audit on the investment
management process?
•
Where does your company’s “Val IT process” fall on a capability maturity
model?
| 44
Discussion: Use of Val IT in My Organization
• Benefits Realization –
An IT Audit
Business
Strategies &
Policies
Business &
Risk
Management
Processes
People &
Organizational
Structure
Management
Reports
Methodologies
Systems &
Data
Managed
Realization of Value
Optimizing
Repeatable
Initial
Risk of Failure
Defined
| 45
Discussion: Use of Val IT in My Organization
• Benefits Realization –
An IT Audit
Business
Strategies &
Policies
Business &
Risk
Management
Processes
People &
Organizational
Structure
Management
Reports
Methodologies
Systems &
Data
Managed
Realization of Value
Optimizing
Repeatable
Initial
Risk of Failure
Defined
| 46
Discussion: Use of Val IT in My Organization
• Benefits Realization –
An IT Audit
Business
Strategies &
Policies
Business &
Risk
Management
Processes
People &
Organizational
Structure
Management
Reports
Methodologies
Systems &
Data
Realization of Value
Optimizing
Managed
Repeatable
Initial
Target Maturity Level?
Risk of Failure
Defined
| 47
Wrap up and Questions
| 48