Managing and Using Information Systems: A Strategic Approach

 Create a Wiki based on Chapter 8 or 9 using only peer-reviewed research papers.  You must also make a substantive comment to another student to receive credit.

Managing and Using Information Systems: A Strategic Approach – Sixth Edition

Keri Pearlson, Carol Saunders, and Dennis Galletta

© Copyright 2016 John Wiley & Sons, Inc.

Chapter 8 The Business of IT

The Horner/Alcoa Story

• High-performing tech worker—almost dismissed as CIO

• What were the issues? • What did they expect from him? • What did he deliver at first? • What change did he make to become more

valuable to Alcoa?

© 2016 John Wiley & Sons, Inc. 3

The Alcoa lesson: Business Demands

• IT offerings need to be aligned with business demands

• IT complexities should be translated to business needs

© 2016 John Wiley & Sons, Inc. 4

Merlyn’s Business-IT Maturity Model

© 2016 John Wiley & Sons, Inc. 5

What a Manager Can Expect From the IT Organization

A manager typically can expect some level of support in 14 core activities (Figure 8.2) – levels in parentheses 1. Developing and maintaining IS (1) 2. Managing supplier relationships (1) 3. Managing data, information, and knowledge (1, 2) 4. Managing Internet and network services (1, 2) 5. Managing human resources (1) 6. Operating the data center (1) 7. Providing general support (1)

© 2016 John Wiley & Sons, Inc. 6

What a Manager Can Expect From the IT Organization (Cont.)

8. Planning for business discontinuities (1) 9. Innovating current processes (2) 10.Establishing architecture platforms and standards. (2) 11.Promoting enterprise security (2) 12.Anticipating new technologies (3) 13.Participating in setting and implementing strategic

goals (3) 14.Integrating social IT (3)

What The IT Organization Does Not Do

• Does not perform core business functions such as: • Selling • Manufacturing • Accounting.

• Does not set business strategy. • General managers must not delegate critical

technology decisions.

Chief Information Officer (CIO) The Senior-Most IT Executive

• Responsible for technology vision • Leads design, development, implementation, and

management of IT initiatives • Is a business technology strategist or strategic

business leader • Uses technology as the core tool in

• creating competitive advantage • aligning business and IT strategies

CIO’s Focus

• CIO’s focus has shifted: • From efficiency to effectiveness in a constantly

changing/competitive marketplace • Formerly: reported to the CFO. Now: reports to

the CEO. • Shift over time towards helping executive team

formulate business strategy

CTO, CPO, and Other Roles • CIO Can’t have all skills—can’t know everything! • Other roles are important:

• CTO: Chief Technology Officer (tracks technologies) • CKO: Chief Knowledge Officer • CDO: Chief Data Officer • CAO: Chief Analytics Officer • CTO: Chief Telecommunications Officer • CNO: Chief Network Officer • CRO: Chief Resource Officer • CISO: Chief Information Security Officer • CPO: Chief Privacy Officer • CMO: Chief Mobility Officer • CSMO: Chief Social Media Officer

So Who Should Make the Decisions?

• Ross & Weill say • The CEO should not make those decisions alone • C-level executives should not even make those

decisions • Input is needed from both IT and the business units

alike • Steering (or Executive) Committee solution

© 2016 John Wiley & Sons, Inc. 12

Building a Business Case – Components

• Executive Summary • Overview and Introduction • Assumptions and Rationale • Project Summary • Financial Discussion and Analysis • Benefits and Business Impacts • Schedule and Milestones • Risk and Contingency Analysis • Conclusion and Recommendation • Appendices

© 2016 John Wiley & Sons, Inc. 13

© 2016 John Wiley & Sons, Inc. 14

Sample of benefits in a business case for adding chat function linked from Facebook page

Busy chat operators; busy Facebook page; Customers seem happier

Sales improved by $250k; costs decreased by $50k after change

Facebook page likes; number of chats; Customer satisfaction scores moved from 3.3 to 4.1 (out of 5)

Converted 150 calls per day to chats; reaching 200 more customers per day

IT Portfolio Management

• IT investments should be managed as any other investment.

• Evaluate and approve IT investments as they relate to other potential investments of all kinds

• Goals: • Pick the right mix of investments • Invest in the most valuable IT initiatives

Asset Classes • Weill and Aral say that there are four asset classes

of IT investments: • Transactional systems – systems that streamline or cut

costs on business operations. • Informational systems – any system that provides

information used to control, manage, communicate, analyze or collaborate.

• Strategic systems – any system used to gain competitive advantage in the marketplace.

• Infrastructure systems – the base foundation or shared IT services used for multiple applications.

Average company’s IT portfolio profile (See Discussion Question 4)

Transactional 13%

Infrastructure 54%

Informational 20%

Strategic 13%

46%

25%

18% 11%

Comparative IT portfolios for different business strategies (See discussion question 4)

Valuing IT Investments

• Soft benefits, such as the ability to make future decisions, make it difficult to measure the payback of IT investment • IT is expensive, thus under close scrutiny. • IT is complex; calculating the costs is an art, not a science. • Payback period for infrastructure is much longer than other

types of capital investments. • With necessary systems (due to laws, etc.), the payback

period cannot be calculated

• Many valuation methods are available…

Valuation Method Description Return on Investment (ROI) ROI= 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅 −𝐼𝐼𝑅𝑅𝑅𝑅𝑅𝑅𝐼𝐼𝐼𝐼𝐼𝐼𝑅𝑅𝑅𝑅𝐼𝐼

𝐼𝐼𝑅𝑅𝑅𝑅𝑅𝑅𝐼𝐼𝐼𝐼𝐼𝐼𝑅𝑅𝑅𝑅𝐼𝐼

Net Present Value (NPV) Discount the costs and benefits for each year of the system’s lifetime using present value factor

1 1 + 𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷 𝑟𝑟𝑟𝑟𝐷𝐷𝑟𝑟 𝑦𝑦𝑟𝑟𝑟𝑟𝑟𝑟𝐷𝐷

Economic Value Added (EVA) EVA = net operating profit after taxes (capital x cost of capital)

Payback Analysis Time that will lapse before accrued benefits overtake accrued and continuing costs

Internal Rate of Return (IRR) Return of the IT investment compared to the corporate policy on rate of return

Weighted Scoring Methods Costs and revenues/savings are weighted based on their strategic importance, accuracy/confidence, other opportunities

Financial Valuation Methods

© 2016 John Wiley & Sons, Inc. 21

IT Investment Monitoring

• Old saying: “If you can’t measure it, you can’t manage it”

• Management needs to achieve organizational benefits from IT investments

• Must agree upon a set of metrics for monitoring IT investments.

• Often financial in nature (ROI, NPV, etc.).

© 2016 John Wiley & Sons, Inc. 22

The Balanced Scorecard

• Focuses attention on the organization’s value drivers (which include financial performance).

• Assesses the full impact of corporate strategies on customers and workforce, as well as financial performance.

• Allows managers to look at a business from four related perspectives:

© 2016 John Wiley & Sons, Inc. 23

How do our customers see us?

At what must we excel?

Can we continue to improve and create value?

How do we look to shareholders?

The Four Balanced Scorecard perspectives

© 2016 John Wiley & Sons, Inc. 24

The IT Balanced Scorecard

• Using it within the MIS department helps senior IS managers • Understand their organization’s performance • Measure it in a way that supports its business strategy

• Linked to the corporate scorecard • By ensuring that the measures used by IT are those that

support the corporate goals.

© 2016 John Wiley & Sons, Inc. 25

IT Dashboards

• Snapshot of metrics at a given point in time (often “right now”)

• Offer “at a glance” idea of how things are going • Often colors depict conditions:

• Areas with problems (red) • Areas in good shape (green) • In-between or average (yellow)

© 2016 John Wiley & Sons, Inc. 26

Sample Black & White Dashboard

© 2016 John Wiley & Sons, Inc. 27

ITDashboard.gov

© 2016 John Wiley & Sons, Inc. 28

Architecture for Dashboards

© 2016 John Wiley & Sons, Inc. 29

Funding the IT department

• How are costs of design, development, delivery and maintenance of IT systems recovered (or simply covered)?

• Chargeback • Allocation • Corporate budget

• The first two are done for management reasons • The latter covers costs using corporate coffers

© 2016 John Wiley & Sons, Inc. 30

Funding Method

Description Why do it? Why not do it?

Chargeback Charges are calculated based on actual usage

Fairest method for recovering costs since it is based on actual usage

Must collect details on usage; often expensive and difficult

Allocation Expenditures are divided by non- usage basis (revenues, headcount, etc.)

Less bookkeeping for IT

Users can question rates & basis of allocation Free riders

Corporate Budget

Corporate allocates funds to IT in annual budget – to general P&L

No billing to the businesses. No rates to compute. Encourages use of new technologies.

Have to compete with all other budgeted items for funds. Potential for overspending.

Comparison of IT funding methods

© 2016 John Wiley & Sons, Inc. 31

How to Determine Cost

• Basic method: add up costs of hardware, software, network, and people involved in IS.

• Real cost is not always easy to determine • Remains a mystery for many firms

© 2016 John Wiley & Sons, Inc. 32

Total Cost of Ownership (TCO)

• Has become the industry standard. • Looks beyond initial capital investments to include

costs often forgotten. For example: • technical support • administration • training

• Estimates total annual costs per user for each potential infrastructure choice.

• Provide the best foundation for comparing to other IT and non-IT investments.

© 2016 John Wiley & Sons, Inc. 33

TCO Component Breakdown

• Shared components (servers and printers): • TCO divided among all users who access each

• When only certain groups of users possess certain components, segment the hardware analysis by platform.

• Soft costs, such as technical support, administration, and training are important to include

© 2016 John Wiley & Sons, Inc. 34

Soft Cost Areas Example Components of Cost Source Technical support

Hardware phone support

Call center

In-person hardware troubleshooting IT operations

Hardware hot swaps IT operations Physical hardware repair IT operations Total cost of technical support Administration Hardware setup System

administrator Hardware upgrades/modifications System

administrator New hardware evaluation IT operations Total cost of administration Training New employee training IT operations Ongoing administrator training Hardware vendor

Total cost of training Total soft costs for hardware

Figure 8.13 Soft cost considerations

© 2016 John Wiley & Sons, Inc. 35

Chapter 9 Governance of the Information

Systems Organization

Learning Objectives

• Understand how governance structures define how decisions are made

• Describe governance based on organization structure, decision rights, and control

• Discuss examples and strategies for implementation.

Intel’s Transformation

• Huge performance improvements between 2013 and 2014

• Was it due to a spending increase? • Intel’s evolution

• 1992: Centralized IT • 2003: Protect Era – lockdown (SOX & virus) • 2009: Protect to Enable Era (BYOD pressure)

Intel Reached Level 3:

1. Developing programs and delivering services 2. Contributing business value 3. Transforming the firm

Previously: categorized problems as “business” or “IT” Now: Integrated solutions are the only way

© 2016 John Wiley & Sons, Inc. 39

IT Governance • Governance (in business) is all about making

decisions that • Define expectations, • Grant authority, or • Ensure performance.

• Empowerment and monitoring will help align behavior with business goals. • Empowerment: granting the right to make decisions. • Monitoring: evaluating performance.

IT Governance

• IT governance focuses on how decision rights can be distributed differently to facilitate three possible modes of decision making: • centralized, • decentralized, or • hybrid

• Organizational structure plays a major role.

© 2016 John Wiley & Sons, Inc. 41

Four Perspectives

• Traditional – Centralized vs decentralized • Accountability and allocation of decision rights • Ecosystem • Control structures from legislation

Centralized vs. Decentralized Organizational Structures

• Centralized – bring together all staff, hardware, software, data, and processing into a single location.

• Decentralized – the components in the centralized structure are scattered in different locations to address local business needs.

• Federalism – a hybrid of centralized and decentralized structures.

© 2016 John Wiley & Sons, Inc. 43

Organizational continuum

Federalism

• Most companies would like to achieve the advantages of both centralization and decentralization.

• Leads to federalism • Distributes, power, hardware, software, data and

personnel • Between a central IS group and IS in business units • A hybrid approach • Some decisions centralized; some decentralized

© 2016 John Wiley & Sons, Inc. 45

Federal IT

© 2016 John Wiley & Sons, Inc. 46

Recent Global Survey

Percent of firms reporting that they are: • Centralized: 70.6% • Decentralized: 13.5% • Federated: 12.7%

© 2016 John Wiley & Sons, Inc. 47

Figure 9.4 IT Accountability and Decision Rights Mismatches Accountability

Low High Decision Rights

High Technocentric Gap • Danger of overspending on IT

creating an oversupply • IT assets may not be utilized

to meet business demand • Business group frustration

with IT group

Strategic Norm (Level 3 balance) • IT is viewed as competent • IT is viewed as strategic to

business

Low Support Norm (Level 1 balance) • Works for organizations

where IT is viewed as a support function

• Focus is on business efficiency

Business Gap • Cost considerations

dominate IT decision • IT assets may not utilize

internal competencies to meet business demand

• IT group frustration with business group

© 2016 John Wiley & Sons, Inc. 48

Figure 9.5 Five major categories of IT decisions.

Category Description Examples of Affected IS Activities

IT Principles How to determine IT assets that are needed Participating in setting strategic direction

IT Architecture How to structure IT assets Establishing architecture and standards

IT Infrastructure Strategies

How to build IT assets Managing Internet and network services; data; human resources; mobile computing

Business Application Needs

How to acquire, implement and maintain IT (insource or outsource)

Developing and maintaining information systems

IT Investment and Prioritization

How much to invest and where to invest in IT assets

Anticipating new technologies

© 2016 John Wiley & Sons, Inc. 49

Political Archetypes (Weill & Ross)

• Archetypes label the combinations of people who either provide information or have key IT decision rights • Business monarchy, IT monarchy, feudal, federal, IT

duopoly, and anarchy. • Decisions can be made at several levels in the

organization (Figure 9.6). • Enterprise-wide, business unit, and region/group

within a business unit.

© 2016 John Wiley & Sons, Inc. 50

Political Archetypes

• Organizations vary widely in their archetypes selected • The duopoly is used by the largest portion (36%) of

organizations for IT principles decisions. • IT monarchy is the most popular for IT architecture

(73%) and infrastructure decisions (59%).

© 2016 John Wiley & Sons, Inc. 51

Figure 9.6 IT governance archetypes

© 2016 John Wiley & Sons, Inc. 52

Emergent Governance: Digital Ecosystems

• Challenge a “top down” approach • Self-interested, self-organizing, autonomous sets

of technologies from different sources • Firms find opportunities to exploit new

technologies that were not anticipated • Good examples:

• Google Maps • YouTube

© 2016 John Wiley & Sons, Inc. 53

Another Interesting Example

• Electronic Health Record • Can connect to perhaps planned sources:

• Pharmacy • Lab • Insurance Company

• And can connect to unplanned sources: • Banks – for payment • Tax authority – for matching deductions • Smartphone apps – for many purposes

© 2016 John Wiley & Sons, Inc. 54

How to Govern in this case?

• Might be difficult to impossible! • The systems might simply emerge and evolve over

time • No one entity can plan these systems in their

entirety

© 2016 John Wiley & Sons, Inc. 55

Mechanisms for Making Decisions

• Policies and Standards (60% of firms) • Review board or committee • Steering committee (or governance council)

• Key stakeholders • Can be at different levels:

• Higher level (focus on CIO effectiveness) • Lower level (focus on details of various projects)

© 2016 John Wiley & Sons, Inc. 56

Summary of Three Governance Frameworks

Governance Framework

Main Concept Possible Best Practice

Centralization- Decentralization

Decisions can be made by a central authority or by autonomous individuals or groups in an organization.

A hybrid, Federal approach

Decision Archetypes

Specifying patterns based upon allocating decision rights and accountability.

Tailor the archetype to the situation

Digital Ecosystems

Members of the ecosystem contribute their strengths, giving the whole ecosystem a complete set of capabilities.

Build flexibility and adaptability into governance.

© 2016 John Wiley & Sons, Inc. 57

© 2016 John Wiley & Sons, Inc.

A Fourth – Out of a Firm’s Control:

Legislation

58

Sarbanes-Oxley Act (SoX) (2002)

• To increase regulatory visibility and accountability of public companies and their financial health • All companies subject to the SEC are subject to SoX. • CEOs and CFOs must personally certify and be

accountable for their firm’s financial records and accounting.

• Firms must provide real-time disclosures of any events that may affect a firm’s stock price or financial performance.

• 20 year jail term is the alternative. • IT departments play a major role in ensuring the

accuracy of financial data. © 2016 John Wiley & Sons, Inc. 59

IT Control and Sarbanes-Oxley

• In 2004 and 2005, IT departments began to • Identify controls, • Determine design effectiveness, and • Test to validate operation of controls

© 2016 John Wiley & Sons, Inc. 60

IT Control and Sarbanes-Oxley Five IT control weaknesses are repeatedly uncovered by auditors: • Failure to segregate duties within applications, and failure

to set up new accounts and terminate old ones in a timely manner

• Lack of proper oversight for making application changes, including appointing a person to make a change and another to perform quality assurance on it

• Inadequate review of audit logs to not only ensure that systems were running smoothly but that there also was an audit log of the audit log

• Failure to identify abnormal transactions in a timely manner

• Lack of understanding of key system configurations

© 2016 John Wiley & Sons, Inc. 61

Frameworks for Implementing SoX

• COSO – Committee of Sponsoring Organzations of the Treadway Commission.

• Created three control objectives for management and auditors that focused on dealing with risks to internal control • Operations –maintain and improve operating

effectiveness; protect the firm’s assets • Compliance –with relevant laws and regulations. • Financial reporting –in accordance with GAAP

© 2016 John Wiley & Sons, Inc. 62

Control Components Five essential control components were created to make sure a company is meeting its objectives: • Control environment (culture of the firm) • Assessment of most critical risks to internal

controls • Control processes that outline important

processes and guidelines • Communication of those procedures • Monitoring of internal controls by management

© 2016 John Wiley & Sons, Inc. 63

Frameworks (continued) • COBIT (Control Objectives for Information and Related

Technology) • IT governance framework that is consistent with COSO

controls. • Issued in 1996 by Information Systems Audit & Control

Association (ISACA) • A company must

• Determine the processes/risks to be managed. • Set up control objectives and KPIs (key performance indicators) • Develop activities to reach the KPIs

• Advantages – well-suited to organizations focused on risk management and mitigation, and very detailed.

• Disadvantages – costly and time consuming © 2016 John Wiley & Sons, Inc. 64

IS and the Implementation of SoX Compliance • The IS department and CIO are involved with the

implementation of SoX. • Section 404 deals with management’s assessment of internal

controls. • Six tactics that CIOs can use in working with auditors, CFOs,

and CEOs (Fig. 9.9): • Knowledge building (Build a knowledge base) • Knowledge deployment (Disseminate knowledge to

management.) • Innovation directive (Organize for implementing SoX) • Mobilization (Persuade players and subsidiaries to cooperate) • Standardization (Negotiate agreements, build rules) • Subsidy (Fund the costs)

• A CIO’s ability to employ these various tactics depends upon his/her power (relating to the SoX implementation).

That’s a wrap!

Dr. Les Stovall [email protected]

© 2016 John Wiley & Sons, Inc. 66Slide Number 1