Where this best-practices databases came from....
[Click to expand any Chapter.]
1. Customers' view:
What it's like to do business with IT
As a business leader and consumer of IT's products and services, I really like doing business with them -- for many reasons....
First and foremost, they treat me as a customer (not a victim, or someone that needs to be controlled). It seems they're always striving to earn my business (even though they have a monopoly on some things, like enterprisewide services).
They're pleasant and treat me with respect; that alone means a lot to me.
They invest time in getting to know me and my challenges, and building a great working relationship. And they solicit my feedback to learn from experiences and continually improve their performance.
They don't waste my time (e.g., by being late or unprepared for meetings, by making me wait too long in line, by requiring excessive paperwork, or by presenting information that doesn't interest me).
....
But their business-within-a-business approach goes far beyond just good communications. They don't pretend to know what's best for me, or best for the company. They respect that I have a business to run, so I have to be in control of what I buy from them.
In that spirit, they don't come up with projects on their own, and then force solutions on me. They listen to my challenges and help me define what I need (my requirements). They're quite willing to tailor products to my unique needs (not insisting that "one size fits all"). That's what creates value for my business line.
In response to my requirements, they offer alternatives (as in good/better/best) to give me choices in cost and functionality.
In coming up with alternatives, they're open minded, and consider various delivery approaches such as software-as-a-service (SaaS), commercial off-the-shelf (COTS) solutions, and custom development.
And they share all the information I need on each alternative so that I can make a smart choice based on benefits, costs, and risks. They walk me through my options, and help me make wise decisions based on my values. (They don't recommend one alternative based on their values.) And once I've made a decision, they respect my choice (even if it's not their favorite option).
....
It's good that they offer a diverse, relevant, and competitive product line. That way, they can be business driven, and supply whatever it is that I need (no "solution in search of a problem").
....
Of course, I'm not their only customer. Another way they add value is by bringing business units together when there are synergies or cost savings from shared solutions (like our ERP). Once I've agreed to work with my peers as a consortium, they treat us as a customer (not an excuse for IT to take over and make all the decisions).
....
And speaking of those other customers -- my peers throughout the enterprise -- I guess we're all in competition for their resources. So, unless I have money in my budget to give them so that they can bring in more resources, I have to go through our IT prioritization process. That's reasonable. In fact, I like knowing exactly where I stand in their priority stack.
....
I feel I'm getting a fair deal. They've made a real effort to benchmark their rates (unit costs) against vendors who provide equivalent services; and they share those results openly (even where they're not quite competitive yet but working on it).
....
It's interesting... Sometimes they sell their internal products and services to external customers (outside the company). That has benefits to me, such as cost sharing and increased specialization as they grow. And I think competing in the real world keeps them sharp. I'm not worried about this diluting their attention to internal customers, since those external sales are fully funded, and they never serve the company's competitors or jeopardize the company's best interests.
Over time, I've come to trust them. They're professional, and the way they behave inspires belief in their competence.
"A verbal contract isn't worth the paper it's written on." |
Mis-reporting of quote by Samuel Goldwyn |
I appreciate that we form clear agreements for each project before work begins (except in cases of emergencies). These "contracts" document both their and my accountabilities, so I'm not caught off-guard mid-way through projects by things they need from me. And I can hold them accountable for their promises.
One key part of trust is believable estimates. The breakthrough on that came when they instituted "phase-gating." Each project goes through three phases: business requirements, solution alternatives study (a proposal that shows me my alternatives and the costs and pros/cons of each), and then solution implementation (whether through a cloud service, an off-the-shelf product, or internal development).
I guess it was always obvious that they can't give me a cost/time estimate up front (at least not with any accuracy). They estimate projects one phase at a time. Once we've agreed on requirements, they estimate the solution alternatives study phase; and the analysis they do there allows them to give me an accurate estimate of implementation and life-cycle costs.
They do provide rought (T-shirt) sizings of opportunities or requirements, but with little promised accuracy (e.g., in ranges or +/- X%) and to limited significant digits). I use that for planning purposes. But I understand that I can't hold them to it.
....
In all, I'd say this is a "supplier of choice" to me and my peers throughout the business.
2. View from the top:
The value IT delivers
As the CEO, I appreciate the way IT is contributing to the bottom line of the firm. They've gone way beyond delivering the technologies we need to keep the business running. They actually contribute directly to our enterprise business strategies.
I've watched them build awareness of the strategic potential of IT and competitors' use of IT to gain advantage. That's stimulated everybody's creativity in the use of information technologies.
Beyond just building awareness of possibilities, they proactively help business leaders analyze their strategies and operational needs, add value to their business thinking, and identify high-payoff opportunities for IT products and services.
They're always business driven. They look for ways to contribute to our business challenges, not to promote their products (no "solutions in search of a problem").
They invest time up front (before they jump into projects) probing for a deep understanding of each customer's business, goals, strategies, and plans, before exploring how technologies can help. In those discussions, they bring to the table in-depth expertise in the relevance of technologies to our businesses (the linkage). That collaboration is where the breakthrough ideas come from.
When they're solutioning, I appreciate the way they focus on the minimum that our businesses need to solve the problem at hand. (They don't try to automate everything in sight.)
And they help my leaders realize benefits from their IT investments, e.g., through facilitation of adoption and business-process changes.
....
3. Employee's view:
What it's like to work in IT
I love working for this organization. Sure, I've had offers from other companies, some with better pay. But it's not just about the money. This is the place I want to be for so many reasons....
"Employee expectations have evolved. To attract and retain talent, leaders must create organizations that people want to work for.
The Market Organization is exactly that. It's a work environment that respects employees' need for job fulfillment and work-life balance, while delivering business results. [Dean Meyer] will help you create an organization that is both high-performing and humanistic." |
Gary Rietz, CIO, Blommer Chocolate |
For one, the work environment is productive and supportive.
Part of that is a safe, secure, healthy physical work environment. And I have the facilities, tools, and training I need to succeed.
The company permits alternative work arrangements (e.g., remote work, alternative work hours, job sharing) as long as I meet all my commitments. I guess they've figured out that the benefits to the company (e.g., productivity, retention, cost savings) justify any concerns.
They respect my privacy, and don't tell me how to use my personal time (even if I want to use it to work) as long as it doesn't harm the company. For example, they don't require me to work during off hours except in exceptional situations (e.g., a business-critical incident or major project go-live).
....
I feel I'm treated fairly, and with respect. In fact, we all treat everyone (including vendors and contractors) with dignity, respect, courtesy, and freedom from prejudice and harassment.
In our culture, we make good use of our time (e.g., start meetings on time, avoid excessive email, streamline bureaucratic procedures). That's just being respectful to others.
My boss expects the best of me, without expecting the unreasonable (i.e., more than most people are able or willing to deliver). That's fair.
I'm never expected to be altruistic, that is, set aside my own best interests for the good of the company. That's because my own success is aligned with organizational success. For example, they don't measure me just on completing my projects, and then expect me to take time away from my own projects to also help other teams.
....
Our culture is productive. That's important to me, since I like the feeling of accomplishments. And I like knowing that my peers have my back. And I'm proud that my peers represent IT positively.
We act with impeccable ethics (we know right from wrong) and integrity (the behaviors that inspire trust).
We're professional (behaving in ways that inspire confidence in our competence). E.g., we think things through, and proactively learn as much as possible about anything that will help us succeed.
....
A really, really important thing to me is that I'm empowered. Once my boss and I agree on my deliverables, I'm given the resources, information, freedom and authorities I need to meet my commitments. Authorities match accountabilities.
Part of my authority is the ability to choose how I go about achieving my deliverables. Sure, my boss gives me coaching, but she's careful to avoid mandating how I do my job. And of course I follow standards and policies, but that's not disempowering; it's just the rules of the game.
Also, there's no one in this company whose job is to tell someone else how to their job. For example, we don't have "process owners" who tell me how to do my job but aren't accountable for my results.
....
I enjoy working with my colleagues. We work very effectively on cross-boundary teams.
The organization promotes interpersonal relationships that encourage effective collaboration in lots of ways, e.g., social events, associating faces with names in directories. But we do more than that to engender good teamwork.
We all have clearly defined domains (boundaries, like business charters, not a few words in a box); and they're widely understood. There are no overlaps, which would embroil us in territorial conflicts.
And taken together, our domains are comprehensive (no gaps). Somebody is accountable for everything, even if the function isn't full time or is fulfilled with contractors and vendors. This way, I team with my peers rather than having to dabble in specialties outside my expertise.
The real key to teamwork is our project-initiation process. That's where we assign the right skills and resources to each project or service team, wherever they may be in the IT organization. In that process, we clearly define individual accountabilities and the "chain of command" within teams (prime contractor, subcontractors) so that teams are self-managing.
....
Diversity is part of the reason it's fun to work with my colleagues.
The company makes a point of generating a well-qualified, diverse pool of candidates in advance of its hiring needs, including identifying internal candidates (e.g., succession planning, not pre-selection).
We hire people based on: qualifications that meet (or exceed) the currently open position; their fit with IT's desired culture; their potential for increasing contribution to the company throughout the remainder of their careers (ambition, learning and growth potential; distinct from stability); and sufficient stability (retainability) to justify the necessary investment (hiring cost, learning curve).
....
I really like that we define groups' domains in terms of entrepreneurships (internal lines of business; not vague roles, tasks, responsibilities, or processes). It's fun to be part of a business-within-a-business. It gives me a real sense of purpose; it's not about just showing up and going through the motions.
....
As for the future, I feel that this organization is designed to help me get ahead in my career. Here's why:
Our organizational structure is designed to maximize specialization. We all have well-focused jobs that don't make us pretend to be experts at too many things at once.
I understand what I can do to increase my value to the organization in my current job (i.e., developmental planning), and the range of work experiences I'll need to attain my career aspirations (i.e., career planning).
....
4. Vendors' view:
How we utilize and manage vendors
As a vendor to this organization, I'm really committed to doing all I can for them. It's a real partnership (unlike some other customers who just try to control me and minimize my costs). That's why I take such good care of them.
They bring us in as extensions to their internal capabilities (not as an alternative to internal groups). Generally, their internal customers work through the IT organization, rather than directly with vendors like us.
That's actually good for us, since we have a consistent point of contact who understands our business. That allows us to build a stable partnership.
They help us maximize our value with guidance on their policies and standards. They take responsibility for integrating what we deliver into their environment, and supporting it after we're gone.
Of course, they're well-informed buyers. We have to meet their standards of safety, architecture, etc. But that actually gives us competitive advantage, since we have the capabilities to do that.
....
5. Technology challenges:
How IT engineers its products
As a trained IT engineer, I have my professional standards. And I can honestly say, this is a great engineering organization.
As "table stakes," we deliver projects on time and on budget, with all the agreed (funded) functionality.
We deliver results efficiently.
....
Beyond that, in my judgment, we deliver high-quality solutions. Quality is important to optimize performance and our customers' life-cycle costs of ownership.
Now, quality doesn't mean that everything is gold-plated. We define "quality" as the goodness of design and delivery within customers' requirements (professional excellence), not price point (level of service or functionality).
....
We look after long-term costs, such as future interoperability, by designing solutions in the context of a set of standards and design patterns (architecture). This makes it easier to produce solutions in the future that are well integrated and efficient.
....
We also manage data well.
We assemble the appropriate subset of internal and external data into an enterprise data warehouse that's generally accessible (subject to security rights).
We help customers gain business value from data.
....
We also help customers improve the quality of their data.
....
We help customers see opportunities to capture relevant new data that they (or others) can use in the future. For example, we help customers acquire external customer data, e.g., through incentives to identify oneself at point of purchase.
....
....
6. Services challenges:
How IT delivers ongoing services
I'm a service manager by profession. Many organizations don't appreciate that service management is a profession (distinct from engineering); but this one does.
We keep the company running.
We offer a broad, relevant, innovative range of services and off-the-shelf products to meet the needs of market segments (all or sets of customers). Where appropriate, we offer choices in levels of service (as in silver/gold/platinum).
Examples of services include ....
Our services are provided with pristine safety (including cyber-security and access controls), availability and responsiveness, and reliability and consistency. We are careful about change management, so that new solutions don't disrupt the operation of existing assets.
....
We proactively look for patterns in incidents, identify root causes, and pursue opportunities for improvements (problem management).
We continually look for opportunities to improve our service quality through improved technologies and processes.
We're responsive to our customers.
We respond quickly and effectively to customer requests and problems (incidents), keep customers informed of the status of their problems, and resolve problems as quickly as possible.
....
Beyond that, we continually look for new opportunities to create value with new or improved services. Our engineers make us aware of new technologies. We evaluate the company's business needs (the market) and the maturity of the technologies. Then, we lead innovation initiatives to deploy new services.
7. Money challenges:
How IT gets and manages its budget
As the company's CFO, I like saving money. And I like the way the IT organization helps me do so.
We now understand what we get from IT for a given level of spending, and can make budget decisions based on the business needs of the County and our investment opportunities (not last year's spending or what other counties spend).
We can allocate costs to departments based on what they actually consume. We can avoid political nonsense by not charging departments for things they don't consume (like enterprise-good services). And if the County needs to "take from the rich and give to the poor," I can do that with assessments into the general fund; we don't distort IT funding decisions to do that.
And we can adjust priorities throughout the year as business needs change.
Perhaps most fundamental, we don't give IT a fixed budget, and then expect them to produce whatever it is that we ask for all year long. That would only lead to our disappointment when they can't deliver infinite service for a finite price! And it makes IT look bad unfairly. Now, supply and demand are in balance. We know we'll get what we pay for.
How did they do all this? It was a radical re-think of our financial processes. You see, they've followed a "market economics" model for their resource-governance processes. That's especially visible in two ways: the way they budget, and the way they manage priorities throughout the year.
You see, they've followed a "market economics" model for their resource-governance processes. That's especially visible in two way: the way they budget, and the way they manage priorities throughout the year.
Annually, everybody submits a budget. But, for IT, it's what comes before that that's interesting.
They prepare a budget that links all their costs to proposed services and projects ("investment-based budgeting"). We can see both essential deliverables ("keep the lights on") and discretionary deliverables proposed by both business units and IT.
....
We don't need to do cost allocations based on high-level formulas; we know exactly the cost of the projects and services each department consumes. And we know the costs of enterprise-good services (things like policies and cyber-security strategies, sold to the Board) and funding for IT itself (infrastructure, innovation), which are charged to the general fund, not to the departments. (Depreciation on our infrastructure is built into our rates, and our charges to departments which use the infrastructure services.)
In addition to the budget, another thing that comes out of their annual planning process is their catalog with rates. Those rates recover all costs, direct and fair share of indirect. I like that they're transparent about their rates, and the costs that go into each.
....
Overall, I hold IT accountable for offering the best value (below-market rates, i.e., unit costs); but business leaders are accountable for managing their consumption of IT (total IT costs).
Once budgets are set, we all know that things change. IT has done a good job of designing a demand-management process (project intake and prioritization) that lets us adjust their priorities throughout the year.
....
....
8. Governance challenges:
How IT maintains controls without disempowering anyone
As the CIO, I've got multiple responsibilities. I'm responsible to my people to provide a great place to work. I'm responsible to my customers to reliably provide the products and services they need at a fair price, and to contribute to their business strategies.
I'm also responsible for a number of governance issues. The four biggest examples are: information security, regulatory compliance, business continuity, and policies and plans.
Information security is always at the top of my mind (and not just because its a high priority for the Board). I hold everybody accountable for the security of their own businesses. To help them, our information-security group provides a number of services:
We facilitate a security strategy which balances safety with business operational requirements, which is aligned with the company's risk profile by source of threat, and which directs investments in security to the most significant risks.
We are up-to-date on all information-technology-based threats of espionage (e.g., data theft) and sabotage (e.g., denial of service, data corruption, ransomware). We keep asset owners (both customers and IT infrastructure operators) who are accountable for the security of their assets, as well as company executives and the Board, informed of material threats, the status of our defenses and readiness, and security strategies.
We quickly identify incidents, and contain the threats. We keep relevant stakeholders informed of the status of incidents. Once things are under control, we recommend and implement remedial and preventative actions.
We proactively analyze vulnerabilities, inform asset owners of those risks, and coordinate remediation initiatives.
We help asset owners analyze the security risks of proposed investments and vendor relationships.
....
Regulatory compliance is equally essential. We proactively ensure our own compliance with all applicable laws, regulations, and policies. And we keep customers informed of their accountabilities for compliance and assess their compliance with information- and technology-related obligations.
....
Business continuity includes both our own ability to survive and recover quickly from disasters of all types. It also includes our helping business customers with the technology portions of their business continuity plans.
....
There are other policies and plans that are parts of the greater governance landscape.
Our policies and plans are always based on a consensus of stakeholders. ("Stakeholders" are those who are materially affected by a decision, or are in a position to contribute to a decision. Where there are many stakeholders, we use a representative process.)
....