Enabling IT governance with project portfolio management

Share to0

Conference PaperStrategy, Information Technology21 April 2004

Balsinger, Harold | Robertson, Michelle

How to cite this article:

Balsinger, H., & Robertson, M. (2004). Enabling IT governance with project portfolio management. Paper presented at PMI® Global Congress 2004—EMEA, Prague, Czech Republic. Newtown Square, PA: Project Management Institute.

The collapse of Barings Bank and Enron demonstrate the global reach of the corporate malfeasance of the past decade. Recently enacted regulations require sweeping changes to corporate governance. Fines and jail time await corporate officers who fail to conform to new governance requirements. Enterprise IT systems, which enable compliance, are coming under unprecedented scrutiny. Today, corporate executives, business unit leaders, and IT directors must understand, to some degree, each other's domain. The mechanism for this is IT governance. IT governance concerns decision-making authority and accountability in the use of IT regarding the management of the asset portfolio and project portfolio. EDS, the world's largest outsourcing services company, and Primavera Systems, Inc., the premier provider of project portfolio management software solutions, co-present this important work on effective IT governance. Alignment of projects to corporate strategy, project initiation protocol that prioritise essential project

Michelle Robertson, Market Manager, Primavera Systems Inc.

Primary Presenter: Hal Balsinger, PMP, Global Delivery Executive, EDS

Introduction

The collapse of Barings Bank and Enron demonstrate the global reach of the corporate malfeasance of the past decade. Recently enacted regulations require sweeping changes to corporate governance. Fines and jail time await corporate officers who fail to conform to new governance requirements. Enterprise IT systems, which enable compliance, are coming under unprecedented scrutiny. Today, corporate executives, business unit leaders, and leaders of IT must understand, to some degree, each other's domain. The mechanism for this is IT governance. IT governance concerns decision-making authority and accountability in the use of IT regarding the management of the asset portfolio and project portfolio. Industry analysts' findings suggest that only 5% of the Global 2000 firms (META, 2002) employ integrated and automated solutions enabling IT governance. These leaders are realizing the positive return on their governance and oversight investments. For those firms slow to embrace IT governance, it's the corporate malfeasance and scandals of the past decade that have renewed interest in internal governance structures. Critical to IT governance, and relevant to the project management professional, is the Project Portfolio Management (PPM) component.

IT Governance – Background Information

Origin and Definition

Exploring IT governance requires an understanding of corporate governance. The European Corporate Governance Institute states “Corporate governance is the basis of accountability in companies, institutions and enterprises, balancing corporate economic and social goals on the one hand with community and individual aspirations on the other” (European Corporate Governance Institute, 2004). Corporate governance prescribes disciplines for stakeholders – the board of directors, executive officers, business unit leaders, partners, suppliers, and vendors – to conduct the affairs of business in fulfilling their obligations to shareholders and society. Corporate governance involves defining roles and responsibilities, making of rules (regulations), and enforcing rules (relationship protocols) to effect a system for visioning, planning, directing, and monitoring business goal realization. Essential to success of corporate governance is the ability to define and articulate the business strategies necessary for goal accomplishment and the tactical means of attaining those goals. And, while goal attainment is not necessarily technology-driven, the strategic application of technology can accelerate business success. Proper corporate governance, then, would include the ability to manage and control the organization's information technology.

The new technologies of the digital economy became the drivers of business strategies during the past decade (Kalakota, 1999). Corporate officers and business unit leaders began to place greater demands on the IT departments to achieve corporate and business unit objectives. Being slow to embrace new technologies meant loss of market share and branded the organization as a laggard in the new age of business. The new technologies exposed corporations to new vulnerabilities in the area of security and privacy that necessitated urgent IT department actions. Automation of the value chain through enterprise applications such as enterprise resource planning, supply chain management, and customer relationship management, became mandatory to remain competitive. And, looming, just a few years away, was the impending Y2K “disaster” (Oltski, 2003). IT departments were under constant siege from their business unit leaders to meet their demands. IT projects were hastily defined and corporate political battles raged in determining how the organization's scarce resources would be allocated to these projects. With shocking cost overruns, lengthy schedule delays, and only adequate functionality, the aggregate of IT activity produced a value not commensurate for the investment in money and management time. Strategic discipline was needed and IT governance became the response to the IT chaos of the 1990's.

The de facto definition of IT governance is “the assignment of decision rights and the accountability framework to encourage desirable behaviour in the use of IT” (Broadbent & Weill 2002). The “governance” component of IT governance is similar in nature to corporate governance in that it is predicated upon a discipline for decision-making. Roles, responsibilities, and protocols for stakeholders are defined and codified in policies and procedures and address topics such as business strategy, standards, infrastructure, architecture, project prioritization, and portfolio management.

Benefits and Trends

Governance structures, tailored to the organization's business strategy, allow for quality decisions and value delivery through resource allocation, performance monitoring, and risk management. MIT's Sloan School of Management has found that organizations “with superior IT governance have more than 25% higher profit than firms with poor governance given the same strategic objectives” (Weill, 2004). With today's business imperatives of improving productivity, reducing costs, and increasing the value of the IT investment, IT governance has shown it can pay off.

Effective IT governance requires the definition and articulation of corporate strategy. For, at its core, IT governance is the alignment of business strategy with the tactical IT decisions that contribute to strategy realization through service enablement and business value creation. Discipline in the interaction of corporate officers, business leaders, and the IT organization, breaks down barriers, focuses stakeholders on business strategy, and promotes quality decision making that results in value creation and well-managed IT. The benefits of IT governance, then, include strategy alignment, IT asset management, IT project portfolio management, risk management, performance monitoring, and the ability to substantiate claims of value delivery. Through improved management, the return on investment of IT investments is increased, enterprise-wide IT costs are reduced, and enterprise risks are better managed.

Some of the trends of the 1990's that contributed to the IT chaos continue today (fortunately the Y2K scare is behind us). Consolidations through mergers and acquisitions will continue for some organizations' survival. The inefficiencies of multiple ways of performing information technology must be eliminated quickly to realize the cost benefits of decisions to consolidate. Borderless commerce and the globalization of the business model in pursuit of best-in-class service and minimized costs brings increased demands of IT availability, capacity, and functionality (Caruso, 2002). Senior leadership, jaded by the hype around IT decisions of the 1990's and burdened with the economic slowdown of the past 5 years, now demands demonstrable returns on IT investments.

There is, however, a new and powerful influencer on the IT department today. Corporate stakeholders witnessed dramatic events in 1990's and early 2000's. Financial scandals at Enron Corp., Global Crossing Ltd., WorldCom Inc., Barings Bank, and others ruined corporations, their business partners, and modest investors alike. Governing bodies have crafted regulation and legislation in response to these economic and ethical failures. The Bank for International Settlements of Basel, Switzerland has released the New Basel Capital Accords (Basel II) and the U.S. Government has enacted the Sarbanes-Oxley Act (SOX) to address the underlying factors that caused these incidents. The impact is profound on the enterprise's governance, disclosure, and financial accounting practices. Corporate officers recognize that implementing effective controls that demonstrate compliance and meet real-time reporting requirements must be done with information systems (Kugel, 2003). With severe penalties for non-compliance and corporate wrong doing including jail time for corporate officers, the issue of “compliance” has become the latest driver for IT governance.

Mechanisms, Frameworks, and Constructs

Governance begins with a chartered body of executives, business leaders, and leaders of the corporation's IT function empowered to make high-level decisions regarding the application of IT and accountable to senior leaders and corporate-level stakeholders. Clarification of decision rights among major players is necessary. Some IT governance structures may have authority and decision rights concentrated with the corporate executives or with the IT executives. Others may distribute and localize the authority with the business unit leaders. Still others may share rights among all corporate participants. For those organizations motivated to adopt IT governance as a response to compliance issues, collaborative decision-making is common among the corporate officers and the information directors. In the MIT Sloan CISR working paper No. 326, Peter Weill and Richard Woodham (Weill & Woodham, 2002) describe a range of governance styles (i.e., monarchy, feudal, federal and anarchy). Governance organizations may be as simple as a single IT steering committee or as elaborate as to include business unit advisory boards, change control boards, architecture committees, audit committees, and program management offices.

Two popular internal control frameworks for IT governance are the IT Infrastructure Library (ITIL) and the Control Objectives for Information and related Technology (COBIT). ITIL, created by the U.K. government's Central Computing and Telecommunications Agency (CCTA), is a set of best practice guidelines that define a structured, systematic approach to IT management. The framework addresses areas such as service support, service delivery, planning to implement service management, infrastructure management, applications management, the business perspective (ITIL-ITSM World). There are seven core titles in the library that address over two dozen IT processes (Office of Government Commerce). The standards-based framework was first introduced in Europe and, with its acceptance by hundreds of organizations in the Americas and Asia, is now recognized as a global best practice.

Another established IT governance framework is the Control Objectives for Information and related Technology (COBIT). COBIT, issued by the IT Governance Institute, focuses on the alignment of business need with the IT control processes. There are thirty-four IT processes grouped into four domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. As described by the Information Systems Audit and Control Association (ISACA), an IT control objective can be described as “a statement of the desired result or purpose to be achieved by implementing control procedures within a particular IT activity” (Information Systems and Control Audit). COBIT is a framework that provides a reference between the IT controls and the business objectives, financial controls, and quality standards. The appeal is that it supplies the information the corporation relays upon to achieve its business objectives. With their credible success stories, ITIL and COBIT are now internationally accepted.

A popular delivery vehicle for IT governance is the Project Management Office (PMO) (Dragoon, 2003). (Or, perhaps the better acronym would be the xPO where x is the variable representing the level within the organization where the project office is employed (i.e. enterprise, IT governance council, business unit, program, project etc.)) The PMO is a key resource in establishing and sustaining the IT Governance capability. PMOs are office constructs where project management practitioners apply the project and business management rigors in the defining, delivering, tracking, and controlling of the IT projects. The project management disciplines of cost, schedule, communication, quality, and risk (to name a few) also provide the mechanisms to ensure strategy management, value measurement, organizational alignment, and governance control. Specific disciplines such as service level agreement metrics management and project cost management, through inter-organizational allocation of costs, are used in return on IT investment analysis. With these disciplines, organizations have better efficiency and tighter monitoring of the IT projects and can manage the projects as assets.

Leveraging Technology to Enable IT Governance

The Evolution from Project to Portfolio

While most decisions within the IT organization are concerned with tactical issues, decision-making on the portfolio level is concerned with strategic issues. Today's emphasis on project portfolio management is part of a trend towards better governance of not only individual projects, but the portfolio of work for the IT organization. As organizations begin creating a governance framework, their focus shifts from planning and execution of individual projects, to the front-end of the project management life cycle: how to choose the correct projects, prioritize them, track their progress, and ensure adequate resources. PPM includes these fundamental practices for project prioritization and selection, as well as, the balancing of an organization's portfolio to achieve the best results. It is a holistic view of all the work taking place and work planned for in an organization. In the past, organizations were typically satisfied with simply planning and controlling activities because most projects were large in scale, long in duration and existed as single entities. With the mandate for improved governance, projects now involve people from all areas of the company in some capacity and often involve resources outside the organization as well, in the form of outsourcing suppliers, contract labour, consulting firms or public stakeholders.

Fundamentals of Project Portfolio Management

To fully embrace IT governance, the adoption of PPM technology is a necessity. However, to ensure a successful deployment, it must be structured to contribute towards strategic business objectives. The infrastructure must be viewed and approached from all strategic and tactical efforts and provide a collaborative environment, enable precise portfolio management and serve to facilitate process improvement. As illustrated in Exhibit 1, examples of how IT governance is enabled through the use of PPM is represented in the areas of project management, portfolio management, demand management, resource management, financial management, process management, and collaboration. These mechanisms make possible the monitoring of strategic performance and allow the IT governance council to re-align projects – make changes in project priority, cancellation of projects, and the creation of new projects – as necessary. An illustration of IT Governance oversight through the use of Earned Value Management is also provided.

Components of PPM

Exhibit 1 - Components of PPM

Project Management

Project management is at the very core of PPM. This element is critical in enabling effective IT governance, which requires the alignment of individual projects and the utilization of resources against business objectives. All project planning and execution must be considered within the overall scope of the strategic direction of the organization. Such consideration requires that the control over each individual project and every tactical effort, that mandate significant resource allocation, be applied in the context of all other project efforts and resources used across the enterprise.

Demand Management

The management and control of incoming requests for new projects and work can be a challenge for even the most well governed organizations. Demand management brings consistency and control to planning and estimating initiatives by automating key front-end project planning activities, from evaluating and specifying new project and business opportunities to forecasting, analyzing and managing the entire pipeline. It helps level the playing field for funding decisions that allows IT governance councils to make more uniform decisions.

Enabling Enterprise Workforce Management

Exhibit 2 - Enabling Enterprise Workforce Management

Resource Management

As IT governance encompasses all projects, having the ability to optimize resources over multiple projects and work efforts is critical. An organization that adopts PPM can proactively address staffing requirements, along with resource allocation, expectations, and skills as illustrated in Exhibit 2. This insight provides great control over the allocation of resources, especially on the most strategic projects affecting the project portfolio.

Financial Management

This element is critical in proving the effectiveness of IT governance by relating actual projects costs back to corporate revenue and operating costs. Financial management ensures accurate data reporting, project profitability analysis, and better decision-making. It offers complete visibility and control over project budgets and financial performance across the global enterprise, with sophisticated accounting capabilities. It should also allow for seamless integration to other purchased systems or homegrown systems to allow for tracking of project expenditures.

Process Management

At the mention of governance, most immediately associate it with the processes embedded within an organization. For IT organizations, these processes should include the automation and enforcement of proper initiation and approval of all incoming work. These processes should embrace the governance framework, by providing the mechanisms to capture all project and service related information through standardized templates, enabling the organization to model, enforce and track initiation requests. An example of good process flow is illustrated in Exhibit 3.

Automating Work Flow Management

Exhibit 3 - Automating Work Flow Management

Collaboration

Projects are much more than a series of related activities that must occur within a specific time frame. More importantly, project deliverables impact a wide range of people – internal and external to the IT organization. Collaboration enables the entire project team to easily communicate throughout the project life cycle. Pertinent to enabling effective governance, collaboration should include issues, risks, discussions, and documents and have them readily accessible to be escalated when applicable.

Portfolio Management

Portfolio management is the organization of multiple projects into a single portfolio that allows for balanced management of the projects. Strong portfolio management clarifies projects as investments, prevents loss of value by guiding on-time, on-cost, quality delivery of projects, and substantiates benefit realization. IT governance councils can actively manage the portfolio to optimize performance to business strategy. In addition, enterprise-wide project performance gates are being used more frequently to specifically ensure that standard performance metrics are met before a project is permitted to continue. Similar metrics are used in maturing approval processes for every identified work order. Portfolio management must be designed to report weighted performance of selected projects and work orders against these metrics. An example of portfolio management is illustrated in Exhibit 4.

Displaying the Portfolio Dashboard

Exhibit 4 - Displaying the Portfolio Dashboard

Preserving Project Value through Governance: An Earned Value Example

Exhibit 5 illustrates how project portfolio value can be preserved using the discipline of earned value with performance information made visible by project portfolio applications. The predictive nature of earned value metrics is extremely powerful. Scope, schedule, and cost objectives can be modelled as planned performance (i.e. a budget), actual cost, and a value for the work accomplished (i.e. earned value). When applied to the portfolio of projects, early warnings and insight to problem root causes allow the IT governance council to take decisive actions to optimize portfolio performance. Figure A of Exhibit 5 illustrates the planned project budget for the expected duration of a project. Actual costs and the value for the earned work are recorded after month six and their trends can be projected to an estimated date for completion. In this way, cost overruns and schedule slippages are projected as early as 15% (Fleming 1998) into project execution. Figure B illustrates a project performing well (i.e. favourable cost and schedule variances at complete). Figure C illustrates an extremely poor performing project with significant cost overruns and schedule slippage. (In the symbolic representation of earned value in the exhibit, the amber-colour bar located within the histogram bars indicates schedule percent complete). Figure D presents, in Pareto chart format, the entire collection of projects in the portfolio. The IT governance council sees the forecast for poor performance early in project execution and can take actions to revise portfolio priorities, eliminate underperforming projects, or re-direct resources from other projects.

Using Earned Value to Gauge Portfolio Performance

Exhibit 5 - Using Earned Value to Gauge Portfolio Performance

Benefits of PPM

Proper PPM not only helps facilitate the instillation of good IT governance, but results in bottom-line yields. Research shows that large organizations — that implement a project management group and its corollary practices (including PPM) — see lead times to market reduced by as much as 60 percent, development costs declined, quality improved, and forecasting accuracy increased (Toney 2001). In addition, assessing and managing risk becomes easier within the context of a project portfolio. To deal with any significant risk, there must be diversification, along with other kinds of balance to ensure continuity and health for the enterprise, such as investing in lower-risk projects that provide a near-certain return, or investing in higher-risk projects, the path to extraordinary returns.

Conclusion

Industry leaders with well-defined corporate governance capabilities do not include IT governance as an afterthought. Rather, IT governance, with the mechanisms for decision-making and accountability, has shown to be an important factor in accelerating business and IT strategy accomplishment through predictable project delivery. Governance authority and accountability includes rules, regulations, and protocols, committees and boards, and governance models and frameworks. And, as corporations continue to direct vast amounts of money, resources, and other assets into major IT projects, stakeholders demand reliable, dependable – in fact auditable - checks and balances to safeguard IT investments. Project portfolio management, enabled by applications that enforce discipline and illuminate strategy and tactic performance, is recognized by world-class organizations as an essential discipline to make informed and insightful decisions for effective management of the enterprise portfolio of IT projects.

References

Broadbent, M. & Weill, P. (2002). Creating Effective IT Governance. Retrieved 18-February, 2004 from http://symposium.gartner.com/docs/symposium/itxpo_orlando_2002/documentation/sym12_17d.ppt.

Causo, D. (2002, September). Strategic Options Assessment: The IT Governance Cookbook. [Electronic

Dragoon, A. (2003, August). More Governance Best Practices. CIO Magazine 15 August 2003. Retrieved 18-February, 2004 from http://www.cio.com/archive/081503/factors_sidebar_1.html. Version]. Retrieved 23-November, 2003 from http://www.amrresearch.com/Content/view.asp?pmillid=14833&docid=741.

European Corporate Governance Institute: About the Institute. Retrieved 18-February, 2004 from http://www.ecgi.org/about_ecgi.htm.

Fleming, Q. & Koppleman, J. (1998, July). Earned value project management A powerful tool for softwarep. Crosstalk July 1998. Retrieved 18-February, 2004 from http://www.stsc.hill.af.mil/crosstalk/1998/07/value.asp.

Information Systems and Control Audit: General Definitions. Retrieved 18-February, 2004 from http://www.isaca.org/template.cfm?template=/ContentManagement/ContentDisplay.cfm&ContentID=1795

ITIL-ITSM World: What is ITIL? Retrieved 14-February, 2004 from http://www.itil-itsm-world.com/.

Kalakota, R. & Robinson, M. (1999). E-Business: Roadmap for Success. Addison-Wesley Information

Kugel, R. (2003, October). Sarbanes-Oxley Payoffs for 2004. CFO Project Volume 2. Retrieved 10-March, 2004 from http://www.cfoproject.com/documents.asp?grID=351&d_ID=2376.

META Group: META Trends 2004/2005. Retrieved 18-February, 2004 from http://www.metagroup.com/corporate/corp_pdf/trends2004.pdf. Technology Series.

Office of Government Commerce: Welcome to The Official ITIL Webpages. Retrieved 18-February, 2004 from http://www.ogc.gov.uk/index.asp?id=2261.

Oltsik, J. (2003, February). Why CIOs must adopt IT governance. Retrieved 14-February, 2004 from http://news.com.com/2010-1071-983356.html.

Toney, F. (2001, September). The Superior Project Organization. CBP/Marcel Dekker.

Weill, P. & Ross, J. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Retrieved 1-March, 2004 from http://mitsloan.mit.edu/cisr/itgovernance.php.

Weill, P. & Woodham R. (2002, April) Don't Just Lead, Govern: Implementing Effective IT Governance [Electronic Version] MIT Sloan CISR working paper No. 326. Retrieved 23-November, 2003 http://ideas.repec.org/p/mit/sloanp/4237-02.html.

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited. For permission to reproduce this material, please contact PMI or any listed author.

© 2004, Scott Webb, PMP
Originally published as a part of 2004 PMI Global Congress Proceedings – Prague, Czech Republic

Like what you just read?

Log in or register for a free PMI account to get access 
to even more articles like this one.

or

Offer from our training partner

Advertisement

Offer from our training partner

Advertisement

Related Content

Offer from our training partner

Advertisement