CIOZone.com - Professional Network for CIOs and IT Professionals

Methods of Managing the IT Portfolio:

Getting Started with IT Portfolio Management

The first steps in getting started with portfolio management are the following:

• Look for signs that this discipline is needed and document (and where possible quantify) them. Many of these signs were described in the scenarios above.


• Learn a bit about IT portfolio management. This can involve talking to professionals and consultants, interviewing peers who have implemented this practice, and of course reading up on the topic.


• Compile an inventory of projects and work streams. These must describe in detail the resource and funding requirements of each of these, as well as current spending versus budget. Besides just considering the current slate of projects, recently implemented projects should be considered in terms of lessons learned or post-mortem analysis of problems.

These initial steps form the basis for making a business case for IT portfolio management.

The core of the business case is the expected value added to the organization from implementing a portfolio management discipline. It should be possible to do this by describing, and wherever possible quantifying, the benefits of addressing the problems described above. But a portfolio management discipline can also go hand-in-hand with better IT processes and governance as will be seen later—these benefits are harder to quantify initially, but will become apparent to management over the first years of implementation.

The Implementation Process

Once the business case is clear, most organizations that implement IT portfolio management have followed a process similar to the following:

1. Identifying champions and forming governance.

2. Collecting data.

3. Documenting existing situation—platforms, applications, infrastructure, vendors, projects, programs, initiatives, baseline cost, allocated budgets, and allocated resources.

4. Prioritizing and selecting projects, work streams, and other portfolio components.

5. Considering risk.

6. Initiating projects.

7. Selecting tools.

8. Reviewing, monitoring, and rebalancing of projects.

9. Improving process and governance.

Champions and Governance

In some organizations, champions initiate the subsequent implementation activities, whereas in others, the evangelists and managers of the IT portfolio management function are assigned at a later stage. Either way, the organization needs to decide who will participate as active managers of the portfolio management process. Typically, the management team is made up of department heads from sub-organizations that generate requests for projects, provide project resources (especially team members), provide project funding, use finished project deliverables, set strategic directions, and so on. This team may or may not be part of an existing IT governance body such as an IT steering committee or some other steering body focused on business-IT alignment.

After that team is established, the members must agree on a set of criteria for valuing and risk-rating projects in order to prioritize them. Decisions based on these criteria will likely be more acceptable to everyone in the organization if the criteria have been developed with the input or review of as many stakeholders as possible from within the various sub-organizations. Typically, broad, organization-wide discussions of the criteria are held before they are finalized.

The Inventory

An early step of any IT portfolio management process involves the organization developing a complete and accurate list of all its projects and work streams with enough descriptive information about each to allow them to be analyzed and compared. Such descriptive information can include:

• Project or work stream name.


• Category (see below).


• Associated program or initiative (where relevant).


• Business objective.


• Current status.


• Owner/sponsor.


• Estimated duration.


• Estimated cost.


• Assigned budget.


• Assigned resources.


• Assessed risk.


• Estimated return on investment and benefits.

This inventory should include not only projects, programs, and other initiatives, but also other important work streams like:

• Application and technology monitoring processes.


• Asset management and inventory processes.


• Business applications.


• Business continuity processes.


• Change management processes.


• Security processes.


• Technology infrastructure and processes.


• Vendor management programs.

Such a list is typically compiled in an electronic database so that it can be analyzed and compared more easily (and, as will be seen, dedicated tools are available to manage such a list.) Afterwards, department heads or other leaders examine each project and work stream, categorize these, and prioritize them according to established criteria.

The overall list of projects is then considered and prioritized in order to develop a well-balanced list of supported projects. Some projects will be given high priority and extensive support, some will be given moderate priority, and still others will be placed on hold or dropped entirely from the list.

Finally, the project portfolio is reevaluated by the portfolio management team on a regular basis (monthly, quarterly, and so on) to determine which projects are meeting their goals, which may need more support, or which may need to be downsized or dropped entirely. Since the circumstances of each project and the business environment can change rapidly, IT portfolio management is most effective when the portfolio is frequently revisited and actively managed by the team.

Examples of Project Categories by Value Driver

• Strategic/market share enhancement.


• Regulatory or controls enhancement.


• Business/revenue enablement and growth.


• Productivity enhancement.


• Operational risk reduction/quality improvement.


• Cost containment.


• Capital reduction.

Examples of Project Categories by Type

• Mandatory change—running the business.


• Maintenance/bug fixes/enhancements—running the business.


• Business growth.


• Business transformation and change.

Examples of Project Evaluation/Prioritization Criteria

• Return on investment.


• Non-financial drivers (regulatory, audit, controls enhancement, risk reductions, etc.)


• Risk rating.


• Resource requirements—staff, funding.

Organizations need to determine how IT costs and business value will be measured, managed, and monitored. A strong business case will be required to secure funding for new IT projects identified as a large, growth investment. Approval of a major systems project requires the development of a complete business case analysis that identifies a project's cost, business impact, return on investment, and risk. Specific metrics that can be used to measure value include the following, each of which looks at benefits from a different perspective:

• Net present value (NPV).


• Return on investment (ROI).


• Internal rate of return (IRR).


• Cash flows (over the life of the project).


• Total benefits (over the life of project)—sum, broken down by type.


• Total costs (over the life of project)—sum, broken down by source.


• Total cost savings.


• Implementation duration.


• Project risk rating.


• Project breakeven period (in years).


• Other measures and metrics which are user-defined.

Evaluate

The next steps involve establishing a portfolio process. The heads of business units, in conjunction with the senior IT leaders in each of those units, compile a list of projects during the annual planning cycle and support them with good business cases that show estimated costs, ROI, business benefit, and risk assessment.

• Where IT is a business enabler, traditional NPV and ROI measures are typically used.


• Where IT is seen as a cost of doing business, supporting business operations, then efficiencies and cost savings are typical drivers (and NPV and ROI can also be used).

The leadership team vets those projects and sifts out the ones with questionable business value based on agreed criteria. Next, a senior-level IT steering committee made up of business unit heads, IT leaders, and perhaps other senior executives can review the project proposals. A good governance structure is central to making this work.

Considering Risk

Recognizing, assessing, sizing, and mitigating risks to successful project delivery and management of IT work streams are a significant part of the project and technology management professional's responsibilities. Implemented criteria may be an issue that comes up in an enterprise IT portfolio management implementation, but what is important is that the portfolio management process allows for the frequent capture of such risk assessments. The risks inherent in non-project work streams should be assessed by the respective line managers (with help from independent sources like audits, security and control reviews, and the like).

Project risks to consider include:

• Project delivery risk.


• Project budget compliance risk.


• Project time frames.


• Level of staffing and other resources.


• Availability of data.


• Architectural complexity.


• Funding stability.


• Changes to scope, requirements, priorities, or external environment.


• Extent of new technology or process deployment.

Risks associated with existing IT work streams include:

• Ability to deliver to business needs/degree of business alignment.


• Impact on business performance.


• Time to issue resolution.


• Level of compliance with policy, regulation, and law.


• Security and business continuity readiness.


• Technology performance and availability.


• Architectural complexity.


• Level of staffing and other resources.


• Vendor viability.

There are many dimensions to assessing risk, but for the portfolio management system, a small number of risk indicators should be presented representing a composite of these dimensions. This makes it easy to see the risk of individual portfolio components.

Portfolio Review

Evaluation and prioritization must quickly be followed by active management of the project portfolio. This means periodic financial and work progress perspective updates from project leaders. Update information goes into a database that shows the project inventory and its status across the portfolio. A common practice is to assign a traffic light color system to rate each project (green for on target and within budget; yellow indicating the presence of issues, risks, or dependencies that could cause the project to veer off target or budget; and red to indicate that a project is off target and budget). Typically, the update includes an explanation of the key driver causing a yellow or red condition. The governance body responsible for the portfolio should then make decisions to continue or stop initiatives, assess funding levels, and resolve resource issues.

IT Process and Governance Improvement

The newly-implemented portfolio management process will shine a spotlight on areas for process and governance improvement. This is because project and work stream decisions and status—and expected project benefits - now are much more transparent than ever before, and because the governance processes force open communication about decisions, status, and risks. IT process and control improvements are an important secondary benefit of the portfolio approach.

The Incremental Approach

Examples of successful approaches come from incremental implementation. This allows cultural issues to be solved on a domain level and for the success to be sold upwards throughout the organization. Best practice examples can be converted into quantifiable results of which management can see the value. For example, organizations can begin implementing IT portfolio management at the departmental or business unit level.

This group may already have the management bias for visibility, process and measurement, or perhaps they are simply looking for ways to improve or gain more visibility into their department, and a portfolio approach looks promising. Next, portfolio management can be rolled out across departmental boundaries. Senior management can now see who is doing what and how this resource allocation is affecting the portfolio value.

How to Quantify Value

The earliest portfolio management techniques optimized a portfolio's commercial value within its resource constraints using a closed-form mathematical model. These techniques focused on maximizing value, but paid little attention to balance or aligning the portfolio with a company's strategy. The models relied on financial projections of each project's commercial value. Relying principally on a single criterion that had a high degree of uncertainty can reduce its credibility.

Next, portfolio assessment tools were developed, including scoring and sorting models and checklists (including the now-popular scorecards.) These methods maximize the value of the portfolio through either financial or non-financial measures. Such methods evaluate the expected financial cost and benefit of a project using a probability decision tree to account for the uncertainty about a project's technical and commercial potential success. This method and other financially-based models are often criticized for over reliance on financial data and an inability to optimize the mix of projects.

Alternate methods have grown that use non-financial scoring models. Projects are rated based on a set of criteria in five categories:

1. Probability of technical success.

2. Probability of commercial success.

3. Reward.

4. Business strategy fit.

5. Strategic leverage.

The scores for each category can be summarized into a single rating. While this method can balance multiple metrics, it is time consuming to execute and, because the criteria are qualitatively assessed, it can falsely measure the relative attractiveness of projects. The checklist—a variation on the scoring model—uses multiple criteria in multiple categories; however, instead of assigning a score, the criteria is answered with a yes/no based on minimum acceptance criteria. A single no answer kills the project. Using this tool, poor projects can be weeded out quickly. However, checklists do not rank projects within a portfolio and are not able to evaluate the balance within a portfolio.

Quantitative tools that are well-established in managing financial portfolios are being adapted to IT portfolios. An example of this is the use of Monte Carlo analysis. This mathematical simulation technique can be used to simulate various portfolio "outcomes" under different scenarios of risks and environmental states (reductions in funding, loss of key personnel, delays in acquiring key resources, and so on).

This can help to determine the optimal mix and scheduling of projects and work streams, especially when combined with scenario planning techniques. Decision trees are another quantitative method that can be used in managing the IT portfolio.

Finally, mapping portfolio tools use graphical and charting techniques to visualize a portfolio's balance. Typically, two-axis diagrams are used to display the trade-off between two criteria - for example, risk versus reward, probability of success versus value, or ease of implementation versus attractiveness. Mapping tools can incorporate multiple portfolio criteria into a single diagram, but are not capable of prioritizing projects.

Success Criteria

Just as the components of the IT portfolio must be subject to value measurement, the portfolio management system itself must be tied to various success factors. These will depend upon each organization's nature, specific requirements for portfolio management, and its level of process maturity. For some organizations, just having a single list of active projects and other work streams is a significant benefit, while others will want to be able to aggregate projects into programs and initiatives and understand interdependencies between projects (even tying this portfolio into enterprise human resource management and cost management systems and processes).

Most organizations will want the portfolio management process to act as a control point where the value of individual portfolio elements (and the portfolio itself) can be quantified and where risks to the portfolio can be tracked. Measurable and achievable criteria should be set, and for organizations with less process maturity, these can be defined in various phases (where these phases can be set out in a roadmap for implementing portfolio management).

Next: Software Tools