(Requires Adobe Acrobat Reader
)Based upon a consulting engagement we undertook for a multi-national
organisation and our work on Corporate, IT and project governance we have drawn
conclusions on typical problems faced by organisations grappling with limited
budgets, continuously evolving needs and technologies, unwilling decision
making, silo based thinking and low levels of co-operation. The text is below,
or the PDF is here.
(Requires Adobe Acrobat Reader)
Specifically from one of the workshop sessions we led the resulting
Proposed IT
Governance Committee Structure for addressing the issues in the paper below.
(Requires Adobe Acrobat Reader)
Managing Delivery of
The Knowledge Organisation
A Report by Simon Harris, PMP
Report Structure (Contents Detail)
Background & Detailed Findings
Addendum: “When It Is Done Then What Does It Mean To Me?”
In order to prosper an organisation must make decisions that are first timely and second mostly correct. By the end of this paper we will have explored concrete steps to achieve this state.
The resolution of issues for oversight of knowledge based organisations are often based in willingness & ability to make required decisions amidst a blame culture. Many corporate cultures allow (reward) indecision whilst the search goes on for the perfect decisions tomorrow over adequate decisions today.
Decision making is often moved by accountable individuals to group forums. As the old joke goes “Lonely? Then call a meeting!” We might extend it to “Facing a tough decision?, Then call a meeting share a few jokes and prove there is no inclusive, correct answer”. The result is firstly failure to make decisions that are “timely”. Secondly submission of questions mis-matched to the expertise of those who are asked for opinions. Ultimately corporate decisions have a poor track-record of being “mostly correct”.
Organisations need pragmatic procedures that balance consequences of in-decision with consequence of in-correct decisions.
Historically oversight (or governance) processes are often invoked at the wrong end of the development cycle: after opportunity is lost, efforts duplicated, resources used on less productive initiatives, failure of multiple initiatives because resources are stretch too thin and budgets exhausted before any objectives are achieved.
The cause may perhaps be because applicants to approval processes have found the process to be slow and painful to use – it is well known that “it is easier to ask for forgiveness than to ask for permission”.
It is the aim of this paper to describe the context for processes that encourage value-added discussions at the start of, and throughout the process. Approval discussions should explore the best alternative solutions and encourage synergies across an organisation’s interests. The resulting processes should be neither a rubber-stamping exercise (solutions must comply with standards that protect the widest interests of the organisation) nor a last minute obstacle (the process is about enabling departments to meet their aims not hindering them).
The seed of ideas for change may come from senior management attempts at programme of change, or from lower-level frustration and desire to ‘get things done’. Where ever the seeds are from they must be germinated somewhere and cultivated across and owned by the whole of organisation. This is not a localised departmental concern.
The most important and most difficult deliverable of an initiative of this sort is to make staff believe what they hear when told they are “empowered” When they are empowered then ‘decision making within and out-with standards and guidelines is a normal, safe part of the culture’. Individual managers must make decision within their field of expertise, at an appropriate delegated authority level, and accept, as the employed experts in their field, their accountability for decisions made.
Often reward and censure structures encourage the avoidance of personal risk by the use of institutional decision making. A behaviour that transfers a personal risk in to a risk to the reputation and credibility of the organisation as a whole. Changing the perception of personal and corporate risks is impossible without also providing the rewards mechanism. Even with an appropriate policy of recognition it is hard and will require appropriate motivation (e.g. recognition and appreciation and rewards and censures).
Ironically the empowerment and personal willingness to embrace goals and use authority can be achieved over-night when all levels of management believe their leadership have empowered them. Equally it just doesn’t happen when the staff believe that “empowerment” is just another term to play corporate bullshit bingo with.
Actions to effect change are hardest where senior mangers need to consider how to mentor their middle managers, those coal-face managers who are incentivesed on keeping the shop open, whose resource pools have been optimised (read reduced) for minimum cost of well-practiced operating processes.
Managers who are called upon to adopt a balanced (speed versus safety such that on occasions, with hind-sight we can see we got it wrong) decision making culture reflecting the organisation’s best long term interest often find it easier to ‘continue doing what we did yesterday and collect next months bonus’. If they are to embrace decision making and change then they will need the resources to practice procedures whose myriad exceptions are unrehearsed and the shifting of incentives from efficiency factors such as utilisation to ones that reflect adoption of new practices. Effectiveness must be first only after that should we seek to achieve lower resource usage.
A description of the framework for oversight (comprised of management responsibilities, decision points and guidance mechanisms) is also required and is relatively easy to create (see below for suggestions that can be tailored to specific design. The organisation specifics should be defined after key stakeholders have had the chance to share their ideas, insights and concerns – involvement leads to understanding which helps argument and revision until belief and thus motivation or ‘buy-in’). The resulting framework should follow both recognise global standards of best-practice (E.g. OECD/ COSO/ CobIT®) and local concerns for balance between centralised and decentralised needs, responsiveness and safety etc.
All global standards such as the OECD Principals of Corporate Governance, PRINCE2 for project control and CobiT® and ITIL for information services delivery explicitly recognise the need for non-bureaucratic application as the key to acceptance and value-adding usage. Specific application will ensure tailoring to suit the differing needs in differing contexts.
Any and every project to improve governance is largely composed of communication activities. The audience is all organisational stakeholders. The contents is the required set of attitudes to decision making and accountability and reward-ability as described above, the levels (and purpose of) delegated authorities together with the procedures for exercising authority.
Several key principles need to be communicated:
1) Recognition of the management levels involved, their roles (actions), their competencies (skills and knowledge) and responsibility (decision making authority limits upper and crucially often omitted lower limit).
2) Recognition of the different points in time with-in the life span of the products an organisation develops and delivers to its community of users/ customers – whether internal or external. Specifically the information required by each role at each milestone in the product’s life-span must be identified and provided in order that role holders make informed decisions.
3) The means to create and dissolve forums for guidance of management at stages of the life-span when decisions are complex or controversial.
4) Devolving decision making to those best equipped to make decisions (as is aided by establishing lower limits – i.e. tiered limits - on decision making authorities) Logical Model’s advanced project management courses: Leading Complex Projects/ Rescuing Struggling Projects and Senior Management courses all explore the required models.
5) Provision of a body of guidelines and standards to inform simple well-known decisions and inform when to reference policy & strategy for unprecedented decisions. (Often described as a Quality Management System or perhaps a Governance Framework.)
6) Transparency of resource usage to encourage consideration of cost of acquisition versus cost of ownership decisions and on-going ownership costs versus benefits. This last point drives good estimating which drives the ability to monitor value creation, judge business cases and allocate resources to the good of the company’s shareholders.
An organisation’s staff at all levels need the freedom to make decisions in the field of expertise for which they were recruited and knowledge of where there decisions impact the responsibilities of others EG following the guidelines for corporate brand values that portray the organisation to the outside world while providing products needed by the organisation’s community of users.
These freedoms come from knowing the limits of authority which are in the Governance Framework. IE within their job description and the Quality Management System (QMS).
[The QMS is the archive of procedures and decision criteria that links to organisation structures (reporting lines) and responsibilities (job descriptions)].
Executive conclusions are given on the following pages. The rest of this report justifies and extends these conclusions. It goes on to propose in general terms stakeholder groups, communication needs, contents and delivery mechanisms in order to inform debate through the organisation prior to formulating specific structures in a second phase. Finally timing, tasks and sequences for workshops are proposed in an outline project plan.
A series of authorities (individual and collective) should be established that correspond to the organisation’s management hierarchy and mandates and is matched to authority over resources. This probably sits with existing forums such as Executive Committees of the Board or organisational Councils, Senior management operational forums and existing management reporting lines and bodies such as specially convened working groups and normally operated daily/ weekly/ monthly coordination meetings.
Conscious exercise of authority over allocation of resources (especially any that require rationing such as IT skills, legal skills etc) is required to drive correct behaviours in demands for services. Specifically there is a need for processes that consider the balance of cost-of-ownership with cost-of-development during business case formulation. Focussing on ownership costs particularly transparency of IT service costs is necessary for achieving efficiency in ongoing annual and longer term service planning (See CobiT® processes in the Planning & Organisation domain such as PO1 Define A Strategic IT Plan and PO2 through10!).
Great care is needed to ensure that freedom and agility to respond to opportunities is fostered at the same time that core services are protected from interruption and inefficiency. Misapplication or politically motivated ‘selective application’ of the ideas expressed here-in has the potential to worsen any organisation’s current status quo.
Flows of information are required up and down the management hierarchy together with various cross-organisational flows that establish knowledge sharing. A people network of contributions and ability to decide – the core of an organisation’s (awful phrase but) “Human Capital”. Human capital is the shared knowledge and interconnectedness of knowledgeable decision makers.
Information flows that express the organisation’s strategy and business drivers are required from the top down-ward (Senior leadership [as opposed to management], inter & intra departmental communications). The information flows comprise directives (required outcomes) and constraints together with the framework for leading, for management and guidance. Content of these information flows must be amended by the participants in them to respond to events in the wider-world and respond to information flows described next.
Information flows from the bottom up express performance versus plan and thus enables responsive allocation of resources and application of controls. Also flowing from the bottom upwards are newly identified opportunities that may amend or enhance current strategy and require guidance (based on greater vision of the business landscape) or approval (based on greater authority to commit rationed resources) from higher levels.
Information is passed upwards to the lowest level of management that is authorised to make the required decisions. If the decision has interdisciplinary dimensions then it should be referred outward or cross-organisationally to mechanisms (e.g. forums) that represents appropriate stakeholders so that upward directed flows can be shared and moderated by all who may have useful insight or will be impacted.
Forums that act on the information flows may be (relatively) permanent for topics such as Information Architecture or ephemeral for specific projects & initiatives (such as how do we add Skype to the corporate desk top or handle customer delivery expectations when ocean going transport instigates a 10% slow-down to save fuel oil cost?)
Mechanism to easily commission and decommission intra-departmental forums with appropriate authority and expertise is a useful ‘business lubricant’. Successful businesses require the means to operate outside of plans as well as operate to plan.
Background & Detailed Findings
What does “Managing The Knowledge Organisation” mean?
Drivers for the Ideal Solution
Establishing Better Knowledge Management
Actions (Details & Rationale))
Addendum: “When It Is Done Then What Does It Mean To Me?”
The responsibility of a manager is to monitor achievement against intention and amend how resources are deployed to achieve the best results obtainable from today onwards. Since results are achieved in the context of an ever changing outside world it is natural that managers must respond to (or even better - anticipate) change required and then take action.
With-in a large and complex organisation decision making in a limited local context must be tempered against the wider impacts and possible synergies. Thus the opportunity to share ideas and decisions is necessary.
However sharing ideas increases the chance of delay, it increases the probability of finding some party who disagrees and it invites the possibility of trying to simultaneously satisfy many needs which leads to complexity and in turn drives costs and timescale exponentially.
To improve management of the knowledge based organisation means: to have established decision making and action as natural without reference to others where reference is not required, to share initiatives where that is beneficial without loss of local expediency, to inform others of decisions, to ask for guidance or decisions from those who can help or have authority when authority or the best answer is unclear, to make simple decisions swiftly without great cost or organisational pain and finally to have a means to resolve disputes over direction or resource allocation.
All organisations (even 1 person owner operated ones) require a Governance framework that supports managers achieve:
Alignment:
activity is directly linked to supporting the business needs.
Thus we need
1) a mechanism to inform internal service providers (EG IT, Legal, Production
etc) of what is the business direction and drivers and
2) inform business of what resources can enable.
Well aligned intent and capability (E.g. IT matched to business needs) is
described as effective.
Value for
money: resources are consumed efficiently.
Thus we need
3) a mechanism to optimise use of resources which in turn requires
4) a mechanism to prioritise between demands on resources based on differing
views of what constitutes optimal.
Risk
management: the speed and robustness of decision making is moderated by the risk
inherent in the decision being made.
Thus we need 4) a mechanism that makes easy decisions quickly and makes hard
decision carefully but timely.
There are several starting points from which structures can be described. Within the business they are:
A) top-down cascade of strategy driven initiatives and
B) consideration of opportunities (which may be) identified bottom-up.
Within Knowledge Management they are:
C) demands for new developments (where ever development resources are sourced from) and
D) on-going needs to support the existing service portfolio.
Each is fairly simple in isolation. It is the combination of factors that creates complexity. This section seeks first to isolate the various drivers and then explores them in a cross-departmental context. Necessarily a discussion based on Knowledge Based Organisations has a heavy ICT bias to the conversation but should be read as applying to all high-skill and thus expensive and probably rationed resources.
In a top down approach the vision or mission of the organisation is broken down into measurable objectives which are further broken down into discrete tasks. Tasks are either i) the on-going provision of services to the organisation’s community of users (external and internal) or tasks are projects to ii) change the available services or iii) provide a new service or iv) delete services whose costs have risen as technologies age or benefits have faded as market places change through early adopters past harvesting into discount provision.
The Top-Down mechanisms establish budgets, resource profiles and architectures (market place, product line, technical and data). Strategic plans are the result of top-down direction. Note: strategic plans must include provision to respond to events in the wider-world that are unknown at the time of planning and budgeting. This provision is the inclusion of un-allocated resources (often termed “reserves” or “contingency”) whose size is a proportion of the budget that is historically justifiable.
Ideas conceived within technical/ ‘coal-face’ units are developed via construction of a business case and project approach (which might be alternatively titled ‘Outline design’ or ‘Concept document’).
Where sufficient time exists between identification of ideas and their implementation then bottom-up mechanisms provide information which is incorporated into strategic, top-down plans. Where lead times are short then bottom-up initiatives must make a case for allocation of reserves or must look to pragmatic reallocation of resources from top-down plans by replacing lower priority needs.
The organisation’s mechanisms to create and administer strategic and tactical planning must be tested against the requirements identified here and any identified gaps remedied.
Within knowledge management activities all organisations’ have two major draws upon the resources they possess.
New developments of capability may be business driven by a departmental imperative or recognition of an enabling technology whose central deployment will have a catalytic effect of creating opportunities (e.g. Skype, Wikis, fuel cells or anti-gravity sky hooks J etc). Capabilities under development eventually end-up in operational use where they attract a legacy of on-going maintenance. Maintenance costs vary over time. Capabilities eventually become inefficient which prompts retirement. The retirement decision is one of the hardest as it requires judging when to address a gradually worsening situation. To make retirement decision management must have access to cost of ownership and cost of acquisition data.
Two key drivers in development (and retirement) of capabilities or products and services are alignment and efficient use of resources. ‘Alignment’ often argues for point-specific solutions which introduce diversity and thus complexity which erodes efficiency. This debate is the subject of deliberations between wide stakeholder communities. Within healthy organisations this is a horizontal, cross-functional debate which may escalate conclusions for approval or recommended options for selection.
Ideally new developments should only go-ahead when the scope that provides most return on investment has been defined and after prioritisation against other calls upon resources. Pragmatically the delay that could be caused may be unacceptable so less than perfect technical solutions are often required if the organisation is to meet a balance of stakeholder needs. If hindsight is used to censure less-than-perfect decisions then decision makers will cease to perform their decision making role. Instead the very act of making a decision under uncertainty should be rewarded with extra bonuses in future where decisions can be show to be linked to good outcomes (as opposed to serendipitous). Building such a reward structure is non-trivial and not primarily based on making financial payments)
The largest drain on resource in any centrally supplied service (EG IT) is often the support of capabilities created in previous fiscal periods whose on-going operation is required by external and internal customers. Without a means to allocate cost of ownership it is impossible to promote efficient resource usage.
Providing centralised services is a budget allocation process and needs budget control and tracking disciplines. Taking IT as an easily illustrated example: Services such as the support of the IT desktop, network and email plus targeted services such as operation of applications and their databases and servers under service level agreements (SLAs) all consume finite resources.
When the set of supported technologies and applications is not managed the finite pool of resource is quickly consumed by the complexity resulting from diverse solutions, old solutions and poorly built solutions. Poorly built solutions are also the largest source of consequential service interrupts which result in low morale in the service delivery groups and poor appreciation of their efforts in the rest of the organisation and the community of users.
A gate-keeping function that regulates the technologies and applications that are allowed to use centralised infrastructure is a pre-requisite to achieving predictable service levels from the service delivery resources. It is impossible to ensure the safe ongoing provision of central services without vetting the technical solutions proposed for support within the organisations infrastructure.
Effective and efficient management of budgets requires limiting the technologies in use as well as requiring service developers to meet minimum standards that optimise cost of ownership on behalf of all the organisation’s stakeholders. The minimum standards will change over time leading to the need to migrate or delete legacy solution out of the supported environment. Retirement of old solutions protects the efficient use of resource in the interests of the organisation as a whole. If one part of the organisation has required services based on disproportionately expensive resources this is to the detriment of the rest of the organisation and its stakeholders. Often silently ignoring the issue is seen as ‘easiest’ but is not, in the longer term, best. Far better to address the total ownership cost every year with mechanisms to gauge ROCE of current solutions and NPV of redeveloped solutions or deletion of a capability.
In many organisations to be able to pragmatically meet the needs to adjust to demands in the wider world departments and divisions need the freedom to create solutions that meet their local needs as they see fit. Judgment of fitness for purpose should be described in a business case for each project and refreshed periodically (as dictated by the price of money within their market place – e.g. laptop manufacturers need a pay-back period measured in months for each new model) for ongoing services. Demonstrating the value of services proposed (or provided) is the responsibility of the management chain within the department or division who own the solution. They must demonstrate continued benefits from their ownership of solution against the strategic plan handed down to them by senior leadership. Senior leadership’s role is to balance the portfolio of services the organisation owns to meet some (political) balance of stakeholder demands.
Business cases must includes development and on-going support cost in order that proper evaluation can be made. Key to managing the knowledge organisation is consideration of the legacy of IT support costs being committed to each year. Prudent governance seeks to encourage shedding of inefficient drains on resources. Benefits Management is the periodic reassessment of each business case within the operational service portfolio.
Management within the chain of command of any department who are unsure how to interpret objectives and directions, guidelines or regulations received from elsewhere (IE from above or from keepers of laws, regulations and standards) must have access to guidance on interpretation of policies, objectives and regulations.
During formulation of business cases all departmental initiatives should be given visibility across the organisation in order that other groups can register interest and propose synergies and improvements. There should be no means of veto at peer level (there may be situations where some opportunity to be implemented has disproportionate costs or threatens established services and so its provision may be moved ‘out-of-house’ – IE out-sourced by agreement with 3rd party providers). Without threat of veto and with possibility for synergy there should be every incentive to publish and share initiatives.
A mechanism of inter-departmental working groups can provide an ideal forum for sharing of ideas generated within departments and divisions and encourage synergies between departments and divisions prior to working up business cases and seeking budgetary approval. After approval project boards (EG as proposed by PRINCE2) provide an ideal mechanism during development and in the operational stages of a product’s life-span. For IT both ITIL and CobiT describe appropriate mechanisms.
The term “governance” is often used too widely. Cover much of what is actually management. Some explanation is given here to define the terms used in this report.
In the Cadbury report Sir Adrian Cadbury defined corporate governance as "the system by which companies are directed and controlled". He went on to say that this includes setting the company's strategic aims, providing leadership of the business and supervising the management.
The IT Governance Institute's CobiT® (Control Objectives for IT) framework version 4 page 5 can be paraphrased as "IT governance is the responsibility of executives and the Board of Directors and consists of the leadership, organisation structures and processes to ensure that the enterprise's IT sustains and extends the organisation's strategies and objectives”.
wikipedia.org defines management as "…the art of conducting, directing …[and] leading … all or part of an organisation,… through the deployment and manipulation of resources (human, financial, material, intellectual or intangible) … [or] the art of getting things done through people."
From the definitions above I focus on
· Governance: setting direction and the supervising of management in achieving that direction.
· Management: the art of getting things done through people by deploying the resources available.
There are three steps in the processes that encompass management and governance:
1) Set direction,
2) use the resources to get things done,
3) checking or “supervising the achievement of direction”.
“Setting and checking” (pre- and to a degree post- action) are the governance elements while “getting things done” is the management element.
In many organisations it is normal for setting and checking to be a comparatively small part of the efforts of the organisation while getting things done is the day-to-day work of the organisation’s management.
In many organisations the balance between getting things done and planning for them and accounting for ones actions after the event ends up being distorted. The distortion is even more common in large non-commercial organisations because of the administration of accountabilities makes censuring people difficult and there are less mechanisms to provide reward (perhaps ultimately unionisation of many organisations has atrophied their ability to generate bigger cakes to share?).
Non-commercial organisations faces the same pressures as commercial organisations (IE attracting funding – just the mechanism is different) and so must consider the means at their disposal to motivate the right balance in behaviours.
This section describes what can be in place when the Knowledge based organisation’s governance project is completed. The description describes topics from the bottom of the organisation upwards. The descriptions are general. Many of the building blocks (e.g. Job Descriptions citing authority levels) will normally already be in place. In total the ideas below provide a complete systematic approach to the management of a product life-span and wider corporate governance needs. Each is then further described below.
· Transparency of central service resource allocations to departments.
· A mechanism to explore and introduce emergent technologies, and remove obsolete technologies from the “catalogue” of standard products and services.
· A common definition (model) of knowledge – IE data, information, classifications and relationships.
· A mechanism to discuss service/ product/ application development, change and retirement within and across departments.
· Use of best practices for running projects and knowledge management services delivery.
· Means to form and dissolve topic specific forums, e.g. project boards, communities of practice and knowledge sharing networks.
· Widely known delegated authorities within the chain-of-command and inter-departmentally.
Knowing where resources are being consumed is a pre-requisite to assessing value for money, setting allocation policy, monitoring achievement against plan and enabling cost efficiency.
A mechanism to show resource consumption provides the means to place a “tariff” on service delivery that encourages efficiency and discourages use of “expensive” solutions without a strong justification.
Transparency of through life costs is a pre-requisite to assessing development business cases which present different acquisition cost options.
The key is to start with a service costing mechanism that is fairly complete in coverage, and quickly, inexpensively established. For example apportion variable costs (EG total staff hours available) per annum by services provided to each department using a percentage basis. Likewise capital employed (EG plant and equipment, related depreciation and maintenance cost and maybe also software license costs). Use these figures to pro-rata the total service overhead cost/ budget to all departments. Avoid the temptation to create a complex, overly precise capability at least until it is understood where significant political or cost drivers exist.
ITIL Service Delivery (ISBN 0 11 330017 4) Chapter 5 provides detailed guidance, as does the ITIL Planning to Implement Service Management handbook (ISBN 0 11 330877 9)
CobiT processes DS6 Identify and Allocate Costs provides detailed support including a maturity model, roles, responsibilities, metrics and control objectives.
A large percentage of most organisations’ support budgets are allocated to providing the services that are required for the on-going operation of the rest of the organisation.
The choice of possible technologies is ever changing while the ability of the organisation to support them is finite. Both new and old technologies are comparatively expensive (inefficient) to support and so should be “priced” accordingly. Thus new technologies will only be adopted where a strong business driver overcomes ownership costs and old technologies are only retained where ongoing ownership costs are still preferable to the impact of dropping a service or migration cost for redeveloping it.
As new technologies mature and adoption becomes more wide-spread so sharing of costs improves efficiency enabling more marginal uses to be made feasible.
Both the best new solutions and the no-hope ideas emerge at the margins of new technology. Separating the two is either resource intensive (it takes a lot of research and some luck to predict the winners) or slow (the best solutions only emerge over time). The pragmatic approach is to allow a demand led approach from as many new-adopters as can fund and need to explore technologies. Those with a need outside the main-stream must be able to fund at least the novel elements of their solution through experimentation, development and support until such time as it becomes a core-service, including the risk that it may always be outside the core.
They need a “safe-haven” in which to develop novel services. The safe-haven must be relatively free of bureaucratic restrictions and provide a useful (if unusual) level of support. It must provide appropriate isolation for the organisation’s main-stream infrastructure. The winning solutions should be adopted as core technologies and the losers tolerated (see terms below).
Adopt the on-going use of knowledge sharing networks and technical Community of Practices that follow new enabling technology and tools in the areas most important to organisation. Allow a fluid, inclusive membership based on individual’s expertise and interests. Supplement voluntary involvement with invitations to ensure involvement of all technical stakeholders across all departments. There are many examples of where this approach has worked with great effect – the often quoted example of Post-It® Notes and what Tom Peter’s calls “Skunk Works”.
My recommended approach in the IT arena is to establish a four tier catalogue of technologies that are available to departments of the organisation
1) Core Strategic Standards: Those that are available cheaply to defined service levels (e.g. telephony, eMail, approved database servers, Linux, MS Office desktop products, et.al. and divisional applications that have passed Operational Acceptance Tests within a shared corporate network environment).
2) Marginal Supported Technologies: Those that are available as emergent (Wikis, Skype et-al) or retiring technologies (e.g. Mainframe, NT or Windows-XP after April 2009). Cost of ownership is specific to the circumstances of the service provision. Service levels may not be guaranteed.
3) Approved Non-Standard: Non-supported products that are tolerated within the corporate infrastructure at the owners specific cost. Support is only available on a time and materials basis. Emergent technologies are placed in this category until a de-facto standard arrives or a conscious evaluation process selects product(s). Obsolete technologies that were previously core are tolerated until retirement. Emergent technologies may be restricted to “safe-havens”. E.g. by filtering TCP/IP port numbers and or providing dedicated hardware.
4) Dis-Allowed items. Products that are known to have a detrimental impact on existing resources and services. A department with an inescapable need to use these products must look to an external third party to develop and support solutions. (EG local software houses and ISPs, global IT or consultancy companies). Note the innocent until proven guilty approach here. If your core infrastructure runs a global network of ATMs or automated commodities trading you may take a different view (and that traffic should probably be on a different infrastructure to run-of-the-mill applications anyway!)
Maintain a register of products and users is useful to help those with a specific need to identify others in the organisation with experience that may be useful in selecting and managing third parties. When the use of a third-party is significant enough the central IT or purchasing functions may act as a supplier management function on behalf of departments to negotiate the best commercial and technical terms.
ITIL and CobiT provide detailed guidance.
When an organisation is a knowledge based organisation, and as such must attain and retain an acknowledged excellence over other information providers, by for example promoting interdisciplinary cooperation and demonstrating an ability to deploy added value services. Such capabilities include the ability to integrate data from disparate sources (including that within the heads of the staff and on the shelves of hardcopy repositories).
Departments that are gathering, analysing and disseminating information have many over-lapping views of the information handled, while customer’s receiving information and developers building the means to handle information require (as far as possible) a single integrated view.
Sharing and disseminating information requires structuring data as a prerequisite.
Create a register (an ontology) of data items, their relationships and their owners. Owners are authorised to create or change the item and share that right with other parts of the organisation (E.g. participants in similar knowledge sharing networks). Start from the premise that all data items have a single owner and that discovery of a new item of interest to anyone in the organisation requires the holder of the register to add the item and owner. Interested parties can appeal to the registrar or item owner for ownership or change of access privileges.
Interested parties (members of the same knowledge sharing network) should also be registered so as to facilitate communication when it is proposed to change validation rules, allowable states etc. (Registration in many cases could be word-of-mouth and does not have to be an expensive bureaucracy).
All items in which there is common interest should have their range of allowable values and inter-relationships defined. Where these are subject to well-known standards (e.g. the ISO-3 set of Country Codes) the well known standard should be mandated by the data item owner. Specification may extend to presentation rules. Where a well-known standard does not exist the knowledge organisation may consider publishing one for use by peer organisations (thus establishing an added value service).
Where inter-relationship of data-items across many interested parties creates inordinate complexity then allow duplication and cross-referencing pragmatically on an exception basis with the knowledge of but not a right of veto from the ‘owner’.
It is often pragmatic to assign ownership at some high level and leave high level owners to administer “their part” of the register (E.g. Split by Animal Vegetable and Mineral). Ownership could be by a collective group in a knowledge sharing network.
The organisation of internet domain names provides a model. Library science and various IT architecture frameworks (such as NeOn/ Gellish/ Owl et. al.) provide a source of discipline guidance.
Departments create applications to handle information that in turn run on the organisation’s shared infrastructure. Similar application needs and technology needs provide the opportunity for cooperation and efficiencies. The ownership cost and delivered benefits of applications change over time. Applications must be considered for their initial and for their on-going business case.
Initially a department identifies a new opportunity. Discussion allows identification of shared interests or unintended impacts and allows assessment of organisation wide benefits and shared funding. Subsequently, aligned to the budget cycle, departments justify the current benefit versus current cost of the services provided and the impacts of redeveloping or retiring services.
Allocation of resources to the implementation of new services is often a bottleneck in large organisations and should be planned in order to fairly ration implementation resources in the most effective manner.
Retirement of services should also be discussed to evaluate the impact on service users from loss of services.
Departments circulate to each-other via knowledge sharing networks their intention to develop, change or retire applications they control in order that other members of the network can register synergies, un-intended impacts and their potential interest and ability to contribute. Details should include impact on: the information that the organisation maintains (via the information register), the use or introduction of technologies and products and services or third parties.
A register of applications should be maintained and amendments discussed as part of routine inter-departmental exchanges (EG via knowledge sharing networks). Timescales between reviews, and rigour of review should be based on the profile of the service supported. An upper limit on the time between reviewing the on-going provision of services should be set (e.g. at least once every 3 years).
Involved parties are probably middle management with responsibility for administering budgets at the ‘coal-face’. They are probably required to refer to directors or other non-board level budget setters for guidance at departmental and inter-departmental levels. When a change initiative results then a project board should be constituted and if necessary a user group as described by PRINCE2®.
For rationing implementation resources an assessment of staff-days per month available within departmental and required across all competing initiatives should be published. Resource pool management should be required to vary staff in post to match anticipated demands or a mechanism (often called ‘Portfolio Management’) should be provided for senior leadership to prioritise between initiatives competing for scares resources.
Guidance on creating project boards is provided in PRINCE2 (ISBN 0-11-330946-5) processes SU2 SU3, Chapter 14 and appendix B. Guidance on introduction of IT services is covered in a number of ITIL publications and CobiT® processes.
Widely recognised frameworks are available that are free of license costs. They provide a benchmark against which to recruit skilled staff thus helping to match experience with authority and give the means to bench-mark the organisation’s performance. Value-added services such as consultancy, training and tools also align to well-know standards.
Adopt PRINCE2 aligned project management methods. Note use of a framework provides skilled practitioners with a model and vocabulary to design a suitable control regime on a situational basis that delivers effectiveness, risk transparency and efficiencies – No framework turns a fool into a sage. A fool with a framework is a fool with more work than they would have had without the framework, worse the extra work reduces effectiveness, so doesn’t added the efficiencies or risk transparency.
Adopt ITIL aligned IT service delivery and support frameworks and CobiT® based IT Governance framework elements as appropriate.
Follow well-known governance models such as Turnbull/ King/ COSO and OECD’s recommendations.
Outside the scope of this review, but relevant, is the confirmation of compliance of current procedures to frameworks for other best practices such as (but not limited to) purchasing decisions.
Two reasons: the management structure of all organisations must know the degree of decision making freedom that it has, the source of guidance it has over questions of interpretation and the source of direction for novel or complex situations. The management must know how to/ have a means to, address decisions at their own management level which have an impact outside of the hierarchical chain of command: a means of inter-divisional communications.
Discretion must be matched to capability or skill-set and the foot-print of the impact (The alternate solution of taking every decision up to the level where all impacts are within the chain of command from this point down often results in loss of the technical expertise to decide the issue or understand recommendations. However it has merit in some circumstances and should be neither excluded as a possibility nor expected on every occasion).
Clarification with-in the line (IE intra-departmental chain of command) should follow the hierarchical reporting lines of the organisation while cross-departmental clarifications should operate at one of three management levels (see below).
Each staff member’s job description should include the authority that they have to commit the organisation’s resources and the source of guidance/ direction for decisions outside their remit (their reporting line). The mechanism should encourage staff to exercise their technical skills. Staff either decide and execute a course of action (within their authority) or present options with a recommendation to the management level that is authorised to make the commitment required.
Within the three levels of management are forums for knowledge sharing. They should range in formality from committee with agenda and minuted discussions to groups of like-minded people sharing ideas in person and electronically.
Below the level at which the organisation’s Mission, Vision and Values are set a top-level inter-departmental authority should exist to set organisation wide strategy. This top-level authority will also ratify departmental objectives that arise from translation of strategy by each department to ensure proper consideration of inter-departmental issues.
Mission, vision and values should be expected to be constant (or change in timescales measured in far horizons) while strategy is a perishable set of concepts that relate mission, vision and values to today’s world context and change as fast as the world around us dictates.
At the bottom level each department will use its management structure to translate strategy to measurable departmental objectives met by specific (tactical) service offerings (maintaining existing capabilities or adding/ removing capabilities). The impact of changing service offerings maybe entirely within a single department or may have inter-departmental implications for information and may have implications for technical decisions (EG reducing number of users of a technical platform below the critical mass to maintain it as a core service cost effectively and triggering retirement on cost grounds of other capabilities).
Between the top and bottom level inter-departmental groups comprised of middle, coal-face, departmental management need visibility of all departments proposed service changes. Their role is to identify cross-departmental impacts and synergies from proposed service deletions, amendments or additions.
These managers are often the source of staff to take PRINCE2 project board member roles of Senior User, Senior Supplier or their Project Assurance Responsibilities. Coal-face managers have the technical fluency to be able to make informed decisions about the cost-of-acquisition versus ownership implications of solutions to corporate strategic imperatives. Frequently they lack appropriate vision of the ’big-picture’ of where the organisation is headed strategically (due to the heads-down commitment needed to maintain a specialism and failure(?) of senior management to communicate meaningfully(?) the broad spectrum of corporate drivers.
The mechanisms to establish supported technical architectures etc should be regarded as permanent, general and inclusive. Within this framework there is a need to handle focus areas as they arise which will be specific, temporary and require specialist insights.
When a focus area is identified in any of the forums or mechanisms described in this paper, and which requires decisions or funding from outside a single management chain-of-command then a temporary group of suitable qualified individuals should be appointed with a brief to either decide the issue or create a statement of options and recommendations for consideration by one of three management levels:
· Those that set the mission,
· Those that translate mission into prioritised and measurable objectives or
· Those that own the architectures.
Any formal forum created for a temporary purpose should be required to justify to its creators its continuing existence on a regular basis E.g. every 3 months, while informal knowledge sharing network will naturally dissolve when the topic(s) of interest are exhausted.
A governance improvement project must include actions to achieve the following
· Communicate the responsibilities of and needs from decision making to all stakeholders (Set the culture of decision making).
· Ensure all necessary guidelines, standards and regulations are owned and used.
· Describe the structure of committees and other forum including terms of reference, attendees and meeting schedule.
· Build the motivation to follow the framework of best practices and know when and how to step outside them responsibly.
· Substitute drivers for institutional decision making with willingness to take responsibility plus access to timely, informed guidance.
· Design a monitoring and reporting process that supports management of the governance framework.
All participants must understand what a “good” decision is in order to overcome the problems of correct but too late and swift but ill considered decisions.
Management must recognise that employment and salary are the reward for accepting responsibility and must know that support is available.
Decisions must be judged in arrears on the basis upon which they were made and not solely with the benefit of hind-sight.
Workshops and road-shows to spread awareness of governance. Tell people what the desired end state is. Explain why it is desired, Ask for their advice on how it can be achieved. Implement the best suggestions.
Establish the culture that an adequate decision today is correct while a perfect decision tomorrow (may be) wrong. Remove post-event consequence for making the wrong decisions where the outcome is unknowable and ultimately turns out to be wrong (sometimes referred to as a Blame Culture). Record audit trails showing the basis of decisions.
Establish the necessary guidelines, standards & authorities and the reporting and monitoring procedures.
Sources of Guidance are many and varied. See for example the writings of John Kotter such as The Heart of Change (ISBN 1-57851-254-9) on creating change and The Malcolm Baldrige National Quality Award For Excellence handbook on structuring the guidelines and standards and maybe even the ISO 9000 document set (The 9004 Guidelines particularly).
Establish the set of governing guidelines and standards required for business, technical, information and communication architectures. Consider coverage of product lines, supporting infrastructures, communication of corporate identity (internal and external) and ensure support of alignment with business drivers such as market places, resources (time, money and people), integrated business plans and Strategic Frameworks.
The technical set is often called a Quality Management System. When combined with statements of job descriptions, authority limits and a supervising or monitoring function the entire set comprises the organisation’s Governance Framework.
Committees that do not meet are redundant and should be dissolved. Committees that are asked questions inappropriate to their expertise cause delay and frustration to applicants and members and should have their terms of reference amended or should be dissolved.
Decisions should be made by the most technically competent to make them. Where possible decisions should be “pre-made” for quick and easy compliance by being recorded in standards and guidelines held within a quality management system and interpreted by job holders with suitable experience to make judgements are recognise when exceptions are required. Exceptions should be expected and encouraged – but only where a justifying audit trail can be demonstrated by a management level suitably authorised to have made the decision.
Identify and where necessary resolve gaps and overlaps in the set of standards and set of known authorities.
List the standards required and those available. Canvas views from the intended audience of the strengths and weaknesses of each.
Implement layered architectures with well-published interfaces. Adopt industry standard interface definitions wherever possible. This applies in the technical field (e.g. use Linux) and in the technical governance field (E.g. use CobiT) and the corporate arena (E.g. Follow Turnbull/ Smith)
Standards and guidelines should be regarded as the default response to a question of how to implement or support a business need. Every initiative should be presumed to follow all applicable standards and guidelines for which it does not have an explicitly stated reason for an exception. However every use of a standard or guideline should be open to challenge by management who may decide to adopt an exceptional course of action based on its assessed net benefit.
For Knowledge Based organisations facing questions affecting the total pool of services the final arbiter on decisions of introduction, service charging and retirement must be between the person responsible for the SLA or OLA provided by that architecture and those paying/ recharged for it (as noted above – without a recharge mechanism however distant from real money – there is not means to ration or motivation from users to be considered in their actions)
Thus where recharge exists an application will need and want to demonstrate ongoing (at introduction and periodically up to withdrawal) compliance with hardware/software standards, infrastructure, application and information architectures and corporate identity and publishing standards/guidelines.
Review decisions will confirm 1) that the SLA provided to existing service users is not damaged by changes to the services portfolio, 2) that current costs and current service level needs are balanced and 3) the SLA required post change (adding new service, withdrawing old ones, changing aspects of existing ones) is practical. For “tolerated applications” noted above who wish only to use shared infrastructure and thus not looking for support from recharged central support resource pools the third part is relatively quick and easy).
Decision making on exceptions or novel situations is the responsibility of management and should be “in the line” where accountability should already reside! and where the most expertise can be applied.
Committees (or knowledge sharing networks) are required where decisions require balance across multiple managers at a peer level and escalation to a common manager would result in loss of the expertise to judge the relevant factors or where management require interpretation of strategy or subtle points of opinion.
Any Strategic Framework should recognise that technical activities must be linked to the purpose of the organisation. A Decision Making Architecture (DMA) underpins how the strategy is maintained across time. A DMA places responsibility for each level/ type of decisions in the most appropriate single place to avoid ambiguity and confusion. The DMA allows those with an interest to know where to focus their lobbying activities.
Hold workshop sessions at middle, ‘coal-face’ management level and invite other stakeholders as appropriate to propose an initial structure of committees to resolve month by month issues of tracking strategy. Send the conclusions for comment and confirmation at senior level.
The proposal must include the change management process by which forums are created, deleted and their terms of reference amended.
A senior leadership forum is required that receives or conceives the organisation’s vision and delegates decomposition of that vision into measurable objectives.
The senior management forum should be comprised those who translate mission, vision and values plus market place and other context (E.g. as considered under the PESTLE headings) with assistance on an as needs basis by directors/ heads-of-function and technical staff.
Establish further senior leadership forums (or meetings of the forum) as required to define measurable departmental objectives and request middle management / technical staff to define actions to achieve measurable objectives. The practices may be usefully supported by use of Balanced Score Cards (Kaplan & Norton ISBN:x)
These forums may be departmental or inter-department depending on the nature of the service being operated or the project being implemented.
Comments above relating to formality and management levels apply to this section.
Successful operation of any regulatory framework depends on the willingness of participants to use it. It must provides the best (quickest, cheapest, easiest, most rewarding etc) means of meeting their needs, they must understand how to access the support and guidance in the framework for both easy and for complex decisions.
Well motivated users of a framework identify and resolve flaws in it’s operation as and when they are discovered, facilitating quick deployment of a adequate solution and its tailoring over time to evolve with the organisations evolving needs.
Explain the benefits of framework and the access to exception handling and the personal ‘what’s in it for me’ of using the governance mechanisms.
Create the means to subject decision making to circulation, contribution, debate and scrutiny.
Remove the idea that a decision proved with hindsight to be bad is some one’s fault. Reinforce the idea that an untimely decision is in itself wrong.
Consultation with and involvement of those who will use the framework in deciding how management of the knowledge organisation is established, resourced, scheduled and maintained in future.
Establish personal incentives and disincentives. Give recognition for staff effort to use the framework appropriately. Give recognition for efforts to contribute to framework improvement
Training (senior) management how to, and when to, positively encourage staff through the general staff-management, promotion & rewards schemes.
Give staff encouragement by being rewarded (non-financially) & ensure there are no penalties for using the governance framework.
Create incentives and disincentives for parochial self-interest drivers by making the time to live service and cost of service lower by following governance processes and un-favourable when the processes are ignored.
An organisation’s reputation and effectiveness suffers from the inefficiencies that result when personal drivers are to “wait till the decision is perfect so I can’t be criticised” (of course the flip-side of no consequence so make any decision is also bad).
The organisation needs a philosophy that balances “wait and see” with “if I don’t make a decision I’m not executing my job function and shouldn’t collect my salary”. In turn these two perspectives must also recognise “best decision possible at the time with the data available”.
Decisions are often delayed because of fear that they will be proved wrong when examined with the benefit of 20-20 hindsight. Sometimes referred to as a blame culture.
Ensure that job descriptions set-out the expertise and authority of job holders to ensure that they are competent to make decisions and empowered to make them.
Review job holders against decision making track-record and support those who have grown used to a culture of non-decision making. Recognise the root cause of poor management and management supervision. Provide support to help challenged job holders embrace their role in the decision making architecture.
Where necessary reassign job holders. Management at senior levels of the organisation will have the most challenging time here. Consider senior manager’s need for guidance to know the best ways to mentor their direct reports.
Within the governance framework’s monitoring and reporting regime establish recording of “decisions that arose” and measures for “timeliness of decision made”. For any instances of untimely decisions instigate a lessons learned process with a timetable for corrective actions.
Creating the QMS and governance framework is a complex undertaking. Right first time generally translates to “takes so long it never happens”. A pragmatic process is “as good as we know” plus the means to detect and remove flaws in its design as discovered.
The ongoing operation of the framework needs to adapt as the organisation adapts. All correction or tuning must be based on knowledge of what is working well, poorly and not at all.
Note that all reporting schemes distort behaviours, cost time and effort and reduce motivation. Err on the side of simple, cheap measures with the most leverage: if the argument to add isn’t three times stronger than the one to delete a reporting element – then delete it.
Define the measures and opinions that will inform management of strengths and weaknesses of the framework’s use. Ensure both are collected and neither measurement nor opinion is dominant.
Define the parties responsible for publishing successes and instigating corrective actions.
Define the measures and opinions across the domains of a Balanced Scorecard tracking leading and trailing indicators within appropriate quadrants (use Kaplan & Norton’s unless you have good reason to stray – e.g. ITGI’s IT-BSC)
· Achievements against budgets and Business Plan
· “Customer” satisfaction
· “Staff” satisfaction
· Development of future capability
What has to be produced by a Governance Implementation (or Review) Project: the products or services created acquired or amended by the project.
· List of required guidance & standards documents:
· Business strategy plan (including Mission, Vision, Values, Strategies, Objectives and their Leading & Trailing metrics)
· Corporate identity standards (EG Corporate Logo, Web presence guidelines etc)
· Technical architecture and standards
· Information architecture and standards
· Data architecture
· Et.al.
· Forums and knowledge sharing networks (life cycle from birth and death)
· Membership (expertise and role on committees)
· Terms of reference of the groups
· Level of authority
· Education all forum attendees/ users of the processes
· Education for forum owners (those who create, set authority limits and delete forums)
· Education for senior management (if any not inside the process already described)
· Education for forum members (sit on a forum and discuss/ decide/ seek guidance)
· Metrics to be used (EG the speed of turnaround, # decisions overturned, satisfaction of customer base, value added, number of developments within the forum scope not presented etc)
What has to be done: the tasks and work-packages completed by project participants
· Write Simon's report (actually you’ve just about finished reading it!)
· Framework of guidelines, standards and regulations (QMS)
· Gather, catalogue, fill gaps
· Identify what is removed (old committees etc), map transition of old to new knowledge sharing networks & committees
· Process model
· Hold workshops (project team, senior & middle management first workshop propose process model)
· Publish, review, refine, obtain sign-off
· Education and publicity
· Write briefings, amended job descriptions, deliver briefings
· Monitor and reporting
· Design
Period One (from 1 day to 1 month depending on scope & organisational complexity and team size – I could justify that over 1 month and the scope is unachievable and …, and…, and etc so don’t take a month as literal)
· Project Mandate, Stakeholder identification and craft Project Brief
· First workshop produces proposed project approach, and outline process model(s)
Initiation Stage (1day to 3 months)
· Middle management in the project team consult with their constituents under Senior User guidance to gather requirements
· Circulate to middle management within and out-with the team. Finalise Acceptance Criteria, Project Plan and Project control regime
· Discuss proposals with stakeholders, seek commitment at all levels
· Review with departmental managers and their staff
Stage One (1 day to 3mths)
· Whatever the Project Plan says
· Seek sign off (for stage and plan next stage or for project and hold project closure celebration)
As a system owner during the idea stage I should ask my knowledge sharing network "is a solution already available, if not does anyone else have similar interests and want to join in with this development. When System Owners are in dispute then they need access to senior management from across the organisation to arbitrate the disputes.
As project manager during approval I need confirmation that resources are available to specify, build and deploy the products. If resources are below the level required to meet all the System Owner's desires then project managers need access to senior management from across the organisation to arbitrate on priorities
As PM in build and test I need to know where to ask for clarification on questions of information architecture and technical architecture. Where the topic covers more than a single information or infrastructure component then a coalition of interested parties should be available to make the decision. They may need access to senior management from across the organisation to arbitrate on resourcing
As a team or technical staff member during approval I need access to the QMS to provide me with the standards to be followed so I can estimate and schedule correctly.
As a team or technical staff member during build I need access to a peer group and an authority to make decisions when standards need interpretation or extension. Standards should cover data-model, application architecture, technical (networks & server) architecture and all knock-on effects to service levels for existing services and the new service
As system owner and managers of infrastructure I need transparency of support costs and service benefits to inform decisions about retirement of applications or technical infrastructure elements. This means I need to share impact of potential changes with my knowledge sharing network for consideration of desirability and options: so probably resulting in the ideas stage revisited.