The evolution of the application of information technology (IT) from automation of work through information management to business transformation has greatly increased the number and diversity of potential applications of IT. Not only is there more that can be done with IT, but also what can be done is much more complex. Increasingly, organisations are no longer making IT investments—they are making investments in IT-enabled change. On top of all this, most organisations have a large, installed base of legacy applications of technology that must be maintained.
With an increasing amount of potentially valuable work to do—an amount that consistently exceeds available resources— the challenge of selecting the right IT-enabled business investments is becoming increasingly difficult. Issues include:
- More choice
- More complexity
- More risk
- Greater business impacts
- More visibility
- Much more management and executive attention
The challenge facing organisations is how to pick the investments that have the greatest potential value and how to execute them such that they deliver that value.
A powerful tool to address this challenge is portfolio management, one of the three processes of Val ITTM.1 Portfolio management has been applied to financial investments for decades, helping decision makers choose amongst increasingly numerous and complex options in a volatile environment. Portfolio management, together with performance management, is at the core of effective governance in that:
- A portfolio can contain any investment or asset that an organisation needs to manage
- Investments/assets can be categorised based on their type/characteristics
- Criteria can be established to support the evaluation of investments/assets in each category based on what is of interest to management, including contribution to value, strategic and financial objectives, and degree of risk
- Decisions can then be made on how to manage the portfolio based on these criteria, and on the performance of the portfolio, including identification of actions to increase the overall value of the portfolio
The focus of portfolio management in the initial release of Val IT is on new investment programmes. The programmes in the portfolio must be clearly defined, evaluated, prioritised, selected and managed actively throughout their full economic life cycle to optimise value for both individual programmes and the overall portfolio. This includes the proper allocation of resources, the management of risk, the early identification and correction of problems (including programme cancellation, if appropriate), and board-level programme portfolio oversight.
In the next release of Val IT, portfolio management will be extended beyond new investments to include all existing IT services, resources and assets.
|
Portfolio: A grouping of programmes, projects, services or assets, selected, managed and monitored to optimise business value
Programme: A structured group of interdependent projects that are both necessary and sufficient to achieve the desired business outcome and deliver value. These projects could include, but not be limited to, changes to the nature of the business, business processes, the work performed by people, as well as the competencies required to carry out the work, enabling technology and organizational structure.
Project: A structured set of activities concerned with delivering a defined capability (that is necessary but not sufficient to achieve a desired business outcome) based on an agreed-upon schedule and budget |
The goal of portfolio management in Val IT is to ensure that an organisation’s overall portfolio of ITenabled investment programmes is aligned with, and contributing optimal value to, the organisation’s strategic objectives by:
- Establishing and managing resource profiles
- Defining investment thresholds
- Recognising that there are different categories of investment with differing levels of complexity and degrees of freedom in allocating funds
- Defining evaluation criteria with appropriate weightings for each category of investment, including strategic alignment; business worth, both financial and nonfinancial; and risk, including delivery risk and benefits risk, within business and technology domains
- Evaluating and assigning a relative score to the investment based upon evaluation criteria and their weighting for the related category of investment
- Prioritising within resource and funding constraints, and selecting, deferring or rejecting new investments
- Actively managing the overall portfolio, adjusting the portfolio as necessary to accommodate new investments, and responding to the relative performance of individual programmes within the portfolio and changes to the internal or external business environment
- Monitoring and reporting on portfolio performance
Organisations do not need to implement all of these in one step, but each action will bring an increase of the visibility and transparency of investments and an improvement in the decision-making process. Depending on the size of organisations, existing management practices and the importance of IT investments, various processes and practices described in Val IT can provide a starting point for improving the governance of IT-enabled business investments and maximising business value.
Portfolio management has leapt from obscurity to prominence over the last few years and is often promoted as the solution to aligning business and IT and demonstrating the value of IT’s contribution. Whilst programme portfolio management, as described in Val IT, certainly holds this promise, most current implementations of portfolio management relate to project portfolio management (PPM), which is generally more narrowly focused on IT projects. While PPM is certainly useful in managing IT resources and costs and, to some extent, in addressing strategic alignment, portfolio management must be extended to encompass IT-enabled business investment programmes if organisations are to realise the potential of IT to contribute to business value.
Portfolio management is one of the most powerful tools to support effective enterprise governance, including governance of IT. Portfolio management provides the linkage between enterprise strategy and the specific investments, initiatives and actions undertaken to execute strategy. It supports the identification, evaluation, selection, execution and monitoring of investments. It further supports the ongoing monitoring and evaluation of organisational assets, including the results of investments and the resources required to create, maintain and improve the value of those assets. Portfolio management is indeed the key to maximising business value.
Endnotes
1 For more information about Val IT, refer to Enterprise Value: Governance of IT Investments, The Val IT Framework, which is available as a free download from www.isaca.org and available for purchase from the ISACA Bookstore, www.isaca.org/bookstore.
Georges Ataya, CISA, CISM, CISSP
serves as international vice president on the IT Governance Institute Board of Trustees and ISACA Board of Directors. He is also founder and academic director of the ICT audit and security postgraduate degree and the executive master in IT governance at Solvay Business School in Brussels, Belgium, where he is a professor. In addition, Ataya is managing partner of ICT Control SA-NV, a Brussels-based management consulting firm. He is a member of the Val IT Core Team.
John Thorp, CMC, I.S.P
is president of The Thorp Network Inc. and a consulting fellow of Fujitsu Consulting. He is an internationally sought-after management consultant with close to 45 years of experience in the information management field. Author of The Information Paradox, Thorp’s focus is on helping organisations realise the benefits of IT-enabled change. He is the chair of the Val IT Core Team and is currently working with the IT Governance Institute to promote and further evolve Val IT.
Information Systems Control Journal, formerly the IS Audit & Control Journal, is published by the ISACA. Membership in the association, a voluntary organization of persons interested in information systems (IS) auditing, control and security, entitles one to receive an annual subscription to the Information Systems Control Journal.
Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of the Information Systems Audit and Control Association and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors' employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by the Information Systems Audit and Control Association Inc., for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.