Beyond the Crudware Complex: Planning Smarter IT Investments

Technology acquisition is a complex, often speculative task. Whether the means is build or buy, long-term value goes unmeasured and unrealized. The result is vaporware—or worse. What's the solution to spending savvy? A little-known framework for IT investment management could provide the answer.

by Lamont Wood

Like a trusty road map, a methodology called IT Investment Management (ITIM) can walk an enterprise through the various processes of IT acquisition. ITIM lays out what steps an organization should take to rationalize the way it buys computers, adding improvements, and enhancements until its IT investment process is tightly aligned with its business goals. In fact, it plots out ascending levels of effectiveness, or maturity, that the enterprise can expect to reach by continuing to follow the model.

"In some ways it's an adaptation of some of the ideas that Carnegie Mellon University had with the Capability Maturity Model Integration (CMMI) in terms of process improvement and developing a repeatable process that is both efficient and produces high quality output," explained Jim Kendrick, head of P2C2 Group, a management consulting firm. CMMI is aimed at the software development and ITIM is aimed at the IT investments, but both, (alone or in combination) have been widely adopted, he noted, although not always under their given names. Carnegie Mellon's Software Engineering Institute lists about a thousand enterprises that have had their use of CMMI apprised by third parties. There is no parallel archive of ITIM appraisals, but ITIM is endorsed (but not required) for US Government agencies by the Government Accountability Office (GAO) and its use by agencies is subject to review by the GAO.

ITIM was embraced by the GAO in 2000, and the current version (1.1) of ITIM is embodied in a 143-page PDF file, "A Framework for Assessing and Improving Process Maturity".

The document lays out ITIM as a succession of five stages of increasing maturity for an organization's IT acquisition process. Each stage offers additional benefits and each stage is based on the accomplishments of the previous stage. (Actually, the first stage merely describes the chaos usually encountered in the absence of a formal IT investment process.)

In ascending order, the stages are:

  1. Creating investment awareness. The way the organization invests in IT is unstructured, ad hoc, and unpredictable. If a project succeeds, it's usually because of the heroic efforts of the project team, and duplicating that success is unlikely. Any subsequent successes are coincidences. Scattered individuals may understand how to make successful IT investments, but their knowledge is not institutionalized. "Maturity" at Stage 1 usually means that the organization has made project selection part of its annual budget process, although the selection process is usually rudimentary, undocumented, and inconsistent.

  2. Building the investment foundation. Projects are no longer funded on an ad hoc basis but executive oversight is still applied only on a project-by-project basis. At this stage the organization develops criteria for selecting which projects get funding, based on benefits, risks, and an awareness of the organization's priorities. The organization gains control of its existing collection of projects and adopts a disciplined process for improving project outcomes by monitoring costs, milestones, risks, and benefits. It collects all necessary asset management data. The organization also begins to define an enterprise architecture based on the goals of the organization.

  3. Developing a complete investment portfolio. The project-by-project management of Stage 2 has become a structured, repeatable process. The resulting project-specific performance data is used to create a management process for the organization's IT portfolio, with established selection, evaluation, and review processes. Basically, the organization moves beyond a project orientation to a portfolio orientation. The organization finds synergies from within and across its IT portfolio, rather than remaining satisfied with the benefits of individual projects. Acquisitions are consistent with its defined enterprise architecture.

  4. Improving the investment process. The organization seeks to improve the performance of its IT portfolio and the investment process, and maintain mature selection and control techniques. It also works to maintain alignment between its investments and its enterprise architecture, especially through post-implementation reviews.

  5. Leveraging IT for strategic outcomes. Having mastered the selection, control, and evaluation processes, the enterprise will seek to anticipate the impact of next-generation information technologies to achieve strategic business transformations. The Stage 5 organization will benchmark itself against other organizations, and will continue to look for ways to improve its business performance.

Meanwhile, each stage (except the first) has a number of critical processes that must be completed before the stage can be considered mature. Additionally, each of those critical processes involves a number of key practices that must be performed in order to carry out that specific critical process. There are usually three categories of key activities underlying each critical process: organizational commitments, organizational perquisites, and organizational activities.

For instance, the first critical process in Stage 2 is to institute an investment board. The underlying key activities involve an organizational commitment to setting up a board of senior executives to define and implement an IT investment process, and to document that process. The associated organizational perquisites are the members' time and authority. The organizational activities involve making the necessary decisions and then carrying them out.

ITIM's requirements do not get more detailed than that, however. "ITIM does not say what the processes should be, there is no 'ITIM for Idiots' book," warned Kendrick. "You have to put together your own book for your own enterprise, and adapt the processes to your own organization. But ITIM does provide a path. If you make a smart decision once you can use the same process to make more smart decisions, and eventually you have the capability of making continuous improvement."

As for climbing the stages, "If anyone has reached the pinnacle of Stage 5, I have not heard about it," Kendrick said.

In the federal government, "Stages 2 and 3 embody the key practices that an agency needs to meet the requirements for effective management as put forth by the Clinger-Cohen Act of 1996," said a GAO spokeswoman who did not want to be identified by name. "If you map out the requirements of that act, it amounts to Stages 2 and 3, which is the minimum that we believe that agencies should have in place.

"I've never seen an agency that was doing all of Stages 2 and 3," she added. "Oversight is often a weak area—once the projects are operating and getting into the maintenance phase, they don't do as good a job. Or they oversee enterprise-wide investments but not those of sub-agencies that have their own budgets and processes."

As for Stages 4 and 5, she said she had audited agencies that claimed to be there, but were found to be performing only a handful of key practices associated with that stage rather than the entire stage.

"The important thing about ITIM is that its framework gives you a roadmap for implementing investment management," said the GAO spokeswoman. "It's a step by step process—you do your assessment and see where you are against the framework. You start from the bottom, and where you find gaps, you fill them."

"To really implement ITIM takes several years and usually longer," warned Kendrick. "The hardest thing is change management—working across an enterprise of thousands of people, you have to change people and get them to do things differently. You have to get the project managers to change, and get management on board. An executive can no longer get a hot idea to do something that has nothing to do with the defined process of making a decision.

"The main resource required for ITIM is the time needed to pay attention to it," he added. "CIOs complain that they could do things better if they did not have to spend their time putting out fires. Of course, if you do things right to begin with, there would be fewer fires to put out."

Lamont Wood is a freelance writer based in San Antonio, Texas, who has been covering the technology arena for more than two decades. He can be reachedat