Achieving IT Operational Excelllence

You may be interested in an article I wrote for a magazine: Pharma Focus Asia Issue 4 2007 titled :

Operational Excellence: IT governance, Enterprise Architecture and service management, which explains what are the components of such a program in my company.

The article will soon be downloadable from http://www.pharmafocusasia.com/magazine/ (issue 4), but I'm copying its content:

IT governance defines a structure of relationships, processes and measures to direct and control IT in order to achieve the enterprise's goals.

IT governance is currently a key topic for many IT functions. Its definition varies very often, but key themes remain essential for all companies: effectiveness, efficiency and reliability. Business value and risk mitigation are also at the centre of this domain. It represents a significant part of enterprise governance, and due to the horizontal nature of IT, wherein almost everyone in the enterpriseuses IT assets to complete their responsibilities, the impact of effective IT governance is most visible.

IT governance defines a structure of relationships, processes and measures to direct and control IT assets (e.g. people, finance, infrastructure) in order to achieve the enterprise's goals by adding value while balancing risk with return. It helps to define roles and responsibilities and specify accountability framework to encourage desirable behaviour in IT and accountability for the use of IT assets. ITgovernance also helps to standardise best practices and define monitoring methods.

For XXXXX International SA, IT governance has always been the responsibility of the IT management team, being an integral part of XXXXX's governance, and consists of the leadership and organisational structures and processes that ensure that the IT function sustains and extends the company’s strategies and objectives to deliver value. IT does this within acceptable risk boundarieswhile taking into account culture, organisational structure and maturity.

For the XXXXX IT function, IT governance ensures that delivery expectations are fulfilled, IT resource deployment is continuously planned, targeted and optimised while IT performance is measurable and that the risks are minimised.Among the various components of an IT governance framework, the following domains were retained as being key themes to reach a high level of quality and excellence through continuous improvement:

• Quality management
• Balance scorecard
• Risk management
• Skills management
• Project and portfolio management
• Service management
• Enterprise Architecture
• Information security management
• Audit management
• IT performance and value management

Quality management was initially the main focus for IT, and since 1999, has been certified worldwide in ISO 9001. For the last two years, quality management has also included risk management(identifying risks from strategy down to operations and providing mitigation) as well as skills management (ensuring that the staff in the IT function have the appropriate skills in line with the strategy).Since 2001, IT measures its business alignment, which is highly integrated within the business strategy, using the IT balance scorecard tool. For more than three years, service management and IT Infrastructure Library (ITIL) have been the drivers to improve the quality of services for the end users. XXXXX's IT function deployed the ITIL processes covering both service support and service delivery. Thepurpose of this initiative was to:

• Increase customer satisfaction with IT
• Enhance communication with clients
• Achieve higher reliability in missioncritical systems and infrastructure
• Improve the cost-benefit of services
• Create a “common sense” among staff

These processes are mostly supported by tools from HP-Peregrine and IBM Tivoli. Project management has always been a key practice for IT people. Based on a traditional System Development Life Cycle (SDLC), the methodology has been widely used by the IT function for manyyears. All projects have to comply with documentation, templates and checkpoints where project progress is monitored.Committees validate the various steps of the methodology and give their approval to move to the next phase.

Portfolio management is known internally as the “Funnel”. The portfolio governance process starts when a business user requests or suggests a new capability. The request is automatically routed to aninformation manager (internal relationship manager), then to a business analyst or team for an initial business case before being routed to the IT management committee for review and scoring. The ITmanagement team then evaluates the prioritised, ranked projects to determine the proper portfolio mix and whether to accept the recent request. The “Funnel” is:

• A categorisation model
• A common language for business and IT to:

> Support business strategy
> Organise investments
> Evaluate and prioritise IT projects
> Govern and manage applications portfolio
> Decide when and how to make changes
> Understand what can and cannot be changed
> Provide real-time visibility into resources, budgets, costs, programmes, projects, and overall IT demand

• An input to the IT strategic planSolutions from HP-Mercury help XXXXX to support both project and portfolio management. An Enterprise Architecture (EA) consists of the vision, principles, standards and processes thatguide the purchase, design and deployment of technology within an enterprise. EA describes the interrelationships between business processes, information, applications and underlying infrastructurefor that enterprise, and provides best practices for technology purchase, design and deployment. EA structures and processes govern adherence to an organisation’s technology strategy and provide amanaged environment for the use of new technology.

Enterprise Architecture

• Allows alignment with the company’s business model and strategy
• Enables business changes, technologically based business opportunities
• Easier introduction of new technologies
• Allows standardisation
• Drives information/data consolidation
• Reduces enterprise-application integration complexity
• Facilitates outsourcing as appropriate
• Utilises assets more efficiently
• Provides the facility to better assess the impact of changes
• Ultimately, reduces time to market

Architecture governance is essentially a control or series of controls in the development process which is efficient when supported by good documentation (principles, guidelines, standards) and communicated effectively. To build such an Enterprise Architecture, XXXXX considered the use of both the Zachman and the Open Group TOGAF’s frameworks. Such a programme requires solid processes with ownership and accountability.

Enterprise Architecture is a component of IT governance which interacts with most of the other frameworks such as project and portfolio management, quality, maturity and security management. To manage EA, the company decided to use the Metis-Troux technologies solution.

Security management is another component of the IT governance programme, covering both information security and technical security. The BS 7799 certification was obtained in 2005 for GenevaHQ and ISO 27001 obtained on a worldwide basis in 2006. At the beginning of 2006, a new position reporting directly to the CIO was created to further develop IT performance and value management. Keydrivers for this are: optimising IT value, demonstrating IT value as a critical component of business processes, improving the quality of IT value measurement and reporting and becoming a potentialsource of innovation.

Performance management is not a stand-alone initiative; it is a process that needs to be established and fully integrated in strategic alignment with the business, value delivery and company performancemanagement. This performance framework consistently ensures that IT:

1. Is adding business value to the corporation
2. Is meeting the real customers’ real needs
3. Is running well as a business

Control Objectives for Information and related Technology (COBIT) provides a set of best practices and tools for auditing IT processes and assessing standards compliance, maturity and associatedrisks. COBIT can be associated to other frameworks, as architecture can be audited with certain KPIs.

In the frame of an IT research and innovation initiative, CMMi has been under evaluation. It is the Capability Maturity Model Integration which has been developed by the Carnegie MellonUniversity – Software Engineering Institute, a suite of products used for process improvement. It consists of best practices that address the development and maintenance of products and services covering the product life cycle from conception through delivery and maintenance.

CCMi models could be used in conjunction with all XXXXXs IT processes found in service management(ITIL), COBIT, project management (SDLC/Prince), Enterprise Architecture (Zachman-TOGAF), quality (ISO 9001), security management (ISO 27001), but the programme has not yet been considered.IT governance at XXXXX encompasses many disciplines within the organisation including IT strategy, risk management, IT service management and compliance management to name a few. Understandably, this presents a significant challenge for companies seeking to identify a starting point for their IT governance initiative. Fortunately, best practice governance guidelines and procedures do exist within the industry. Firms, moving ahead with the adoption of a standard will be well served to utilise a phased implementation project approach and start with elements of the standard that will yield their organisation the most benefits—

• Optimised IT strategy and execution
• Improve resource utilisation
• Improve planning and resourcing
• Risk assessment
• Real-time management reporting

In 2005, a benchmark with KPMG positioned XXXXX’s IT as number one among 119 other companies in the life sciences industry. In 2006, the number one position was maintained while thenumber of organisations increased to 125. This recognition states that the IT functionis using IT best practices to support the business and that XXXXX IT controls can now be classed as “excellent”.This was driven by major improvements in the areas of IT operations (incident, problem, operation, and configuration management), security (ISO27001), control assurance (risk, audit, planning management)and Sarbanes Oxley (SOX).

BAM, CPE, BEM, or Operational BI, what are the differences?

Business Intelligence (BI) in many companies has been used for several years to monitor, report and analyze, and improve business performance. Until now, most BI applications have focused on managing strategic and tactical business plans, but now Business Activity Monitoring (BAM), Complex Event Processing (CPE), Business Event Management (BEM) and/or operational BI could add a new dimension to this otherwise mature software area.

Business success demands continuous visibility into operations and processes. Operational BI or “awareness” should reduce the time between the occurrence of a business event and initiation of a response, helping a company act on competitive opportunities. Practically all operational areas need increased operational BI - awareness. Order cancellation, a late order delivery, an imbalance between resource capacity and demand, and a stock-out are just a few examples of events that require immediate action.

Increasingly, lines of businesses realize that to become more responsive, they must accelerate the flow of information, analysis and the decision-making. Major benefits of operational BI - awareness, which extend beyond strategic and tactical decision-making to daily management, include:

• A real-time visibility into business processes (this would require automated processes through the use of Business Process Management suites (BPMs)
• An increased business agility and flexibility
• A maximized use of resources (human mostly)
• Minimized risk
• A collaboration with a broader set of participants
  

Business Activity Monitoring (BAM) is an event stream capture and has been around for many years. This is a technology and a technique that provide real-time access to key business metrics. The reasons for deploying BAM are to monitor key business objectives, anticipate operational risks, and reduce the time between a material event and taking effective action.

There are many BAM products from platform (e.g. IBM Websphere Business Monitor, Oracle BAM, BEA ProActivity Process Analysis (PA), Aptsoft product.

Business Event Monitoring (BEM) is a way to get machines in real-time to alert people when a business process is going wrong and needs human attention to get back on track. BEM focuses also on the business rules and then alerts humans when something goes wrong. The goal is to speed processes up by minimizing time lost because of an exception. As previously written, BAM monitors business processes in real time in an effort to support operational improvements. Where BAM typically concerns itself with managing a single business process, BEM is generally concerned with monitoring all current processes to provide meaningful alerts and analytics to users. We should think of BEM as real-time data mining. While BEM is not yet part of many vendor offerings, this technology is making an appearance in some products. Vitria Technology's Resolution Accelerator provides BEM capability. Lombardi Software's Undercover Agents provide also BEM functionality.

Operational BI is also about the use of operational intelligence to manage and optimize business processes. When this is deployed, the huge analytical power of BI is unleashed on everyday processes that can generate improvements in real-time. This can exist alongside traditional BI, helping organizations to improve business operations both at strategic and business process levels.

Operational BI is the way BI vendors try to sell “type of BAM” applications, but…

Currently, most of Operational BI products refer only to data sensors.

Are they linked to BPM? It seems not because they still continue to use ETL and data access replication principles. Additionally BI vendors are not the best vendors to follow some of the trends about BEM which is often seen as an extension to BAM.

Some vendors like Systar pretend to be “BAM” but are in the same basket than the BI vendors in that case. And only BPM vendors with BAM features are able top provide such link. In counterpart BAM products often do not store good historical data like for example a BI do. It is then difficult to make comparison between operation data with historical data.

As already described, the ultimate goal of BAM environments is to immediately react from dashboards and the goal of BEM is to link the detection of events (including compound events collected for example by CEP) and then provide different management features like : diagnosis help, root cause analysis, management by exception. All of those require BAM (or operational BI) to work closer with the event generator: BPM in particular or other sensors. If we link those at data level only we miss the point. That means that every time we change a process we would have for example to reconfigure the data access, KPI and so on. Operational BI products are not
bad solutions but good for some customers and not enough for others.

The term BAM may become out of vogue in the future and vendors will turn to marketing their products under the banner of Operational BI. BI and BPM are two separate technology areas, complement each other and will converge over the next three to five years. Currently they are being used today in their respective worlds with very little overlap.