World Class IT

Ever see a mission statement? Your own or other organization’s? Most reflect the same sentiments – “world class” in everything we do… unmatched service… excellence.  Setting lofty goals is admirable – hyperbole or not – but it’s always important to examine the outcomes and goals you have for each initiative. Businesses today, from small to large are all stretched thin – and losing touch with what really impacts reaching your business goals can be detrimental to your company’s success, if not deadly.

So we make choices every day: what is critical to success and what can we live with as “good enough?” But be careful when deciding which is which, because it is not always clear cut. It is easy to know what is “core” to your business – but do you know all of the other areas that are critical to deliver excellence in your core business?

Often inefficiencies with technology and infrastructure are where organizations settle for “good enough?” What we lose sight of are the efficiencies in time and money that the right technology solutions can have across the organization.  “Good enough” just isn’t to deliver your products, services, and support with excellence.  Your competitors can achieve better than you – in everything you do – simply by having an infrastructure that strives to be world class, enabling them to be faster, better, and cheaper.

World-class does not have to be expensive, but it does require thought. More specifically it requires strategies and people committed to rightsizing the IT function  and making sure it is aligned with your business goals. Understanding that the organization may be small, or may not have information as a core part of its offering may cause them to consider outsourcing to gain the advantage of a world class IT function without the cost of a wholly owned unit. The best news is that the cost savings and gains in efficiencies turn your IT from a cost center to a partner in your business.

Researching and considering what makes a “World Class IT” function has led me to believe that it embodies the following characteristics:

  1. It creates and maintains a platform that is stable and robust that business units can reliably employ through all business cycles and functions.
  2. It has people that are skilled in their roles, committed to the organization’s success, and is a stable team with low turnover.
  3. It provides the needed systems and tools to enable all business units to understand processes, and measure and manage them for improvement.
  4. It spends just the right amount, with measures in place to understand costs.  In other words, it has a budget in alignment with the rest of the organization – and has demonstrable value.
  5. It takes its knowledge of the organization through the lens of data movement and helps define and improve business process for the betterment of the whole organization.

I came across a book recently that has been helpful many CIOs, and is aptly titled for our discussion – World Class IT by Peter High.  In it he develops five principles for IT which are different than I had thought of them.  His five principles are:

  1. People form the foundation of an organization. Without the right people doing the right jobs at the right time, it is difficult to achieve excellent performance.
  2. Infrastructure distinguishes between a reactive organization and a proactive one. If software, hardware, networks, and so on are not consistently performing their tasks, the IT organization will become lodged in reactive mode. If the infrastructure works reliably, then a greater percentage of the organization can think about the future.
  3. Project and Portfolio Management is the engine through which new capabilities can emerge within the company. It is important to ensure that the portfolio collectively supports the goals of the business and that projects are delivered on time and on budget.
  4. IT and Business Partnerships are vital. It is the IT executive’s role to ensure that different groups within IT function as a team, communicating efficiently and effectively. It is equally important that IT develop partnering relationships with executive management, lines of business and key business functions to ensure ownership of and success for IT initiatives.
  5. External Partnerships are increasingly important as outsourcing becomes more common. By contributing to the discussion about business strategy, IT is in a strong position to determine which aspects of IT are best handled by external partners. Further, IT must be adept at managing those relationships to be sure the company gains the expected value from its outsourcing activity.

There are some overlaps with my list, but the differences point to areas that we need to make certain are not taken for granted.  For example, disaster recovery does not “technically” add business value – but neither does insurance.  Money to protect your business may someday be the best money you’ve ever spent. No one wants to need insurance – but you cannot accept being without it.

I especially appreciated the way High promotes Project and Portfolio Management, as it leads me to think back to the fact that the truly outstanding IT functions I have had the privilege to work with not only did that well for IT-centric projects, they actually led the rest of the organization in this discipline for non-IT projects.

Regardless of how you think of “World Class IT” – it is clear that often good enough just isn’t, and that your IT needs to be:

  • Encompassing of all functions in the department, and outside of it.
  • Measurable and actionable
  • Customized to your organization. World class is not the same for everyone as each organization has different goals and processes that support these goals.
  • Stable and reliable – never a barrier and always an enabler to great work.
  • Contributing to the growth of the business in a true partnership.

And that brings me to a concluding thought – metrics are important.  They should be aligned to the overall business goals, and organized according to whatever system you choose to use when discussing and designing your IT function (e.g. High’s World Class IT or some other system).  And to that end, metrics should also be:

  • Assigned to a person responsible for its improvement
  • Have targets
  • Have the right amount of metrics – too many causes loss of focus
  • Have specific projects and initiatives created and assigned to reach and exceed the metric’s goals.

Over the next few months I will be spending time developing this, and publishing that here.  I hope you find it helpful and welcome your comments below.

The Future Outsourced IT Model?


Outsourcing is sometimes viewed as a dirty word in organizations, and the Information Technology (IT) department is right there with that sentiment.  C level executives looking to improve the organization’s bottom line by outsourcing non-core areas create anxiety among employees who become fearful of losing their jobs.

Traditional Outsourcing

The general thought behind outsourcing is to look for the areas in an organization that are not critical to products or services that drive the viability of the organization.  Any function that is not directly related to why a customer may buy from you is reviewed for potential outsourcing.  This is based on the assumption that an organization that focuses on a function will do it better than one that does not.  I work in an IT consulting firm; we provide services by way of having talented individuals working as a team to provide services to clients. We cannot outsource that function, because they are the way we can show a profit, and the reason people would view us favorably (based on past successful work using the same team, tools, and methodology).

But we don’t clean our office.

Not that it is dirty, but that function is not core to the services we provide.  We contract with somebody to come in daily and clean.   They do it efficiently and to our satisfaction while showing a reasonable profit.  We cannot do that by using our higher paid employee base; it would make no sense.  We outsource that non-critical function to somebody who views it as a critical function.

We may not have as many employees because of this, but the ones we have share our focus of IT services.  If we used to have our own cleaning staff, the desire to outsource would have cause significant stress for them, and been a paradigm change for us.

Therein lies the reason outsourcing is sometimes a dirty word.

Some organizations view IT the same way we view cleaning; as a non-core function that can be outsourced.  Large companies such as IBM, Perot Systems, and Hewlett-Packard make significant revenue from providing outsourced services.  We make a reasonable profit in certain clients from providing outsourced services.  If your organization manufactures widgets; then maybe the IT function is not core, right along with cleaning, payroll, tax accounting, and even sales, among others.  None of these need to be provided by somebody working exclusively at your direction, and for your singular purpose.

Everything I have alluded to implies outsourcing applies to people – reduce the headcount managed in a function by finding somebody else to perform the service, and even manage it.  This can result in the employee leaving work on Friday working for company “A”, and returning on Monday to the same cubicle but employed by company “B”, possibly with reduced benefits, career opportunities, etc.  Company “A” saves capital, and can focus on core functions. This has been the outsourcing method used popularly for the last 20 years or more.

New Technologies Change the Terms

But new technologies change the terms of outsourcing: instead of focusing on the headcount of people, focus on the specific function.   These technologies are known as Service Oriented Architecture (SOA), and are made possible by using the internet as a transport layer between systems that are made available to provide services (known as “Web Services”) to each other.  While these technologies cannot help us clean our office (that is after all a physical function) they can help us in many other areas, and any business process provided by application or even system software can be reviewed for outsourcing.  This capability was not available before technologies like the web and web services.

Service Oriented Architecture (SOA) is a model that ties disparate systems together using communication interfaces that allow them to talk to each other in industry standard terms.  You might consider it an evolution of long established Electronic Data Interface (EDI).  But EDI, while still providing value in many functions, has two inherent problems.  First of all, it is focused on the format of the messages, not the means of actually transporting them.  Because of this, so called Value Added Networks grew to provide connection services and clearing houses between two systems that could not natively talk to each other. This increases costs, and reduces flexibility.  Secondly they only cover specific transactions that a standards board has set.  So you can transport a Purchase Order and an invoice, but not a flight reservation, request for properly formatted +4 zip codes, or product specification; some things that various organizations would be very interested in.  So EDI has a standard, but it is limited to specific functions and specific data elements within those functions.  This in turn limits an organization from responding to their own needs.

What SOA provides is the ability of two organizations to agree to outsource a function, but not necessarily a person, as has been the approach to outsourcing. We are not implying that no employment will be lost, but are viewing future outsourcing as being service or function based, as opposed to being team and job based. The employee headcount may be reduced or held steady as a side effect, but the focus is finding some web service that can process information and return it to us better than we can ourselves.

Business Process Engineering and SOA

Businesses have spent a lot of time thinking about the process they used, and they have defined and redefined it using Business Process Reengineering, Six Sigma, Total Quality Management, Continuous Improvement, etc. ad nauseam.  Many improvements were made, and that unique business process, designed for the organization that employs it, has been encapsulated in the organization that uses it.  It is hidden in business rules and databases, web pages and email clients, ready to be forced on users at the appropriate time to make sure the business process is followed. This gives rise to ERP systems, and large Line of Business applications (LOB) that perform functions across an enterprise, following a predefined business process to ensure uniformity, predictability, and cohesion among business functions.  Take for example the simple Zip Code + 4 function: an organization wants to ensure that every mailing is successfully delivered to the right location, and so as part of the process they run the address against a computer application that returns the correct nine digit zip code.  In this way, costs are reduced, and the correct targets receive the content in the mailing.  But sometimes the rules or even underlying data change in this specific function.  New addresses are added, street names changes, zip codes redefined, etc.  This may necessitate a change deep within the LOB or ERP, and your organization, with its very organizational specific business process built into the system, is the only one capable of making the change using internal employees familiar with the code and structure.  You bear the full cost of the change, and can only amortize it across your organization.  But the Zip Code + 4 function is NOT core to the business. It needs to be done, but it is not how you actually generate revenue.  The content of the mailing should do that, but the commonly used Zip Code + 4 does not.

The architecture organizations have traditionally used over this re-engineering period is monolithic.  They built single system, or tightly integrated systems, that they owned or highly customized to the point of not even looking like the application they procured.  These were often hidden behind a firewall, focused on the broad and internal needs of the organization’s process.  What they did not invite was the ability to simply integrate one little external function into the business process. So the Zip Code + 4 function remains locked in the LOB or ERP.   This limits flexibility to reuse and share the function, expand it to new acquisitions; in short to generally focus on the core process.

But what if you found another organization, that focuses only on this functional need, and which would allow you to connect your business process directly to theirs? You send them the address, and they send you back the properly formatted address with the correct Zip Code + 4?  That is what SOA and web services can provide.  You can pick from various vendors who will provide the service, selecting the one that best meets your quality and budgetary needs.


This provides in the end an outsourcing model that looks at specific functions within a business process, instead of specific departments or personnel.  You may reduce headcount, and in fact likely will, but that was not the focus. The focus was on improving quality and flexibility, and at the same time turning your attention to the core functions and systems that encapsulate enforces those functions.

This may be the future of outsourcing as a part of the process of reviewing for opportunities to do so.  I invite your thoughts on the subject.


Document Retention and Protection

Organizations generate a lot of data, and usually want to protect it. They store it in reliable media, secure it from unauthorized use, and back it up. This information, especially historical data such as sales history, contracts, emails, etc. is essential to make decisions pertinent to the future of the organization. Many organizations use a Document Management System (DMS) to store them. These systems then ensure they are versioned over time so that it is easy to find them, and see the various changes that were applied, while at the same time enforcing retention rules that dictate what must and must not be kept. This forms a repository to ensure data is both secure and can be located easily.

Which made it interesting to know that Google, king of search engines, was tripped up by a search engine on documents in their own possession. (Read full article here)

Google has been sued by Oracle for use of a programming technology called Java in their Android phone and tablet operating system. Most lawsuits have a discovery period, in which each litigant turns over all documents pertinent to the case, but can exclude any client-attorney privileged documents. For example, original blueprints of an alleged copycat product must be turned over, but a letter between an attorney for the litigant and the engineer which discusses the blueprints is protected and can be held back from disclosure.

In order to facilitate discovery assembly, legal analysts use tools similar to the Google search engine, which allows them to collect information from across the organization’s systems using keywords like “Java” while at the same time excluding documents with phrases like “attorney work product”. In this case Google was caught by a draft email stored on the server; one of 9 drafts before the final. This particular version stated that Google should license the Java technology from Oracle. But because it was an early draft, it did not include the key phrase “attorney work product”, and was released to Oracle’s attorneys. It may change the case completely.

This illustrates the key point: that you need to know what you keep and what you should not keep, and how it is encoded. Document Management Systems can help with this, by setting up and enforcing retention or coding rules, they can automatically add a tag, or delete documents over a certain age.

Google shows us a great lesson; what do you learn from it? If you would like an opportunity to discuss how you can put the right systems and polices in place, feel free to place your feedback below.

3D Printing and Piracy

Information security is always important, and when not designed and enforced properly creates holes that allow unauthorized access to your critical data. Any exposure of salaries, customer credit cards, financials, and product designs may be potentially fatal to your organization. To the extent that your business processes information, your loss of data may be even more damaging. If you are a bank and suffer theft of information it may be the very reason you go out of business. But if you are a manufacturing firm, loss of data does not necessarily mean loss of product control. A bank loses this with loss of data; a manufacturer does not.

But with the advent of 3D printers that can “print” a product from a design file may allow somebody to quickly generate the same product you manufacture without you even knowing it. And now one of the most notorious file sharing sites, The Pirate Bay, has an area for “3D Designs”. This means your product design in the wild could be copied freely like MP3 music files are now. While there is not a large market now for 3D printing, it is a growing manufacturing area that as it attracts attention, will also attract pirates who can obtain your design source files, and easily run them locally to generate an identical part to the one you produce. They can start where you left off with “improving” the product and creating their own offering based on your initial labor.

A video of how these printers work

What this means to manufacturers is that they need to show the same concern about piracy and security as the recording industry does. It means ensuring that you are kept updated on operating systems and their patches; applying security rules to limit access, improving physical and logical access to systems and data, and other measures. As the recording industry has shown, once the cat is out of the bag it is almost impossible to put it back in, so looking at your system now and getting ready should at least be in your plans.

If you would like an opportunity to discuss how you can put the right systems and polices in place, feel free to place your feedback below.