raising the stakes - it governance

Raising the StakesGovernance and the Challenge

of Autonomous IT

© 2014 Malcolm Ryder / archestra research

How to use this notebook

The following series of notes is not a fast read, not a slide show, and not an ebook.

The sequence of notes provides a line of thought that continues to be open to development by

the influence of ongoing new empirical observations.

No dependencies on other external studies are included or necessary in this notebook.

All text and images in the notebook are copyrighted.

©2014 Malcolm Ryder / archestra research

A Glossary of entities

An Enterprise is a set of resources and relationships that creates a proprietary environmentfor business operations

A Business is a set of relationships and responsibilities associated by a model for commerce

A Company is a set of responsibilities and processes organized to run as operations

An Organization is a set of processes and resources executed by a workgroup as production

IT is a set of tools provided for manipulating information as a property or resource in thinking, communications and production. As an entity, IT increasingly can be self-evolving, self-containing, self-directing, and packaged – giving it varying degrees and forms of practical autonomy versus supervised development, provision, usage and retention.


The landscape of IT presence

ENTERPRISE

BUSINESS

COMPANY

ORGANIZATION

BUSINESS

COMPANY

ORGANIZATION

COMPANY

ORGANIZATION ORGANIZATION

Multiple businesses derived within the enterprise

Multiple companies in the business

Multiple organizations of the company

Proprietary environment of the business

We know, from real life, that as an ecological fact, any entity on a given level of this hierarchy

can outlive any entity on the level below it.


Who Cares?IT is a resource. Business people who think about IT think mainly about what it takes to get the right kind of IT “implemented” for the right reason. The primary reason is always the same: to exploit automation in a way that increases the chance of producing business benefits, yet decreases the chance of production being detrimental. That combination is the generic formula for “value” to the business.

If production was a no-risk proposition, all businesses would try many more ways to get what they want.

Productivity risk is a huge driver of selective IT implementation. Automation makes production failure seem unlikely, or at least seem less likely.

But the effects of automation are not always beneficial. Changes in goals, strategy, or circumstances affecting opportunity can make implemented automation, and/or its source, a resistor instead of a facilitator.

Knowing what IT is doing, and knowing what it takes to change it, is in the best interest of parties that are responsible for goals, strategy and circumstances.

Governance and Direction of IT

Governing the enterprise creates a culture from the environment of the business and attends to prime directives constraining the business.

Governing the business directs the activity of commerce and attends to primary objectives.

Governing the company creates the operations perspective that predisposes meaningful decisions regarding the influences of IT.

Governing the organization protects stakeholders having the above dependencies on I.T.

→ Increasingly, IT dominates both the recognition and the constitution of the culture

→ Increasingly, IT formulates and tracks the activity

→ Increasingly, IT executes and supervises the organization of responsibilities and processes run as operations.

→ Increasingly, IT utilization reflects organizational-level decisions instead of company-level decision-making.

Governors direct resources throughout the chain of influences on producing benefits.

Meanwhile, IT challenges past conventions and drives future expectations

Business Value

What is “Value”?Value comes from a specific kind of result.

The result is a difference that has been made.

Value is the importance of the difference, not just the difference per se.

The same difference may have different meaning in different circumstances. Because of that, a single difference can have multiple values.

A specified value is determined by the circumstances in which the difference occurs.

Value – the significance of a difference – is recognized in a context.

In the context, the significance may be positive (opportunity of benefit) or negative (risk of detriment).

Therefore, value may be positive or negative.

Influencing and directing Value for businessIn a given context, value can be a benefit. Directors guide value. The main interest of directors is to create a reliable “delivery” of value within the desired context.

The main enablers of delivery are the investments and operations that allow appropriate outcomes to be produced on request, providing values.

Investments and operations share a point of view: that operational outcomes are subject to certain ways of using resources and the relationships that channel them.

The resources and relationships are the environment from which value is derived.

Investment creates and sustains the environment. Operations produce value from it.

To obtain the intended value, direction is applied to influence operations.

Actual value delivered involves affects on assets in three ways recognizable as ROI:

• Diminishes prior assets

• Modifies prior assets

• Adds to prior assets

The directorial challenge is to allow substantive value to be created and recognized both for current and future priorities.

A Glossary of Stake-holding

A stake is the dependency on a condition in which an investment has been made

Capital is the tangible and intangible assets available to commit to a goal as investments

Constraints are non-discretionary conditions imposed on ongoing opportunities

Administration is policy-based decision-making about the distribution (including access) of resources for production and support

Performance is the measureable degree of intended value that is delivered

EntitiesMANAGED CONDITIONS

Stakeholders’ Perspective

RESOURCES

RELATIONSHIPS

RESPONSIBILITIES

PROCESSES

Capital investment:• Financial• Political• Social• Material

Administration:• Labor• Systems• Technology Assets

Constraints:• Legal• Contractual• Community• Industrial

Performance Mgmt:• Targets• Effects• Tasks

Stakeholders in the business-related entities are dependent on how things are enabled and controlled.


Entities(dependent variables)configurations

Executive Perspective

Executives protect stakeholders. Stakeholders include suppliers, partners, managers, workers and clients of the activity and conditions generating business opportunities and capabilities. IT increasingly dominates the activity and conditions…


(dependent variables)configurations

Systems Perspective

Business effectiveness is normally predicated on systematic activity and on the coordinated manageability of the systems. Coordination drives acknowledgement of requirements and objectives across the systems, supporting “in-common” alignment. Failed acknowledgement allows or even generates systemic misalignment that weakens overall effectiveness.


EntitiesINDEPENDENT VARIABLES(dependent variables)configurations

Landscape of Governance presence

RESOURCES

RELATIONSHIPS

RESPONSIBILITIES

PROCESSES

Capital investment:• Financial• Political• Social• Material

Administration:• Labor• Systems• Technology Assets

Constraints:• Legal• Contractual• Community• Industrial

Performance Mgmt:• Targets• Effects• Tasks


Aligning Business and IT

A Glossary of IT StakesAn objective is a measurable target future state

A need is a circumstance of insufficient means or state for an objective

A requirement is a specified characteristic demanded of a provided action, item or condition

Demand is a level of requested receipt of a deliverable

Capability is reliable availability of a functionality

Fulfillment is a process of meeting demand by delivering supply

Effectiveness is the degree to which a method’s targeted level of output is achieved

Quality is a degree of compatibility provided with satisfying a requirement

Assurance is a promise of guaranteeing intended effect

Ensure is an activity guaranteeing intended effect

A service is an operations output that is deliverable on demand under terms of agreement

A resource is an asset designated for attaining an objective

The Governance ScenarioStakeholders in the business expect business opportunities to be cultivated and protected.

The relationship of the business to other entities, and of itself and those entities to the environment, is in effect the ecology of those opportunities.

Cultivation and protection of that ecology falls under governance.

In that environment, the activity that it fosters, including generating and maintaining the relationships, falls under two general categories of assessment: performance, and capability. In turn, the activity can alter the environment as well as conserve it.

Today, IT predetermines the ecology of business operations by dominating both performance and capability. IT is used to create, execute and control most of the critical modes of interaction that produce and exploit the opportunities needed by a business.

Governance needs to “manage” that ecology.

What is IT Governance?

“The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organisation's governing body.”*

“Stewardship is an ethic that embodies the responsible planning and managementof resources.”*

Governance coordinates the assurance of stewardship.

• Responsibility is for ensuring appropriate resource utilization

• Planning and management coordinate propriety.

• A framework of governance provides explicit supportive guidance of the coordination.

* definition supplied via Wikipedia

Resource AlignmentWhat is “appropriate” utilization?

Capability and performance distinguish a business’s competency and health, and establish its presence.

The presence of a business in its environment is characterized by its forms and behaviors among other businesses and customers.

Investment in IT utilization is a critical success factor of implementing the forms and behaviors of the business.

The logic of the “IT investments” is based on aligning IT-enabled capability and performance to the requirements and benefits of business stakeholders.

The investment’s dependency on that alignment is the “stake” that the investor has in the utilized IT.

RESOURCE

The Challenge of Directing ITIT stakeholders look for beneficial conservation of their IT stake, by “cultivating and protecting” the investment made. The cultivation and protection is organized as the directorial influence of governance.

“IT Governance” is most strongly challenged by two huge forces.

The additional challenge is any combined instances of performance pressure (from unchanged perspectives) and discontinuity (from innovation).

Performance management intentionally imposes a certain concept of effectiveness on the acknowledgement of operational outcomes, while discouraging other perspectives.

Technology and service innovation intentionally obsolete prior incumbent systems and standards, while often not bringing compensating management or realignment with its occurrence.

The other is the increasingly pervasive development of Autonomous IT – capabilities as driven by ongoing technology and services innovation.

One of them is Return on Investment (ROI), as driven by current practices of performance management.

Pressure of Performance Management

Performance Management supplies an idea of what kind of outcomes are appropriate to (i.e., planned for) business goals. Typically, its “propriety” is based on relevance to productivity for profit. Profit supplies the justification for investments being made.

In less-than-ideal circumstances, alternative objectives to profit exist but, conventionally, are frequently suppressed as justifications for investment. The impact on investments is twofold:

• investments not correlating with profit outcomes stop being used as incentives for management

• Profitable outcomes with no longer-term benefit are distractions that drive a wedge between current priorities and attention to future opportunity

The exceptions to the above are “business models” that define non-profit gains as the primary business benefits. In effect, these models declare certain capabilities (for example: service types, or market share growth) as the business goal of stakeholders.

The governance requirement, therefore, is to apply a clear and appropriate business model to the interpretation and alignment of any means (whether internal or external) of enabling capabilities.

Pressure of independently developing systemsThe optimization of IT resources for stakeholders requires an up-to-date understanding of what becomes a “resource”, how it becomes a resource, and who decides to incorporate the resource, in the functions that require commitments of IT.

Independently developing systems have lifecycle dynamics that are external to corporate internal administration. They may arrive, grow, change, or leave without direction or control of the business or its IT organization, including without their permission or support. Automation and autonomous providers are equally challenging in this regard; they both need to be vetted and subscribed.

Systems Path to value: Governable via administration:

Acceleratingchallenges:

Example business functions affected:

Information both inhabiting and monitoring technology

policy Cloud accessAnalytics

Provisioning (sourcing)

Technology producing both information and processing

architecture Market innovationsOpen source

Engineering (r&d)

Workgroups leveraging both information and technology

methods Crowd sourcingSocial networking

Production (services)


How Governance is Done

The Semantics of “Governance”All concepts of governance appeal to a common agreement that guidance and control are necessary.

Unfortunately, governance is an idea that has a confusingly wide variety of definitions. Variants originate in standards bodies (institutional), consultancies (domain experts), academia (research), and “organic” practice (empirical experience).

The variations in definition risk complicating governance by failing to provide uniformity in its implementation. But the same variations allow its practice to identify and leverage many existing management activities if the activities can be given proper sustained orientation.

Most interpretations of “guidance” or “control” try to address several of the following characteristics of deciding, prescribing, and validating IT uses:

Guidance & Control As A … Necessity Type Authority Responsibility Accountability

Decision

Prescription

Validation


Example: Resource stewardship framework

A framework identifies requisite areas of responsibility and guides their coordination.

With IT, it is used to “identify, establish and link the mechanisms to:

• oversee the use of information and related technology to create value, and

• manage the risks associated with using information and technology.”*

That general use of a framework fits in with a variety of other definitions of governance to start illustrating the idea of what “responsible resource optimization” means.

Objectives of IT Resource Alignment

Authority:Ensure

Responsibility:Plan

Responsibility:Manage

Mechanism

Deliver Benefits Oversight of Value creation

Performance Operations Accountability

Optimize Risk Management of associated Risk

Quality Policy Control

* adapted from Wikipedia entry© 2014 Malcolm Ryder / archestra research

Example: “Corporate” governance of ITPurpose: “to ensure that the organisation's IT sustains and extends the organisation's strategies and objectives.” *

Strategy pursues benefits; objectives pursue progress.

• Ensure includes responsibility and direction of decisions and practices

• Operations underpin strategy

• Performance underpins objectives

Alignment of IT usage for business goals

Ensured Benefits (strategy) Progress (objectives)

Oversight of Value creation

Decision rights and stakeholder representation

Operational model underlying strategy

Performance goals of IT management

Management of associated Risk

Auditing of IT management practices

Operational constraints (legal, ethical, quality)

Transparency and stakeholder participation

* per Wikipedia entry. Here, “organisation” means business entity.© 2014 Malcolm Ryder / archestra research

Example: Governance StandardsISO 38500 defines the Corporate Governance of IT as “the system by which the current and future use of IT is directed and controlled.

Corporate Governance of IT involves

• evaluating and directing the use of IT to support the organization, and

• monitoring this use to achieve plans.

It includes the strategy and policies for using IT within an organization.”

System view of ISO 38500

Direction of current use

Direction of future use

Control of current use

Control of future use

STRATEGY(evaluation)

Performance Goals Objectives Plans

POLICY(evaluation)

Requirements Portfolio Administration Architecture


Levels of GovernanceBeneficial opportunity is the general goal of every business. Each business pursues its selected opportunities in accordance with its managed capabilities.

Under guided coordination, resources flow through practices into creating capabilities that are useful for the business.

Neither level of governance above can suffice to do the job of both levels.

A Company level of governance addresses the opportunity-enabling capabilities supported by IT

An IT Organization level of governance addresses the capability-enabling practices that stabilize and direct the necessary usage of IT.

Company-level Governance

COBIT5 – GOVERNANCE: HIGH LEVEL CONTROL OBJECTIVESEvaluate, Direct and Monitor (EDM)EDM01 Ensure Governance Framework Setting and MaintenanceEDM02 Ensure Benefits DeliveryEDM03 Ensure Risk OptimisationEDM04 Ensure Resource OptimisationEDM05 Ensure Stakeholder Transparency

Objectives of IT USAGE Control:

Direction via:

Deliver Benefits Operations

Optimize Risk Policy

Optimize Resource Administration

Inform Stakeholder Reports

“Corporate” governance

An emphasis on ensuring (causing) appropriate utilization of I.T. for business outcomes means engaging the company level of activity management. Some engagement therefore regards how activity is structured. For governance, the key engagement is in the use of information “for” the stakeholder, about the utilization.


COBIT5 – GOVERNANCE: HIGH LEVEL CONTROL OBJECTIVESEvaluate, Direct and Monitor (EDM)EDM01 Ensure Governance Framework Setting and MaintenanceEDM02 Ensure Benefits DeliveryEDM03 Ensure Risk OptimisationEDM04 Ensure Resource OptimisationEDM05 Ensure Stakeholder Transparency

Objectives of IT USAGE Control:

Evaluate Direct Monitor

Deliver Benefits Performance Operations Impact

Optimize Risk Quality Policy Compliance

Optimize Resource Value Administration Task

Inform Stakeholder Plans Reports Audits

vs. Strategy vs. Statevs. Capability

Ordinary governance informationAvailable information for stakeholders must literally “reflect” outcomes. Governance attends to the impact that the usage has on the investment of the resources. The value of a resource is based in its usage. In terms of utilization, intent is reflected in evaluation, guidance is reflected in direction, and adherence is reflected in monitoring. Together they provide a view of alignment.

Usage impact ->


IT-level Governance

IT organization stakesThe IT organization centralizes performance management of IT services and quality management of IT resources. That management, in both forms, is applied across the full lifecycle of IT’s introduction into business operations throughout its use and final exit.

But stakeholders do not presume performance and quality; stakeholders presumeoperational propriety by their organization, and they assume that impropriety is risk.

The propriety refers to the correct way to fulfill demand.

The IT organization can meet the presumption by using investments to produce the service performance and resource quality itself, and then to provide it. (“Produce” means to buy, build or borrow in order to obtain.)

Where the business has a dependency on the IT organization as its provider, the business is a stakeholder in the IT organization.

Where the IT organization has a dependency on technology to enable its production, the organization is a stakeholder in the technology.

Operational Propriety:Responsibilities compared• Oversight

• Accountability of needed value from administering operations

• Compares value maintained to value required

• Administration• Management of duties, responsibilities, rules

• Creates information needed for accountability

• Management • Producing and sustaining co-operation, usually towards multiple objectives

Optimization Requirement and RiskFor the business, the goal of optimization is to maintain opportunity, not to maximize performance.

Resource optimization aligns the utilization of the resource with the stakeholder’s intended benefit.

But change alters the potentials of alignment. Change can alter the degree and/or the duration of resource alignment, as well as the logic of the alignment method.

Change is the critical constraint on optimization and is increasingly the primary source of risk.

Managing change to a targeted outcome involves strategy, authority, and co-operation.

IT Governance must itself be a business strategy for overseeing the impact of change versus opportunity.

IT Governance of technologyGovernance is intended to optimize IT utilization. As the primary objective of optimization, propriety is established by ensuring appropriate effects of IT resource usage.

For stakeholders, resource optimization occurs primarily in administration. Administration is defined as “the act of managing duties, responsibilities, or rules.”* With IT, this means administration of operational systems involving:

• Information (both inhabiting and monitoring technology; related to policy)

• Technology (producing both information and processing; related to architecture)

• Workgroups (leveraging both information and technology; related to production methods)

But increasingly, these systems are developing faster outside of company control than within it. How is internal administration reconciled with self-developing or externally developing systems?

* http://www.yourdictionary.com/administration

Optimization StandardsWhether produced or acquired, capability generates the viability of opportunity.

Opportunity in the business depends on how the company administers a sustained reliability of the availability of IT functionality.

Administration both prescribes and constrains decisions to that effect.

Administration manages the related duties, responsibilities, and rules by which reliabilityunderpins capability. Those decisions cover purpose, scope, visibility and quality.

Administered IT Resource Reliability

Direction(purpose)

Permission (scope)

Control (visibility)

Support(quality)

Capability method architecture method architecture

Security policy policy architecture policy

Economy policy method policy method


Timely, Compatible, IT-based CapabilityBroker – business advocate

Agent – provider advocate

Capability is a reliable availability of functionalityFulfillment is a process of meeting demand by delivering supplyEffectiveness is the degree to which a method’s targeted level of output is achievedQuality is a degree of compatibility provided with satisfying a requirementAssurance is a promise of guaranteeing intended effectEnsure is an activity guaranteeing intended effectA service is an operations output that is deliverable on demand under terms of agreement.A resource is an asset designated for attaining an objective.

An objective is a measurable target future stateA need is a circumstance of insufficient means or state for an objectiveA requirement is a specified characteristic demanded of a provided action, item or condition Demand is a requested level of receipt of a deliverable

Governance institutes authority to insist on

co-operation. A broker-agent model of co-operation, based on

agreed assurance of reliability, continually refreshes alignment.

Plan and Control of AlignmentGUIDE – set business path for IT to follow

• IT utilization must be strategically oriented to address business priorities.

• Utilization is an outcome of a business deployment of IT implementation

• Governance presumes the ability to constrain the deployment of IT in operations.

• Accountability of deployment must directly certify its approval under business policy.

GUIDE Oversight Administration Management

Strategy *

Deployment * *

Constraints * *

Policy * *

Checklist of Terms of Agreement for Agent-Broker transactions


Plan and Control of AlignmentDIRECT – produce IT for operations in accordance with the guidance

• Policy presumes that deployment leverages a verifiable IT implementation.

• Implementation orchestrates the selection of IT resources

• IT resources must be compatible with the concurrent capability to support scope of implementation

• Implementation scope must require verifiable specifications that are within parameters of investment

DIRECT Oversight Administration Management

Implementation *

Selection * *

Scope * *

Specification *

Checklist of Terms of Agreement for Agent-Broker transactions


Key Distinctions of CommonBroker-Agent TopicsTOPICS Business

ProcessesServices Portfolio Platform Sourcing Funding

Strategy * * *

Deployment * * *

Constraints * * *

Policy * * *

Implementation * * *

Selection * * * *

Scope * * * *

Specification * * *

Topics have both key differences and important overlaps; no topic is entirely exclusive of another; even differences are often a matter of priority or relative importance to decisions.


Operational basis of Business CapabilityReconciling the I.T. “oversight” semantics of the Dept. of Education, Gartner, and ITIL

ITOM Business issues

Functions of a firm (business)

Design (plan)

Direct (control)

Manage (align)

Monitor (track)

Customer requirements services/goods performance provisioning operations

Business Operations methods efficiency effectiveness tasks

Business Organization manufacturing facility availability support demand

Business Organization production process scheduling capacity events

Business Organization development environment applications quality faults

Resources supply configuration assets infrastructure

To ensure propriety: accountability includes oversight information; direction includes administrative information.

In business, ”oversight of […] is the responsibility for making sure [ensure] that it works efficiently and correctly.”*

* http://www.collinsdictionary.com/dictionary/english/oversight © 2014 Malcolm Ryder / archestra research

PostscriptReferences to example related content

Governance in IT Operations

IT operations management (ITOM) software is intended to

represent all the tools needed to manage the provisioning,

capacity, performance and availability of the computing,

networking and application environment.

Gartner divides the ITOM market into 10 major segments that

include DBMS, application management, availability and

performance, event, fault and log management, network

management, configuration management, IT services desk

and IT help desk, asset management, job scheduling and

other ITOM (which refers to output management software) for

tools used to manage hardware peripherals, such as printers.

The objective of IT Operations Management is to monitor and

control the IT services and IT infrastructure.

IT Operations Management executes day-to-day routine tasks

related to the operation of infrastructure components and

applications. – ITIL 2007

According to the United States Department of Education,

operations management is the field concerned with managing

and directing the physical and/or technical functions of

a firm or organization, particularly those relating to

development, production, and manufacturing.*

Operations management is an area

of management concerned with overseeing, designing, and

controlling the process of production and

redesigning business operations in the production

of goods or services. It involves the responsibility of ensuring

that business operations are efficient in terms of using as few

resources as needed, and effective in terms of meeting

customer requirements. – Wikipedia

A Survey of “Influence” on IT alignment

Management Standards

• ITC Standard

• Strategy and Governance defines the direction and the way of managing ICT.

• Its significance increases when the company faces a transition or aggressively pursues growth and development.

• Optimally, ICT is a change promoting engine with the ability to implement changes in a controlled manner. However, if Strategy and Governance is dysfunctional, ICT easily becomes the bottleneck for the company’s overall development.

-- https://www.ictstandard.org/book/strategy-and-governance/overview

https://www.ictstandard.org/book/strategy-and-governance/overview

Autonomous IT: Decisions

• Machine Learning and Intelligent Systems

• Machine learning plays an increasingly important role in our lives, whether it's ranking search results, recommending products or building better models of the environment. The development of more efficient and powerful tools to support the engineering practices of machine learning is strongly needed. Tools and methods that let non-experts do a great job with their own predictive modeling are needed to truly empower users with machines that learn.

• - See more at: http://www.eweek.com/database/slideshows/ieee-picks-top-23-technologies-for-2022.html?kc=EWKNLEAU09162014STR1&dni=167411619&rni=25786451#sthash.lryoyW4T.dpuf

Autonomous IT: Processes

• The Internet of Things

• From clothes that monitor our movements to smart homes and cities, the Internet of things (IoT) knows no bounds, except for our concerns about ensuring privacy amid such convenience. The IoT is here to stay, driven by, among others, device technology advances, the opportunities created by the billions of smartphones with their rich built-in sensors, Internet connectivity to fixed facilities, increased mobile connectivity, the new functionalities it enables and business reasons, such as the desire to reduce cost through automation, reduced loss/wastage and shorter durations for supply chains, the report said.


Autonomous IT: Infrastructure• Cloud Computing:

By 2022, cloud will be more entrenched and more computing workloads will run on the cloud. The real promise of cloud computing is the way that it changes the game for software development. IT administrators and developers will have the ability to create true virtual data center infrastructure substrates, where resources are connected virtually across clouds and premises, and developers are able to tap into APIs of services to mash up applications and middleware from different providers.



[email protected]

raising the stakes - it governance

Leadership & Management

business benefits

business people

set of relationships

set of processes

set of resources

set of responsibilities

set of tools

chance of production