My name is Arno Kapteyn and I am a Managing Consultant at Capgemini based in The Netherlands. My field of expertise is

primarily IT Governance with a secondary focus of IT Risk, IT Compliance, IT Security, IT Service Management and IT

architecture.

In the course of my professional career I gained hands-on experience in using models such as:

-ITIL (V2 and V3)

-CobiT-CobiT

-COSO

-ValIT

-ISO 17799/ 27000

-CMMi

The use of these models helped to address topics amongst which:

-(IT) Process Improvement

-Risk Management

-Value Management

-Business – IT Alignment

-Control Framework Design (to meet Security, Financial and other Compliance requirements)

-IT Performance Management

1

Do you know who said this? It was Henry Ford when he described his ideas about product diversity at the time he

introduced the Ford model-T. It was part of the corporate philosophy when he started the Ford Motor Company. This helped

build the company into the Global Company it is today. Yet when you walk into a Ford dealer today and read the leaflet of

any of the Ford models you will find you can get any of a range of models in many different colours.

So somewhere in its development and growth into a world-wide enterprise the Ford Motor Company dropped the “One size

fits all” philosophy in favour of a more diverse product portfolio.fits all” philosophy in favour of a more diverse product portfolio.

2

Company growth is a goal for most companies and many C-level executives dream of giving their enterprises a placing in the

top Fortune Global 500. But that position is not achieved over night. The road to the top is long and results in many changes.

Some of those can have a fundamental impact on the corporate values and culture.

In each stage of the journey to the top IT will have to check what the needs of the business are and ensure that their

Services offer optimal value with respect to those needs.

3

So the challenge for IT is: How can IT help the business to create value? To even further complicating this question the

business keeps changing! However the answer remains very simple: Produce the services the business needs. To ensure IT

produces what the business needs so business can create maximum value with a minimum use of resources we call

“Business-IT Alignment”. As stated at the beginning of this slide this would mean the first goal for IT is to prepare for change.

4

If we zoom in on Business - IT Alignment the first thing you noticed is that it is not a new field of interest. With so many

people out there expressing opinions about Business – IT Alignment there is bound to be a lot of confusion of terminology,

Goals, approaches, benefits. Interesting to notice that only Business – IT Alignment is such a hot topic. The other corporate

functions do not seem to think so much about alignment with business.

Some further investigation revealed that of the topics listed above only Business-IT Alignment is a topic on Wikipedia. The

others do not even have a placeholder. So there seems to be room for consults to establish expertise in any of these other others do not even have a placeholder. So there seems to be room for consults to establish expertise in any of these other

fields.

5

Here you see the classical views of Business – IT Alignment: Business on top, deciding on the corporate strategy. Next the

CIO talks to the CEO to understand corporate strategy. Based on that understanding IT develops the IT strategy in alignment

with the Corporate strategy

For Example: The corporate goal of a electricity company might be to reduce CO2 emissions. The resulting IT Strategy might

be to create Power Saving Services. Would you consider this Value creation for business? I would not.

Gartner states: “Stop worrying about the business value of IT; instead, get recognition for IT's contribution to business

success by tracking business process and corporate performance metrics and demonstrating how IT contributes to those

metrics.” (How to Stop Worrying About the Business Value of IT, 26 may 2006, ID Number: G00138957). When we look at

that statement the questions that come to mind are:

•How many CFO’s are actively working on the balance sheets as part of the financial close process?

•How many manufacturing directors are active on the assembly line as part of the production process?

An example: For Walmart the core-business process is distribution. The complete focus of this company (including IT) is on

creating an efficient distribution mechanism. IT offers a mechanism that tracks in store availability of product by taking stock

information combining it with sales information from the Sales Registers and informing the shipping and purchase

departments to re-fill when required. That is the value created using these systems is clear!

An other example this about the Dutch company Alex, a Internet Stockbroker. The Value IT helps to generate starts the

moment the customer enters its purchase information via the Internet. The automated systems validate the purchase order,

check if they are within the customers limits and automatically transfer the order to the trading floor for fulfillment thus

saving handling cost and time. There is no discussion how IT contributes to the Business value there.

Bottom-line: Value is created on the work-floor!

6

So Alignment for the purpose of Value creation is not about Business-IT Alignment.

It is about HR-IT Alignment

AND

Shipping-IT Alignment

AND

Sales-IT AlignmentSales-IT Alignment

AND

Etc……

The challenge however is that each of these functions is unique in their requirements.

For example:

-The Finance Department might be subject to Sox

-The HR Department on the other hand might need to comply with Data Privacy regulations.

- The Finance requires their systems to be available during the financial close period (Monthly, Quarterly or Yearly)

- For the trading department system availability during the market opening hours might be vital.

An example of the latter: When a Dutch financial company started a service were customers could call in their stock-orders

via the telephone they learned this the hard way. The system used by the call center to book the order and transfer it to the

trading floor initially was unstable. As a result in some instances there was a substantial delay in fulfillment of orders. So

orders were not completed against the prices as expected by the customers. If this was in the advantage of the customer

nobody complaint but if the customer got a worse price than expected he would complain. To ensure the credibility of their

new service the bank decided to honor all complaints by refunding the difference thus paying for the difference between

expected purchase price and actual purchase price out of its own pockets.

7

When the company grows into a multi national this complicates the picture even further:

For example in different countries different laws are applicable: EC regulations prohibits the export of personal data outside

the EC boundaries unless strict rules are met. So if IT wishes to offer a service to HR for the storage of all Employee Data

world wide they should take this into account when deciding the place for the physical datacenter.

An other example. Besides the time zones to consider when offering IT Support, different cultures have different working An other example. Besides the time zones to consider when offering IT Support, different cultures have different working

weeks. In the Middle East the weekend starts Thursday afternoon and people start working again on Saturday. A Saudi

Arabian sales person for a multi-national company would expect to receive IT Support if his systems fails on Saturday

Morning when he returns to the office. As a result, to offer Office-hour support for a globally provided IT Service

effectively means the IT Department has to set-up 24x7 hour support!

8

So how do we handle all this complexity? First we should set-up stakeholder management. The primary goal of which is to

create Stakeholder groups.

A Stakeholder group is a subgroup of the Business sharing one or more characteristics that cause them to have similar

product needs. The ideal Stakeholder Group meets the following criteria:

-it is distinct from other segments (heterogeneity across segments),

-it is homogeneous within the segment (exhibits common attributes); -it is homogeneous within the segment (exhibits common attributes);

-It is recognizable and approachable (it can be represented by a mandated representation)

When creating these groups there are no absolutes, each choice is a trade-off between advantages and disadvantages.

There is no textbook implementation each solution is as unique as the organization it is created for.

9

When we engage in this exercise the first question is how many Stakeholder Groups should we aim for?

The answer: It depends. This differs per enterprise, first of all the variation of requirements is an important factor here.

Furthermore the corporate culture is important. Enterprises that have a culture of product standardization such as Mc

Donalds and Microsoft are more likely to accept a standardization approach from there internal Service provider than a

company more used to customization like Capgemini or Starbucks.

10

The second question is what does the business architecture of the organization look like? To ensure Stakeholder Groups are

recognizable both for IT and Business alike it is often best not to deviate to far from this structure. However the goal is to

create a breakdown that IT can use to create service offerings, to ensure the result is fit for purpose IT might need to deviate

from the organizational structure as described by business. This example shows how the Upstream Division of an Oil

Company is segmented according to the business as opposed to the way IT segmented the same division. You will noticed it

looks similar but not the same. It is important to notice that these kind of differences, though useful, can be the source

much miscommunication and misunderstanding. The result of the Business breakdown of IT should therefore be much miscommunication and misunderstanding. The result of the Business breakdown of IT should therefore be

communicated and discussed with the different stakeholders to minimise this risk.

11

If the organization is segmented into regions it is wise to adopt the same regions unless there are clear reasons not to.

For example in case of an Oil Company the regions are described as displayed. One of the Services IT offers the Business is a

system that stores the proven Oil Reserves per region/ country and the production figures. As recent history proofed Oil is a

strategic resource, countries are willing to go to war over it. As you can imagine in areas were tensions are high leaders of

the countries involved have very strict rules about storage and use of this information. In turn this service is offered on a

country by country bases.country by country bases.

In the case of a financial institute business considered Western-Europe one geographic region. However for the back-office

processes (especially those handling the customer financial data) IT found they could not create a single Data centre Service

because the banking laws of tax havens like Luxembourg prohibited the export of customer account information.

These examples already show that different Services may lead to different Stakeholder segmentation. This further adds to

the complexity of the exercise. Since the organization is also subject to continues change as mentioned earlier Stakeholder

Management is a continues process that should periodically evaluate and tune the stakeholder grouping.

12

Once we established the stakeholder groups the next step is to build the Governance structure to engage with these groups

and capture their needs. Needs are defined as “everything that would help business in its effort to create value”. At this

stage it is not important if IT can offer a service to meet the need, the impossibility of today might be the possibility of

tomorrow.

Again an example, about 10 years ago the regional distribution department of a global printer manufacturer based in the

Netherlands had a communication need to there foreign Distributors. In particular when looking at the distribution business Netherlands had a communication need to there foreign Distributors. In particular when looking at the distribution business

to Africa they encountered issues. The telephone service (including fax) in a number of African countries was so bad at times

the department had to send their product offers via postal mail. The turn around time for these offers to reach the

distributor and for the resulting orders to return to the Dutch suppliers office was such that often could not meet the orders

because often the offers had already expired. Effectively this made sustained distribution business in these countries

impossible. At the time the need could not be met. Only when E-mail came along IT could build a service ensuring faster

delivery of written information over long distance with an acceptable degree of certainty of actual delivery. So meeting

business needs helps business create value. Needs however are high level, un-quantified, sometimes impossible to meet.

Not nearly specific enough for the IT Department to translate into service offerings.

To help with the with the more detailed specification first of all we introduce features: Features represent the high-level

outline of the possible solution. For example: If the need is long distance transport the feature might be a plane or a car and

if we have a general notion about the amount of material we want to transport we might have an idea if the feature should

be a car or a lorry. This high-level feature will help to decide who should be involved in designing and creating the final

solution. In the example, the feature is a plane then there is no need to walk into a car dealer. At this level the questions is

answered if the IT Department should be involved at all.

13

Continued…

By further looking at the details of the need we start identifying more and more detailed requirements which helps us to

reduce the number of possible features. This brings us to requirements management: Requirements Management is the

process responsible for gathering and managing all requirements connected to a need. The requirements will help decide

which feature is most applicable and than help to transform that feature into the detailed solution to the need.

Requirements managements ensures that IT receives all specifications needed to create, run and maintain IT services to

meet business needs. Key word here is all specifications, not just the functional specifications of the system that might

become part of the service. Also:

-the information about applicable law and the resulting compliance requirements

-Applicable risks and the resulting control requirements that apply to the service

-Support requirements

-Financial requirements

-Etc. etc.

Rule of thumb: Any aspect possibly used to measure the quality of the service during delivery should be quantified in the

form of requirements.

14

The two cars shown above meet the same need of long distance transportation yet changes in technology and environment

mean that both cars are build against fundamentally different sets of requirements. The T-ford was build to meet the

requirements at the time and subsequently the model was modified to meet changing requirements. Eventually the model

could no longer be adjusted and was retired to be replaced by a new model car which re-started the cycle.

This example describes the basic Lifecycle of a product or service. In each stage of the lifecycle it is important to know and

understand the Service original Needs, Features and Requirements and the way they evolved over time. Changes in the

environment call for adjustments of the Service to be able to make the correct decisions on topics such as adjust or replace it is environment call for adjustments of the Service to be able to make the correct decisions on topics such as adjust or replace it is

important to understand the history of the service.

Example stages in Full lifecycle management (including the run & maintain)

A. The Need is identified yet no technology to respond to the need. (For instance the finance department needs a book

keeping method)

B. Technology becomes available, requirements are captured and the Service is designed (Peoplesoft introduces its software.

IT recognizes the software as the potential feature that meets the need. They contact the finance department come to a

basic understanding to develop a solution based on the feature. IT and Business establish the requirement set and build

the Service based on the feature)

C. Service goes into operation and is delivered to the business (The business starts working with the implementation of

Peoplesoft, replacing the paper based system)

D. Adjustment of the need results in adjustments of the requirements set. This triggers a change of the service. (The business

expands operations from Europe into the United States, the financial department needs to comply with the American

Gaap next to the European standards. Furthermore adjustments to the support model are required since the US Finance

Department is in a different time-zone).

E. Changes in the environment trigger additional requirements to be added to the set. (The introduction of the Sox law

triggers additional Control Requirements for the Service. Both application embedded controls and controls regarding the

support of the system need to be reviewed and at times adjusted).

F. New technology comes to market better meeting the needs of business the investment decision is made to replace the

current Service. (Oracle comes with a new solution with improved functionality which offers the finance department more

possibilities to automate business process controls thus reducing cost of operation.)

15

Continued

Knowing needs makes IT pro-active: IT can match new technology against needs & requirements that change over time.

The example used is fairly straight forward but let us now assume that during the expansion to the United States (as mentioned

in D) it is found that the current system can not be adjusted for US GAAP. This might result in a new Stakeholder Group, a

second requirements set and a separate service. Now assume that the new technology from Oracle does have the functionality

to handle multiple accounting methods. As a result we can now combine the requirements from all stakeholders into one to handle multiple accounting methods. As a result we can now combine the requirements from all stakeholders into one

service offering. This effectively combines the two stakeholder groups into one. The capability to handle those kind of changes

effectively and efficiently qualify are a measure of Agility.

16

As the quote from John Thorp shows Val IT addresses the same topic: IT supporting business in its effort to create Value. And

indeed when working with the Dutch Oil company we used Val IT as one of the industry standards used to create the IT

Operating model.

17

Hopefully you will recognize the image as the 4 fundamental questions Val IT helps to answer. Stakeholder and

requirements management are primary focused on the question: Are we doing the right things (the question in the top left

corner). Furthermore it helps to define the benefits that we are checking for in the upper right corner.

The Oil company mentioned earlier is currently (Re)-designing their Enterprise IT Governance and operating models CobiT is

used as the starting point to define the Processes and Control Objectives that form an integral part of these models. To

improve the focus in Business-IT Alignment and value creation the concepts of Val IT were used. When doing so we found improve the focus in Business-IT Alignment and value creation the concepts of Val IT were used. When doing so we found

Val IT very useful but it did not help us meet the diversity in requirements we encountered in this enterprise. It is when we

compared notes with colleagues working other multi national enterprises on similar issues that we came to recognize the

value of Stakeholder and Requirements management. It helped us enhance the value of the CobiT and ValIT frameworks.

18

The strength of ITIL has always been as a process model for the Run and Maintain departments of IT. With ITIL v3 they

expand their views and recognize the issue of Business-IT Alignment and the need to have a clear and complete

understanding of the business requirements to ensure the Services offered match those requirements. However ITIL offers

little help in designing a structure to ensure timely availability of those requirements.

Our approach on the other hand sets out to ensure we know what business requires but does not address how we should

create and deliver the response in the form of IT-Services offered. create and deliver the response in the form of IT-Services offered.

Stakeholder and Requirements management work very well in cooperation with ITIL (Any version but especially Version 3)

19

ITIL Version 3 pushes the concept of Catalogue Management and IT Service Portfolio Management. IT offers ideas both for

creating these processes and the supporting systems. Stakeholder and Requirements Management help structure the

Demand Side of such system and ensure timely and up-to-date availability of the Requirements from Business.

20

Both Service Oriented Architecture (SOA) & Service oriented Enterprise (SOE) are currently hot topics.

When talking to IT People they primarily think about design of IT Systems in re-usable objects & communication contracts.

For the purpose of this presentation on Value creation they miss the point. Reusing components to build services instead of

offering the functionality of an application achieves SERVICE ORIENTATION.

When we look at the definition of a service according to Wikipedia we find: “A service is a set of benefits delivered from the When we look at the definition of a service according to Wikipedia we find: “A service is a set of benefits delivered from the

accountable service provider…” So if we focus on this part of the statement you come to the conclusion that “Service

Oriented” leads to “Benefits oriented”.

The benefit of SOA is in what it offers: flexibility of functionality at lower cost because of re-use of components. That what

we wanted, flexibility of functionality. Stakeholder & Requirements Management helps to pin-point where this added

flexibility would assist business most in creating value!

The following example: A car manufacturer identifies three types of customers based on the primary question they have

when looking for a car:

•How fast is it?

•How fuel economical is the model?

•How spacious is the interior? (The customer is looking for a Family car)

To ensure the product offered meets the requirements of each group in the best way the manufacturer could decide to

design three different models from scratch. Though it would ensure each groups requirements are met it is not very efficient

and as a result not very economical. The solution most car makers apply to: Three different versions of the same base model

(one with a power engine, another with a fuel economy engine and a third one as a station car), re-using most of the

components. Not only for different types of the same model but even for different models. I guess that makes the

automotive industry inventors of SOA!

21

Many of the ideas concepts and quotes we used when building the approach and this subsequent presentation can also be

found in business-to-business marketing. The fundamental goal of marketing as articulated by Philip Kotler are exactly those

goals IT hopes to meet with its focus on supporting business in its effort to delivery value. So instead of running the risk of

re-inventing the wheel IT would be well advised to take notice of and learn from the findings of Business-to-business

marketing. In particular knowledge on topics like Market segmentation (Stakeholder-grouping) and Needs identifications

could easily be re-used.

The fact that I have never encountered a marketeer working for the IT department suggests there is room for improvement!

22

When looking at the question of which size company should take notice let start with a rule of thumb:

•You don’t need a dedicated manager unless you have an organization of at least 20 people.

•You do not need formal governance structures until you have at least 10 managers.

Therefore IT Governance only becomes a topic of interest when the organization has an IT Department of at least 200

people. If one in 50 personal is in IT this would result in a company size of at least 10.000 employees.

So does that mean that each representative of a smaller organization just wasted his time on this session? If your So does that mean that each representative of a smaller organization just wasted his time on this session? If your

organization has no intention to grow maybe, for all others if you do not wish to be surprised in the wrong spot without a

clue how you got there mark the words of Wayne.

The examples used are mostly taken from larger corporations since they are easily recognised. However IT Diversity as

Gartner calls it starts from the moment the company has more than one employee. It is a gliding path of constant change

for the IT Department. To be considered truly agile they need to be able to recognize and react to each next step in the

growing complexity of IT Requirements.

Signs of this growing complexity are for instance:

-Creation of function departments

-Addition of Divisions

-International expansion

-Transcontinental expansion

-Creation of Service Centres

-Etc.

23

And once you are truly focused on understanding and meeting the needs of business there is always the alternative view.

For the best of reasons forces within the IT Domain might try to distract you from “the path of enlightenment”.

A warning from Gartner, in their article named “Trends driving increased IT Diversity” they state: Demand for IT Diversity

has been growing for years, furthermore it is expected to grow for the next 10 years. If IT does not react with differentiated

services and technologies to meet this development Business will find alternative sources. This will most likely result IT

losing the control over the IT Environment. In turn that might easily result in unwanted exposure to unknown and/ orlosing the control over the IT Environment. In turn that might easily result in unwanted exposure to unknown and/ or

uncontrolled risks.

24

So the last remaining question is can the benefit of the approach be quantified in any way? The search to answer this

question lead to an Article in the MIT Sloan Management Review called “Avoid the alignment trap in IT”. This article

describes the research investigating 453 to position them according to their level of IT Alignment (on the vertical Axe) and

the effectiveness of IT (On the horizontal axe). For each of the companies the research rated each of the companies of their

spend of IT as a percentage of revenue (against the baseline set in the maintenance zone) and the average business growth

(also against the baseline set in the Maintenance zone).

The following results were note worthy:

-A high level of alignment with business of a less effective IT Domain leads to above average IT Spend but a below average

business growth. The underpinning explanation could be that at a high level of alignment will lead to a high diversity in

Service Offerings. A department which is challenged to meat its commitment will have even more issues of the diversity of

the services offered increases.

- Highly Effective but IT Departments with a lower alignment level can more easily engage in cost savings which will result in

a below average IT Spend (15%). Since the IT department is effectively meeting the (limited variation) in Business demands

for business this does translate in an above average Business Growth.

- When IT starts looking for more business IT Alignment while it is capable of effectively delivering on its promises we see

that the IT Spend remains below average but not as significant as in the Well-oiled IT quadrant (the complexity of the

services offered will increase the IT Spend). But the resulting additional Business Value (measured in Business Growth) is

formidable (35% above average versus 11% for less aligned companies.

The overall conclusions from this research:

-Before increasing IT-Business alignment for the purpose Value creation make sure the IT Department is operating

effectively so it can actually meet the higher level of Service Complexity.

-If this requirements is met increased Business-IT Alignment can lead to significantly high Value created by business.

25

Questions?

26

27