350 likes | 566 Views
Implementation of Application Portfolio Management. Overview July 2006.
E N D
Implementation of Application Portfolio Management Overview July 2006
Portfolio management is: a strategic and dynamic decision-making process to assess value, prioritize actions, and allocate resources to meet key enterprise objectives. A portfolio is: a collection of items grouped together to facilitate efficient and effective management so that fiscal, staffing, and other scarce resources can be optimally allocated to provide the most benefits or greatest value for investments made. The objective of portfolio management is: to optimize the enterprise’s IT portfolios in order to contribute to the organization’s successful performance and its sustained viability, value, and growth. The major tasks of portfolio management are: inventory and classify items in the portfolios, identify problems and opportunities, develop viable options, determine relevant criteria and weights, evaluate alternatives using pertinent information, and make reasoned and appropriate decisions. The results of portfolio management are: fact-based, data-driven, and analytics-oriented management decisions, using a consistent and disciplined approach within a well-defined governance structure. Portfolio Management
Investment Portfolio Management: Portfolio Management Goals Identify, evaluate, and prioritize candidate investment opportunities that meet strategic business goals and objectives in the most effective and productive manner by appropriately considering and weighing key factors, such as alignment with agency missions or governmental initiatives, satisfaction of compliance mandates, delivery of desired returns or public value, initial and life cycle costs, architectural fit, risk profiles, staffing availabilities, and the inter-relations among investments. Project Portfolio Management: Advance the management of IT implementation projects by assisting to clarify roles and responsibilities; provide for well-understood and comparable oversight; ensure they are planned well and researched thoroughly prior to starting; facilitate the management and monitoring of them to achieve, budget, schedule, scope, and quality expectations; and complete them successfully so that proposed business goals and objectives are realized and anticipated benefits and value accrue.
Applications Portfolio Management: Portfolio Management Goals (Cont’d) Inventory applications; assess them using a variety of criteria (such as agreement with agency business strategies or governmental priorities, benefits and value to agency missions or business processes, costs to maintain and operate, ability to meet current and future agency business requirements, operational performance, technical status, and risks; and develop a management strategy for continued investments in them over their useful lives to optimize benefits-costs. This is done by: a) analyzing present and future status from business, financial, operational, technical, and risk perspectives; b) determining business-criticality of applications and risk-urgency of results from assessments; c) identifying areas of over- and under-investments and reallocating funds to give the most benefits or greatest value for monies spent; and d) developing the best approaches, priorities, and timeframes for enhancement, renovation, consolidation, elimination, or replacement. Assets should be retired when they no longer are cost-justified or risk-acceptable.
Definition of Applications Portfolio Management Portfolio management is a competency of applying structured processes to evaluate selected classes of application assets or resources, determine issues or variations for defined standards, and implement appropriate actions to resolve these issues. The objective of applications portfolio management is to maintain good awareness of the portfolio and to optimize life cycle cost, quality, risks, and value creation across each class of applications and integration assets/resources. Source: Gartner Research Note titled The Application Management Activity Cycle dated 21 July 2006.
Summary of Findings of Keane/Gartner Legacy Applications Study – December 2004 • In the portfolio of approximately 900 applications: 40% are considered critical for department mission/strategy; 17% are enterprise (statewide) applications; and 75 of the applications processed by the state data center require 1-day return-to-service capability. • The statewide portfolio is relatively young, with an average age of 7.5 years – since 1997, from 70 to 90 new or replacement applications have been added each year to bring down the average age. • Health status is: 23% presenting functional, technical, or both problems; 50% with some problems, but manageable; and 27% healthy, with a prescription for continuing on-going operations and maintenance. • Remediation timeframes are: 11% require action immediately (within next two years), 35% require action in the near term (2 to 4 years), and 54% require action in the long term (4 to 6 years). • Although the immediate needs of the portfolio appear to be manageable, projections of its future status, if no remediation actions are taken, indicate an increasingly deteriorating condition as the applications age.
I. Strategic Business and IT Planning and Investment Selection and Budgeting - Investment Portfolio Management (IPM) – Build, Buy, and/or Implement the Right Assets III. Investment Operation and Maintenance, and Renewal, Retirement, or Replacement - Applications Portfolio Management (APM) – Maintain and Operate Assets in the Right Ways and Retire or Replace Them at the Right Times Framework for Managing IT Investments Life Cycle of IT Investments • Identify investments that best: • Enable governmental initiatives or agency missions and strategies • Result in financial returns – revenue generation or cost savings • Provide better constituent services or program effectiveness • Fit technical architectures • Satisfy budget, staffing, and other constraints • Meet risk profiles • Operate and maintain assets so that: • Benefits/costs are optimized over their useful lives through astute and timely renovations, consolidations, or eliminations • Services offered meet availability, reliability, security, quality, and recoverability expectations within acceptable budgets • Retirements and replacements are effected when assets are no longer cost-justified or risk-acceptable II. Project Implementation-Project Portfolio Management (PPM) – Build and Implement Assets in the Right Manner Manage projects by: • Clarifying roles and responsibilities • Providing appropriate oversight • Ensuring they are well planned and thoroughly researched prior to starting • Defining, tracking, and evaluating project progress frequently to achieve budget, schedule, scope, and quality expectations • Completing them successfully so that business goals and objectives are realized
Why Lifetime Management of Applications is Important – Causes of Value Dissipation Lose 10 – 15% • Lack of strategic business plan • Not strategically aligned with business goals and objectives • Business cases deficient in tenuous benefits, overly optimistic costs, too ambitious schedules, unrealistic staffing, optimistic risk assessments, and/or unachievable benefits/returns • Poor architecture fit • Inadequate investment evaluation, ranking, and selection processes (pick wrong investments) Lose 5 – 10% • Lacking executive support • Weak project manager • Deficient project planning, monitoring, and reporting • Insufficient or inadequate requirements definition; contracting; and management of risks, vendors, testing, training, scope, quality, change, data conversion, communications, etc. • Failure to reengineer business processes • Over-customizing COTS packages • No or inadequate post implementation assessments (PIAs) Lose 20 – 25% • Lacking service management best practice framework (e.g., ITIL) and not implementing associated good processes • Inadequate asset management best practices – current and complete inventories; periodic assessments; management plans for useful lives; and business cases for renovations, replacements, or retirements • Assets are not cost justified or risk acceptable, but are not being remodeled, retired, consolidated, or replaced 100% Asset Life Cycle Value 50-65% Phase of Investment Life Cycle Potential or Expected Value Actual Value Realized Selection Implementation Operation Adopted from PMO Executive Council Research
Definition of an Application – Business / IT Alignment View Some of the criteria used to evaluate applications Applications are inventoried, analyzed, and reported in the applications portfolio management system Infrastructure assets are inventoried, analyzed, and reported in the asset management system
NC is not Alone in Implementing APM - Gartner Prediction for 2006 Gartner predicts that 40% of large public and private enterprises will implement application portfolio management in the next two years. The reason for the rapid growth in the use of APM is other companies and government entities have achieved successes in cost reduction, managing the complexities of hundreds of established assets, and improving budget process effectiveness. Applications portfolio management is critical to understanding and managing the 40 percent to 80 percent of IT budgets devoted to maintaining and enhancing software. Most organizations don’t track established applications over time to ascertain return on investment (or to determine which should be disposed of), and few manage application portfolios with tools. In other words, these organizations haven’t truly associated the substantial amount of money they’re spending with what they are spending it on. Gartner Research Note “Predicts 2006 Reacting to Application Development Challenges With Management and Automation” dated November 15, 2005
Why the Management of Legacy Applications is Important Ongoing and long-term management of: • Risks – Consequences of unanticipated failures may be severe (due to operations or technical problems or inability to meet future business needs) • Costs – Applications require significant $ to operate, maintain, and enhance; thereby, necessitating scrutiny and justification of these expenses • Investment Planning – Improve accuracy, effectiveness, and timeliness of planning for replacements, renovations, and consolidations • Benefit/Cost optimization – Limited fiscal resources must be allocated to the assets and investments offering the most benefits and value. • Fiscal liability – Funding bodies must know future $ requirements to anticipate and plan for covering O&M, enhancement, and remediation costs. • Performance and capacity – Must be measured and monitored and appropriate actions taken to ensure applications continue to meet business needs (adaptability, availability, reliability, maintainability, scalability, etc.) • Disaster recovery and business continuity – Enable the development of viable plans and support recovery actions
Reasons for Applying APM Concepts and Disciplines to Existing Applications • Identify and catalogue all applications – know what you have and what they do in order to manage them. • Track and communicate technical and business status of applications to identify problems and take advantage of opportunities. • Enhance the alignment of applications with agency strategies and technical architectures to improve support of business processes. • Identify and eliminate or replace applications that are redundant, high-risk, low-performance, or high-cost (especially O&M). • Develop a multi-year management decision roadmap to optimize benefits/costs and minimize risks over application useful lives.
Primary Goals for Managing Applications • Identify high-risk applications (serious vulnerabilities with severe impacts) and assist in developing remediation approaches. • Identify areas of over- and under-investments and reallocate budgets to more appropriately mitigate risks and maximize benefits. • Achieve all possible savings through eliminations of duplications and unnecessary applications, reduce complexities of underlying infrastructure through remediation efforts (achieve better fit with state and agency technical architectures), and employ savings as a source of funds for new investments. • Align IT with business priorities – better satisfy business strategies and evolving goals and objectives of governmental programs. • Create a disciplined ongoing approach for the life cycle management of applications – there is not enough money to do everything, so do the right things.
Issues Surrounding Systems Obsolescence Over time, sustainability of applications becomes questionable due to age and technology advances, combined with changed business needs. They no longer: a) support business goals and objectives, b) are cost-effective to operate or maintain, and/or c) are risk-acceptable by presenting too much security vulnerability and/or too great a likelihood of failure with cataclysmic consequences. Business Issues • Impediment to the implementation of new and more cost-effective service delivery models – unable to respond to demands for new functionality or expanding user base, support business processes, or provide adequate and secure information access • Becomes a constraint in meeting regulatory or compliance requirements Staffing Issues - Unavailability of Skills • Unavailability of staff skills or expertise to maintain • Unavailability of third party vendors • Dependency on individual contractors Technology and Operational Issues • Expired warranties, with no vendor support • Can not handle increased usage or volumes of data • Does not run anymore on available platforms • Inefficient IT resource utilization • Used beyond original intent, and cannot be enhanced • Cannot meet security, privacy, or confidentiality requirements • Are not easily recoverable for disaster recovery and business continuity • System can fail, with untraceable error • Inconsistent or inadequate information and data quality • Not compliant with state or agency technical architectures Sources of Risks Seems to run forever, but ultimately has a finite business, economic, operational, and/or technical life
Business, technology, operational, and financial perspectives are combined to determine the posture of the application, indicate the appropriate remediation strategy, and to provide recommendations for managing the application portfolio over time Key Concepts: Analysis Perspectives General idea – action is required when an asset is not cost-effective or risk-acceptable (it is worn out, no longer technically fits, or costs to much to keep) • How do we maximize overall value, especially by redirecting funds to other applications or uses offering more value? • Can costs be optimized across the organization, especially by eliminating or renovating costly applications? • To what extent can innovation and new applications be funded by cost savings? • Do they cost too much to operate or maintain? • Do we have the right capabilities in place to support business processes? • Are they aligned with business priorities? • Where are potential synergies? • Are there duplications? • Do they provide quality and timely information? Business Financial Application Portfolio Analysis Perspectives • Do they fit the desired technical architecture? • What is the technical migration road-map? • What risks are presented by outdated technology? • Are applications sustainable? • Are they risk-acceptable? • Do they present security, privacy, or disaster recovery vulnerabilities? Operational Technology • Are updates current with vendor releases? • Do they support interoperability and information exchange among applications? • Are they scalable, extendable, and adaptable – can they accommodate change easily? • Do they help standardize underlying infrastructure to simplify operations and reduce costs? • Do they meet availability, reliability, and maintainability requirements? • Is there long-term staffing support? • Do they require a supporting infrastructure that is too complex or diverse? Technology / Operational
Key Attributes for Each Application Applications Portfolio Inventory and Classification • General – ID, business owner, age, etc. • Business processes enabled/supported • Business value/criticality • User information • Functional quality • Present business requirements • Future business growth and new business needs • Technical quality • Architectural compliance • Operations and maintenance – support of or detriment to • Costs • Operations • Maintenance and technical support • Risk profile • Disaster recovery/business continuity status Attributes can be unlimited – use potential for compelling analyses (usefulness) and ability for consistent refresh as decision criteria for the selection of them.
Who Knows About Particular Attributes: • Public Users (State’s Citizens and Businesses) • Users From Other Government Entities • Business Users • Managers and Executives • IT Managers • Technical Architects • Application Developers • Application Maintainers • IT Operations • Help Desk • Business and IT Security and DR/BC Staff • Financial, Accounting, and Budgeting Personnel Applications Portfolio Inventory and Classification Sources of information can (and maybe should) be numerous – don’t overcomplicate, but ensure that all perspectives are offered and data is fact-based, reliable, and complete.
Analysis of Applications Portfolio - Basics • Business leaders • What are strategic business drivers? • Which apps fit drivers (are mission critical)? Which do not? • Users • Which apps meet business needs? Which are lacking? • How many users are dependent on app? What are the vulnerabilities and what are the impacts of outages. • Business analysts • Which apps have accessible, complete, actionable, accurate, timely, and useful data? Which do not? • Which apps enable business process reengineering? Which do not? • Applications maintenance • Which apps require the most maintenance effort and expense? Which are scalable and adaptable? Which are not? Which are most reliable and maintainable? Which are not? • Help desk • Which apps generate the most trouble tickets?
Analysis of Applications Portfolio - Basics • Technical architects • Which apps contain components that comply with agency and statewide technical architectures? Which do not? • Which apps contain components that are beyond vendor support – aged releases and/or removal of product support? • IT managers • Which apps have reliable and dependable vendor maintenance support – either in-house or outsource? Which do not? • Which apps do not integrate (share data) well? How critical are the these apps to the performance of other applications supporting critical business processes? • Which apps have performance problems? What are the business and cost impacts of these? Can they be rectified? • Which apps are subject to determinable vendor mergers or acquisitions? What are the consequences, and how can they be mitigated? • Which apps have questionable risk profiles – security; DR/BCP; vendor viability; regulatory compliance; HR risk from staff retirement; privacy and confidentiality; and/or information availability, quality, and retention?
Application Portfolio Management - Action Approaches High/Good Alignment • Reengineer/Modernize or Replace: • Consider renovation, retirement and replacement, or consolidation • Maintain/Evolve: • Evaluate costs and business, technical, and operational quality • If provides value as is and costs reasonable, continue regular support and maintenance Importance to the Organization / Strategic Alignment • Tolerate: • Evaluate costs and business, technical, and operational quality • If low costs and/or no business, technical, and/or operational problems, may consider elimination or consolidation or continue as is • Eliminate: • If low business value or high costs, probably doesn’t justify replacement or renovation • Consider decommissioning or consolidation Low/Bad Alignment Low High Risks
Application Portfolio Management - Action Approaches High/Good Alignment • Reengineer/Modernize or Replace: • Consider renovation, consolidation, or retirement and replacement • Maintain/Evolve: • Evaluate risks and costs • If low risks and costs, continue regular support and maintenance Importance to the Organization / Strategic Alignment • Eliminate: • Evaluate risks and cost • If high risk and/or high cost, consider elimination or consolidation • Tolerate: • Evaluate risks and cost • If low risks and low cost, continue regular support and maintenance • If high risks and/or high cost, consider remediation, elimination or consolidation Low/Bad Alignment Bad Good Technical Architecture Fit or Operational Quality
Application Portfolio Management - Action Approaches High/Good Alignment • Reengineer/Modernize or Replace: • Consider renovation, retirement and replacement, or consolidation • Maintain/Evolve: • Evaluate risks and business, technical, and operational quality • If provides value as is and risks low, continue regular support and maintenance Importance to the Organization / Strategic Alignment • Tolerate: • Evaluate risks and business, technical, and operational quality • If low risk and/or no business, technical, and/or operational problems, may consider elimination or consolidation or continue as is • Eliminate: • If low business value or high risks, probably doesn’t justify replacement or renovation • Consider decommissioning or consolidation Low/Bad Alignment High Low Operations and Maintenance Costs
Application Portfolio Management - Action Approaches Risk is indicated by color of bubble: red is high, yellow is medium, and green is low Cost is indicated by size of bubble: large is high, medium is medium, and small is low High/Good Alignment Reengineer/Modernize or Replace: Maintain/Evolve: High Risk and High Cost Importance to the Organization / Strategic Alignment Choice of Actions ??? Low Risk and Low Cost Medium Risk and Medium Cost Tolerate: Eliminate: High Risk and High Cost Low Risk and Low Cost Low/Bad Alignment Bad Good Technical Architecture Fit or Operational Quality
Application Portfolio Management - Determining the Posture of Applications Generic criteria are defined to assess applications from a business and technology perspective Good • Meets present service delivery needs • Meets anticipated needs for new services, business process reengineering initiatives, and information access • Protective of individual privacy and data confidentiality High Warning Zone – High Technical Risks Safe Zone Safe Zone Business Perspective • Creates inefficient and less effective service delivery processes • Constraint on implementation of new services, expanded citizen benefits, and/or more efficient business processes • Individual privacy and data confidentialityat risk Warning Zone – Not Making Best Use of In-Place Technologyto Meet Business Needs High Attention Zone – Both Business and Technical Risks Bad High Low Bad Good Technical Perspective • Expensive to operate or maintain • None or decreasing vendor support for major components • Insufficient or decreasing availability of staff support • Can not enhance for new business requirements • Inefficient IT resource utilization • Inadequate data access and quality • Vulnerable security • Recoverability difficult or suspect • Not compliant with state or agency tech. architectures • Cost-effective to operate and maintain • Adequate vendor support for major components • Adequate availability of staff support • Can enhance for new business requirements • Efficient IT resource utilization • Adequate data access and quality • Adequate security protection • Resilient to human-induced or natural disasters • Compliant with state and agency tech. Architectures • Easily recoverable
Application Portfolio Management - Remediation Approaches High/Good • Low Priority Technical Reengineering: • Low maintenance and support costs • Provides value as is • Regular support and maintenance • Good Technical Reengineering Candidates: • High business value means quicker ROI • Renovation will improve support and maintenance costs Business Perspective • Replace - if possible, with Commercial or Government Package: • If low business value, probably doesn’t justify custom code renovation or replacement • Consider elimination or consolidation • No Technical Reengineering: • Re-host candidate • Functional enhancement • Tolerate or invest Low/Bad Low/Bad High/Good Technical Perspective
Application Portfolio Management - Investment Selection and Prioritization Prioritization and timeframe for action are driven by overall importance to the organization/strategic alignment of application, business urgency for remediation, and risks. • “Very Important and At Risk/Great Urgency” are highest priority were level of risks and degree of urgency drive remediation activities • “Very Important and Limited Risk/Less Urgent” applications are second priority compared to above due to less strategic importance and/or mission criticality • “Less Important and At Risk/Great Urgency” applications are also second priority for remediation, but may deserve slightly higher consideration due to high risk and more pressing business urgency • “Less Important and Limited Risk/Less Urgent” are lowest priority High/High Very Important and Limited Risk / Less Urgent Very Important and At Risk / Great Urgency Second Priority First Priority Importance to the Organization / Strategic Alignment Selectively Second Priority Less Important and At Risk / Great Urgency Less Important and Limited Risk / Less Urgent Low/Low Low/Low High/high Risk / Business Urgency In addition prioritization is driven by: • Specific business initiatives, programs, and/or funding streams available • Overall risk issues, interrelationships between applications, and the general need for modernization of legacy systems
Rationalization implies the use of logical processes, rational thought, and agreed upon principles to weed out unwanted items and effect change. The rationalization of applications portfolios involves a step-by-step process conducted on an application-by-application basis with agreed upon methodologies and criteria and within a decision-making governance model to: 1) reduce the number of applications by the consolidation of those performing similar functions and the elimination those of low value and high cost, and 2) remodel or replace those providing value but not fitting technical architectures, requiring high cost, and/or presenting exposure to unacceptable risks. Application Rationalization High High Value, Poor Architecture Fit, and High Costs – Renovate or replace High Value, Good Architecture Fit, and Low Costs – Maintain and keep current Business Value Low Value, Poor Architecture Fit, and High Costs – Eliminate, consolidate, or replace Low Value, Good Architecture Fit, and Low Costs – Evaluate if really needed, consider functional enhancement Low Architecture Fit and Cost-Effectiveness of Operations Good Bad
Portfolio Management Strategy The management of applications portfolios uses similar strategies and disciplines as those employed by financial managers. Portfolios are optimized by determining which applications receive current, lower, or increased levels of funding and which ones are targeted for renovation, consolidation, elimination, or replacement. Over time, the applications portfolios as a whole should reflect the greatest business value and closest architectural fit with the lowest costs and risks. High High Value, Poor Architecture Fit, and High Costs – Renovate or replace High Value, Good Architecture Fit, and Low Costs – Maintain and keep current Business Value Low Value, Poor Architecture Fit, and High Costs – Eliminate, consolidate, or replace Low Value, Good Architecture Fit, and Low Costs – Evaluate if really needed, consider functional enhancement Low Architecture Fit and Cost-Effectiveness of Operations Good Bad
Identify expansion budget requests for: Long (biennial budget) session of General Assembly Short (2nd year of biennial budget) session of General Assembly Assist in the preparation of annual DR/BCPs (COOPs) Assist in the preparation of biennial agency IT plans Identify funding needs from other sources, such as federal funds Assist in making decisions for or documenting changes in applications due to: New implementation projects Additions, renovations, or upgrades to technical infrastructure Renovations/modernizations to applications Provide answers to ad hoc questions APM is an Ongoing Process – Not Just a Project Examples of How APM Information Will be Used by Agencies
Agency Missions and Vision and Business Goals and Objectives Overview of IT Portfolio Management Develop Business Drivers and Business Cases Investment Portfolio Management Identify Problems and Opportunities Statewide and Agency IT Plans Analyze Candidate Investments Project Proposals for Applications Renovations, Retirements, or Replacements Select and Plan Investments Funded New Projects Manage Portfolio Adjust Project Portfolio Application Portfolio Management Analyze Portfolio Optimize Portfolio Assess Value of Projects and Portfolio Project Portfolio Management Manage Portfolio Implement Projects New or Renovated Applications Build and Maintain Inventory
Application Portfolio Management Perspectives Alignment (Optimize Portfolio) • Process Inventory, contribution, function association • Core Business Drivers, priorities, process contribution Level IV (Step 4) Level III (Steps 2 and 3) Initial Deployment Focus Financial (Analyze and Manage Portfolio) • Detailed application-level costs and cost-effectiveness analyses Level II (Steps 2 and 3) Assessment (Analyze and Manage Portfolio) • Risk, Operational Performance, Architectural Fit Scope of Keane-Gartner Study Level I (Step 1) Inventory (Build and Maintain Inventory) • Application identity and basic information
Conclusions • Applications swallow cost, time, and management bandwidth, while increasing risks – unless they are well managed to reduce complexity and risk and retired or consolidated in a timely fashion, the entire IT budget will be operations and DR/BCP will be unaffordable • Creating a portfolio view of existing applications does not have to be complicated; focus on the basics and the big picture – let the software tool highlight problem areas and offer improvement opportunities for management decision making • Benefits of APM are clear; • Investment decisions for elimination, replacement, or remediation are made in a consistent manner considering application risks, value/importance to organization and its priorities, most effective use of personnel, and life span optimization of costs/benefits • IT complexity is reduced; thereby, maximizing business value received while minimizing IT cost incurred • Planning for DR/BCP is facilitated to ensure continuity of operations • Risks are managed, and stewardship for assets is facilitated