Presentation on theme: "1 Implementation of Application Portfolio Management Governance, Process, and Execution (The What and Why of APM) February, 2006."— Presentation transcript:
1 Implementation of Application Portfolio Management Governance, Process, and Execution (The What and Why of APM) February, 2006
2 Presentation Agenda Topic Slides Approximate Times (Minutes) Perspectives and Overview of APM Concepts, Processes, and Practices of APM Implementation of APM in NC State Government Questions Total Time
3 Portfolio Management Portfolio Management is: A collection of items grouped together to facilitate efficient and effective management and optimally allocate fiscal, staffing, and other scarce resources. The purpose is to meet strategic business goals and objectives in the most effective and productive manner by appropriately considering key factors, such as desired returns or public value, initial and life cycle costs, architectural directions, risk profiles, and the inter-relations among investments. The objective is to make fact-based, data-driven, and analytics -oriented management decisions, using a consistent and disciplined approach within a well-defined governance structure. Major Portfolio Management Tasks are: Inventory and classify items in the portfolios. Perform relevant analyses – identify problems and opportunities, develop viable options, determine relevant criteria, ask the right questions, evaluate alternatives using pertinent information, and make decisions.
4 Status of Implementation of Portfolio Management Phase/Type of Portfolio Management Effort Implementation Status and Timeframe Investment (IPM) In process - initial efforts in winter and spring 2006 as part of applications endeavor; more advanced capabilities will be implemented later as agencies are ready and need them In process - winter and spring 2006 Applications (APM) Topic Research and Purchase of Tool Completed – performed in 2004 and early 2005 Completed – performed summer and fall 2005 Project (PPM)
5 Summary of Findings of Keane/Gartner Legacy Applications Study – December 2004 In the portfolio of approximately 900 applications: 40% are considered critical for department mission/strategy; 17% are enterprise (statewide) applications; and 75 of the applications processed by the state data center require 1-day return-to-service capability. The statewide portfolio is relatively young, with an average age of 7.5 years – since 1997, from 70 to 90 new or replacement applications have been added each year to bring down the average age. Health status is: 23% presenting functional, technical, or both problems; 50% with some problems, but manageable; and 27% healthy, with a prescription for continuing on-going operations and maintenance. Remediation timeframes are: 11% require action immediately (within next two years), 35% require action in the near term (2 to 4 years), and 54% require action in the long term (4 to 6 years). Although the immediate needs of the portfolio appear to be manageable, projections of its future status, if no remediation actions are taken, indicate an increasingly deteriorating condition as the applications age.
6 Framework for Managing IT Investments I. Strategic Business and IT Planning and Investment Selection and Budgeting - Investment Portfolio Management (IPM) – Build, Buy, and/or Implement the Right Assets III. Investment Operation and Maintenance, and Renewal, Retirement, or Replacement - Applications Portfolio Management (APM) – Maintain and Operate Assets in the Right Ways and Retire or Replace Them at the Right Times II. Project Implementation - Project Portfolio Management (PPM) – Build and Implement Assets in the Right Manner Life Cycle of IT Investments Identify investments that best: Enable governmental initiatives or agency missions and strategies Result in financial returns – revenue generation or cost savings Provide better constituent services or program effectiveness Fit technical architectures Satisfy budget, staffing, and other constraints Meet risk profiles Clarifying roles and responsibilities Providing appropriate oversight Ensuring they are well planned and thoroughly researched prior to starting Defining, tracking, and evaluating project progress frequently to achieve budget, schedule, scope, and quality expectations Completing them successfully so that business goals and objectives are realized Manage projects by: Operate and maintain assets so that: Benefits/costs are optimized over their useful lives through astute and timely renovations, consolidations, or eliminations Services offered meet availability, reliability, security, quality, and recoverability expectations within acceptable budgets Retirements and replacements are effected when assets are no longer cost-justified or risk-acceptable
8 NC is not Alone in Implementing APM - Gartner Prediction for 2006 Gartner predicts that 40% of large public and private enterprises will implement application portfolio management in the next two years. The reason for the rapid growth in the use of APM is other companies and government entities have achieved successes in cost reduction, managing the complexities of hundreds of established assets, and improving budget process effectiveness. Applications portfolio management is critical to understanding and managing the 40 percent to 80 percent of IT budgets devoted to maintaining and enhancing software. Most organizations dont track established applications over time to ascertain return on investment (or to determine which should be disposed of), and few manage application portfolios with tools. In other words, these organizations havent truly associated the substantial amount of money theyre spending with what they are spending it on. Gartner Research Note Predicts 2006 Reacting to Application Development Challenges With Management and Automation dated November 15, 2005
9 Reasons for Applying APM Concepts and Disciplines to Existing Applications 1.Identify and catalogue all applications – know what you have and what they do in order to manage them. 2.Track and communicate technical and business status of applications to identify problems and take advantage of opportunities. 3.Enhance the alignment of applications with agency strategies and technical architectures to improve support of business processes. 4.Identify and eliminate or replace applications that are redundant, high-risk, low-performance, or high-cost (especially O&M). 5.Develop a multi-year management decision roadmap to optimize benefits/costs and minimize risks over application useful lives.
10 Primary Goals for Managing Applications Reduce maintenance and support costs – provide a source of funds for new investments. Align IT with business – better satisfy business priorities and evolving needs. Fund the right application remediation efforts – maximize benefits/costs for dollars spent. Coordinate and prioritize IT investments – there is not enough money to do everything, so do the right things.
11 Seems to run forever, but ultimately has a finite business, economic, and/or technical life Sources of Risks Issues Surrounding Systems Obsolescence Over time, sustainability of applications becomes questionable due to age and technology advances, combined with changed business needs. They no longer: a) support business goals and objectives, b) are cost-effective to operate or maintain, and/or c) are risk-acceptable by presenting too great a likelihood of failure with cataclysmic consequences. Business Issues Impediment to the implementation of new and more cost-effective service delivery models – unable to respond to demands for new functionality, support business processes, or provide adequate and secure information access Becomes a constraint in meeting regulatory requirements Staffing issues - Unavailability of Skills Unavailability of staff skills or expertise to maintain Unavailability of third party vendors Dependency on individual contractors Technology issues Expired warranties, with no vendor support Can not handle increased usage or volumes of data Does not run anymore on available platforms Inefficient IT resource utilization Used beyond original intent, and cannot be enhanced Cannot meet security, privacy, or confidentiality requirements Are not easily recoverable for disaster recovery and business continuity System can fail, with untraceable error Inconsistent or inadequate information and data quality Not compliant with state or agency technical architectures
12 Business TechnologyFinancial Application Portfolio Analysis Perspectives Do we have the right capabilities in place? Are they aligned with business priorities? Where are potential synergies? Are there duplications? Are applications sustainable? Do they fit in the desired architecture? What is the technical migration road-map? Are they risk-acceptable? Do they present security, privacy, or disaster recovery vulnerabilities? How do we maximize overall value? Can costs be optimized across the organization? To what extent can innovation and new applications be funded by cost savings? Do they cost too much to operate or maintain? Key Concepts: Analysis Perspectives Business, technology, and financial perspectives are combined to determine the posture of the application, indicate the appropriate remediation strategy, and to provide recommendations for managing the application portfolio over time General idea – action is required when an asset is not cost-effective or risk- acceptable (it is worn out, no longer technically fits, or costs to much to keep)
13 Applications Portfolio Inventory and Classification General – ID, business owner, age, etc. Business processes enabled/supported Business value/criticality User information Functional quality –Present business requirements –Future business growth and new business needs Technical quality –Architectural compliance –Operations and maintenance – support of or detriment to Costs –Operations –Maintenance and technical support Risk profile Disaster recovery/business continuity status Key Attributes for Each Application Attributes can be unlimited – use potential for compelling analyses (usefulness) and ability for consistent refresh as decision criteria for the selection of them.
14 Applications Portfolio Inventory and Classification Who Knows About Particular Attributes: Public Users (States Citizens and Businesses) Users From Other Government Entities Business Users Managers and Executives IT Managers Technical Architects Application Developers Application Maintainers IT Operations Help Desk Business and IT Security and DR/BC Staff Financial, Accounting, and Budgeting Personnel Sources of information can (and maybe should) be numerous – dont overcomplicate, but ensure that all perspectives are offered and data is fact-based, reliable, and complete.
15 Analysis of Applications Portfolio - Basics Business leaders –What are strategic business drivers? –Which apps fit drivers (contribute to business)? Which do not? Users –Which apps meet business needs? Which are lacking? –How many users are dependent on app? What are the vulnerabilities and what are the impacts of outages. Business analysts –Which apps have accessible, complete, actionable, accurate, and timely data? Which do not? –Which apps enable business process reengineering? Which do not? Applications maintenance –Which apps require the most maintenance effort and expense? Which are scalable and adaptable? Which are not? Which are most reliable and maintainable? Which are not? Help desk –Which apps generate the most trouble tickets?
16 Analysis of Applications Portfolio - Basics Technical architects –Which apps contain components that comply with agency and statewide technical architectures? Which do not? –Which apps contain components that are beyond vendor support – aged releases and/or removal of product support? IT managers –Which apps have reliable and dependable vendor maintenance support – either in-house or outsource? Which do not? –Which apps do not integrate (share data) well? How critical are the these apps to the performance of other applications supporting critical business processes? –Which apps have performance problems? What are the business and cost impacts of these? Can they be rectified? –Which apps are subject to determinable vendor mergers or acquisitions? What are the consequences, and how can they be mitigated? –Which apps have questionable risk profiles – security; DR/BCP; vendor viability; regulatory compliance; HR risk from staff retirement; privacy and confidentiality; and/or information availability, quality, and retention?
17 Application Portfolio Management - Approach for Assessing and Managing Applications Step 2 - Analyze Portfolio No Yes Step 3 - Manage Portfolio Step 4 – Optimize Portfolio Near-Term Action Needed? Incorporate Results in Business and IT Planning and Funding Request Processes - Investment Portfolio Management Next Steps Data Collection, Analysis, and Decision-Making Process Step 1 - Build and Maintain Inventory Approximately 50% of UMT database updated from data used in Keane/Gartner study Create and Maintain Inventory in UMT Portfolio Management Software Tool Assess Overall Posture of Application Business Status? Technical Status? Determine if Remediation (Other Than Regular Ongoing Support and Maintenance) Required and Develop Life Span Transformation Roadmap Evaluate Business Importance and Criticality of Problems or Opportunities – Prioritize, Specify Timeframe for Action, and Determine Costs and Benefits Continue Regular Support & Mainte- nance
18 Expensive to operate or maintain None or decreasing vendor support for major components Insufficient or decreasing availability of staff support Can not enhance for new business requirements Inefficient IT resource utilization Inadequate data access and quality Vulnerable security Recoverability difficult or suspect Not compliant with state or agency tech. architectures Cost-effective to operate and maintain Adequate vendor support for major components Adequate availability of staff support Can enhance for new business requirements Efficient IT resource utilization Adequate data access and quality Adequate security protection Resilient to human-induced or natural disasters Compliant with state and agency tech. Architectures Easily recoverable Meets present service delivery needs Meets anticipated needs for new services, business process reengineering initiatives, and information access Protective of individual privacy and data confidentiality Creates inefficient and less effective service delivery processes Constraint on implementation of new services, expanded citizen benefits, and/or more efficient business processes Individual privacy and data confidentiality at risk Business Perspective Low High High Attention Zone – Both Business and Technical Risks Safe Zone Warning Zone – Not Making Best Use of In-Place Technology to Meet Business Needs Warning Zone – High Technical Risks Application Portfolio Management - Determining the Posture of Applications Technical Perspective Safe Zone Generic criteria are defined to assess applications from a business and technology perspective Bad Good Bad
19 Options for Life Span Transformation Roadmap Technical renovation/enhancement, such as re-host, employ Service Oriented Architecture (SOA) or Web services architectures to modernize, recode, update database management software, etc. Functional enhancement. Replace (COTS, GOTS, or custom development) and retire. Sunset/eliminate. Consolidate with applications performing the same or similar business functions. Consolidate with multiple diverse applications as part of an agency wide or state wide initiative. Continue maintenance.
20 Application Portfolio Management - Remediation Approaches Replace - if possible, with Commercial or Government Package: If low business value, probably doesnt justify custom code renovation or replacement Consider elimination or consolidation No Technical Reengineering: Re-host candidate Functional enhancement Tolerate or invest Low Priority Technical Reengineering: Low maintenance and support costs Provides value as is Regular support and maintenance Technical Perspective Business Perspective Good Technical Reengineering Candidates: High business value means quicker ROI Renovation will improve support and maintenance costs High/Good Low/Bad
21 Application Portfolio Management - Investment Selection and Prioritization At Risk/Critical are highest priority were level of risks drive (broader) remediation activities Limited Risk/Critical applications are second priority compared to critical/at risk At Risk/Less Critical applications are also second priority for remediation, especially if risks can be mitigated Limited Risk/Non Critical applications should be reviewed to minimize technology investments and look for opportunities to consolidate or substitute for better solutions Overall Importance to Organization Low High Selectively Second Priority Business/Technology Risk or Urgency Second Priority First Priority At Risk / Critical Limited Risk / Non Critical Limited Risk / Critical At Risk / Less Critical Prioritization and timeframe for action is driven by overall importance as well as risks. In addition prioritization is driven by: – Specific business initiatives, programs, and/or funding streams available – Overall risk issues, interrelationships between applications, and the general need for modernization of legacy systems Low
22 APM is an Ongoing Process – Not Just a Project Identify expansion budget requests for: –Long (biennial budget) session of General Assembly –Short (2 nd year of biennial budget) session of General Assembly Assist in preparation of BCPs Provide IT cost data to OSC for annual report submitted to General Assembly Identify funding needs from other sources, such as federal funds Assist in making decisions for or documenting changes due to: –New implementation projects –Additions, renovations, or upgrades to technical infrastructure –Renovations/modernizations to applications Provide answers to ad hoc questions Examples of How APM Information Will be Used by Agencies
23 Overview of IT Portfolio Management Agency Missions and Vision and Business Goals and Objectives Statewide and Agency IT Plans Application Portfolio Management Project Portfolio Management Investment Portfolio Management Identify Problems and Opportunities Funded New Projects Manage Portfolio Analyze Portfolio Optimize Portfolio Build and Maintain Inventory Develop Business Drivers and Business Cases Analyze Candidate Investments Adjust Project Portfolio Assess Value of Projects and Portfolio Manage Portfolio Implement Projects Select and Plan Investments New or Renovated Applications Project Proposals for Applications Renovations, Retirements, or Replacements
24 Conclusions Applications swallow cost, time, and management bandwidth, while increasing risks – unless they are well managed to reduce complexity and risk and retired or consolidated in a timely fashion, the entire IT budget will be operations and DR/BCP will be unaffordable Creating a portfolio view of existing applications does not have to be complicated; focus on the basics and the big picture – let the software tool highlight problem areas and offer improvement opportunities for management decision making Benefits of APM are clear; –Investment decisions for elimination, replacement, or remediation are made in a consistent manner considering application risks, value/importance to organization and its priorities, most effective use of personnel, and life span optimization of costs/benefits –IT complexity is reduced; thereby, maximizing business value received while minimizing IT cost incurred –Planning for DR/BCP is facilitated to ensure continuity of operations –Risks are managed, and stewardship for assets is facilitated
25 Inventory (Build and Maintain Inventory) Application identity and basic information Financial (Analyze and Manage Portfolio) Detailed application-level costs and cost-effectiveness analyses Assessment (Analyze and Manage Portfolio) Risk, Operational Performance, Architectural Fit Alignment (Optimize Portfolio) Process Inventory, contribution, function association Core Business Drivers, priorities, process contribution Application Portfolio Management Perspectives Level I (Step 1) Level II (Steps 2 and 3) Level III (Steps 2 and 3) Level IV (Step 4) Initial Deployment Focus Scope of Keane- Gartner Study
26 Applications Portfolio Management Process Tool Assisted DecisionsSubjective Business Decisions Transition to Executive Decision Making Process Step 1 – Level I Collect, Validate, and Maintain Data (Build and Maintain Inventory) Step 2 – Levels II & III Perform Assessments (Analyze Portfolio) Step 3 – Levels II & III Determine Dispositions and Life Span Transition Roadmap (Manage Portfolio) Step 4 – Level IV Determine Priorities, Timeframes, Costs, and Benefits (Optimize Portfolio) Funding Requests Investment Portfolio Management (IPM) Process One-Time Work Transfer data from Keane/Gartner study Perform initial collection and validation of remaining data Ongoing Work Perform data changes and validations as they occur Collect and validate data for implementation projects transitioning to applications assets Major Data Elements ID Costs Business criticality Business processes enabled or supported Functional quality Technical quality Risk profile Identify Business problems/issues Technical problems/issues Risk vulnerabilities, probabilities, and impacts Other problems/issues Evaluate Status/Health (Good, Bad, Moderate) Value to organization (High, Moderate, Low) Risk of unrecoverable failure (High, Medium, Low) Consider Cost-effectiveness Risk acceptability – status of Identify Problems/opportunities Alternative approaches Best actions for managing application over expected life spans Mission criticality/importance to agency Determine Whether To Invest additional funds (technical or functional enhancement or replacement) Sunset/eliminate Consolidate Replace and consolidate as part of an agency wide or state wide initiative Continue maintenance Identify Dependencies on other applications and projects Costs/fiscal requirements Technical infrastructure requirements Benefits/value to accrue Alignment with state/agency priorities Confirm and/or Develop Implementation approach Determine Priorities and Timeframes Select priority for action (High, Medium, Low) Select timeframe for action (Immediate, Near-Term, Long-Term) Potential Benefits for Selected Actions Cost savings from consolidate/eliminate applications Improvements in public service, reliability, recoverability, and security resulting from functional/technical renovation or replacement
27 Comparison and Contrast of Keane/Gartner Study with APM Implementation Project 1. Database attributes for applications: K/G – all data collected by agencies and input by K/G staff from scratch APM – Approximately 50% of data elements transferred from K/G study and agency staff will both collect additional data and input it into UMT software tool 2. Annual maintenance and support costs: K/G – not included in data collection or analyses APM – included in data and an important part of analyses 3. Perspectives for analyses and future actions for applications: K/G – Single point-in-time assessment, analogous to annual physical APM – Long-term management plan, analogous to lifetime health/fitness plan
28 Comparison and Contrast of Keane/Gartner Study with APM Implementation Project 4. Responsibilities for application assessments and action plans: K/G – K/G staff performed all analyses with agency review APM – Agency staff responsibility for performing assessments and developing life-span transition roadmaps 5. Follow-up to initial assessments and updating of attributes, analyses, and transition plans over time: K/G – Not within scope of study and little/limited follow-up to date APM – Frequent and regular, especially in response to budgeting and funding cycles and development of BCPs 6. Project planning, management, and reporting: K/G – K/G staff and State CIO project team APM – Each agency responsible for its performance and the meeting of schedules and quality, while the State CIO project team will provide overall coordination, training, and assistance to agencies
29 SundayMondayTuesdayWednesdayThursdayFridaySaturday 12 NC Holiday3 Training Materials Review 4 Legacy Study roadmap complete 56 Training Materials ready for Beta Beta Kickoff Meeting 11 Beta Basic Training 12 Beta Basic Training NC Holiday January 2006 Beta Implementation APM Rollout Preparation
30 February 2006 SundayMondayTuesdayWednesdayThursdayFridaySaturday DENR Business Objectives DPI Business Objectives 15 DENR Business Objectives DPI Business Objectives 16 DENR Business Processes & Functions DPI Business Processes & Functions DENR Level IV Advanced Training 23 DPI Level IV Advanced Training Beta Implementation Beta Feedback – Revise Configuration & Training Beta Feedback – Revise Configuration & Training Beta Implementation
31 March 2006 SundayMondayTuesdayWednesdayThursdayFridaySaturday 123 Training materials ready for rollout Wave 1 Kickoff 8 Wave 1 Basic Training 9 Wave 1 Basic Training Wave 1 Business Objectives Wave 2 Kickoff 29 Wave 1 Business Objectives Wave 2 Basic Training 30 Wave 1 Business Processes & Functions Wave 2 Basic Training 31 Wave 1 Wave 2 Wave 1 Beta Feedback – Revise Configuration & Training
32 April 2006 SundayMondayTuesdayWednesdayThursdayFridaySaturday Wave 1 Level III Charting Analysis 6 Wave 1 Level IV Advanced Training NC Holiday Wave 2 Business Objectives Wave 3 Kickoff 19 Wave 2 Business Objectives Wave 3 Basic Training 20 Wave 2 Business Processes & Functions Wave 3 Basic Training Wave 2 Level III Charting Analysis 26 Wave 2 Level IV Advanced Training Wave 3 Wave 2 Wave 3 Wave 2 Wave 1
33 May 2006 SundayMondayTuesdayWednesdayThursdayFridaySaturday Wave 4 Kickoff Wave 3 Business Objectives 10 Wave 4 Basic Training Wave 3 Business Objectives 11 Wave 4 Basic Training Wave 3 Business Processes & Functions Wave 3 Level III Charting Analysis 18 Wave 3 Level IV Advanced Training NC Holiday3031 Wave 3 Wave 4 Wave 3
34 Agency To Do List Before Start of APM Implementation – We Will Help Accomplish Develop approach for collecting and inputting application attribute data: –Application independence and autonomy (minimum central control of data integrity or completeness) –More centralized input and quality control (managed approach) Develop approach for conducting application analyses work, reviewing results, and making decisions regarding life span transformation roadmaps Determine agency personnel that will participate in the project, and ensure each is scheduled for training, has the time availability to contribute to the effort, and calendars are updated to reflect time commitments
35 Agency To Do List Before Start of APM Implementation – We Will Help Accomplish Develop high level project plan, with key responsibilities, schedule/milestones, organization chart, etc.: –Appropriate to size, business and IT complexities, number of applications, governing structure/relations, and culture of agency –Include sufficient numbers of personnel and appropriate representation from business, IT, senior executive/management, and other types of agency staff Determine whether agency desires to participate in Level IV (step 4) implementation – voluntary option: –Significant participation and commitment from top executives, business managers, and senior IT staff –May introduce needs for major cultural changes and considerable modifications to long-standing business unit-to-business unit relations and business-to-IT interactions –May not be appropriate/useful for all agencies, and must request this optional implementation effort through the State CIO
38 Contact Information Tom Runkle – Jim Tulenko –754 – 6606 Charles Richards – Barbara Swartz –