Presentation on theme: "1 Implementation of Application Portfolio Management Overview July 2006."— Presentation transcript:
1 Implementation of Application Portfolio Management Overview July 2006
2 Portfolio Management Portfolio management is: a strategic and dynamic decision-making process to assess value, prioritize actions, and allocate resources to meet key enterprise objectives. A portfolio is: a collection of items grouped together to facilitate efficient and effective management so that fiscal, staffing, and other scarce resources can be optimally allocated to provide the most benefits or greatest value for investments made. The objective of portfolio management is: to optimize the enterprise’s IT portfolios in order to contribute to the organization’s successful performance and its sustained viability, value, and growth. The major tasks of portfolio management are: inventory and classify items in the portfolios, identify problems and opportunities, develop viable options, determine relevant criteria and weights, evaluate alternatives using pertinent information, and make reasoned and appropriate decisions. The results of portfolio management are: fact-based, data-driven, and analytics-oriented management decisions, using a consistent and disciplined approach within a well-defined governance structure.
3 Portfolio Management Goals Investment Portfolio Management: Identify, evaluate, and prioritize candidate investment opportunities that meet strategic business goals and objectives in the most effective and productive manner by appropriately considering and weighing key factors, such as alignment with agency missions or governmental initiatives, satisfaction of compliance mandates, delivery of desired returns or public value, initial and life cycle costs, architectural fit, risk profiles, staffing availabilities, and the inter-relations among investments. Project Portfolio Management: Advance the management of IT implementation projects by assisting to clarify roles and responsibilities; provide for well- understood and comparable oversight; ensure they are planned well and researched thoroughly prior to starting; facilitate the management and monitoring of them to achieve, budget, schedule, scope, and quality expectations; and complete them successfully so that proposed business goals and objectives are realized and anticipated benefits and value accrue.
4 Portfolio Management Goals (Cont’d) Inventory applications; assess them using a variety of criteria (such as agreement with agency business strategies or governmental priorities, benefits and value to agency missions or business processes, costs to maintain and operate, ability to meet current and future agency business requirements, operational performance, technical status, and risks; and develop a management strategy for continued investments in them over their useful lives to optimize benefits-costs. This is done by: a) analyzing present and future status from business, financial, operational, technical, and risk perspectives; b) determining business-criticality of applications and risk-urgency of results from assessments; c) identifying areas of over- and under- investments and reallocating funds to give the most benefits or greatest value for monies spent; and d) developing the best approaches, priorities, and timeframes for enhancement, renovation, consolidation, elimination, or replacement. Assets should be retired when they no longer are cost-justified or risk-acceptable. Applications Portfolio Management:
5 Definition of Applications Portfolio Management Portfolio management is a competency of applying structured processes to evaluate selected classes of application assets or resources, determine issues or variations for defined standards, and implement appropriate actions to resolve these issues. The objective of applications portfolio management is to maintain good awareness of the portfolio and to optimize life cycle cost, quality, risks, and value creation across each class of applications and integration assets/resources. Source: Gartner Research Note titled The Application Management Activity Cycle dated 21 July 2006.
6 Summary of Findings of Keane/Gartner Legacy Applications Study – December 2004 In the portfolio of approximately 900 applications: 40% are considered critical for department mission/strategy; 17% are enterprise (statewide) applications; and 75 of the applications processed by the state data center require 1-day return-to-service capability. The statewide portfolio is relatively young, with an average age of 7.5 years – since 1997, from 70 to 90 new or replacement applications have been added each year to bring down the average age. Health status is: 23% presenting functional, technical, or both problems; 50% with some problems, but manageable; and 27% healthy, with a prescription for continuing on-going operations and maintenance. Remediation timeframes are: 11% require action immediately (within next two years), 35% require action in the near term (2 to 4 years), and 54% require action in the long term (4 to 6 years). Although the immediate needs of the portfolio appear to be manageable, projections of its future status, if no remediation actions are taken, indicate an increasingly deteriorating condition as the applications age.
7 Framework for Managing IT Investments I. Strategic Business and IT Planning and Investment Selection and Budgeting - Investment Portfolio Management (IPM) – Build, Buy, and/or Implement the Right Assets III. Investment Operation and Maintenance, and Renewal, Retirement, or Replacement - Applications Portfolio Management (APM) – Maintain and Operate Assets in the Right Ways and Retire or Replace Them at the Right Times II. Project Implementation - Project Portfolio Management (PPM) – Build and Implement Assets in the Right Manner Life Cycle of IT Investments Identify investments that best: Enable governmental initiatives or agency missions and strategies Result in financial returns – revenue generation or cost savings Provide better constituent services or program effectiveness Fit technical architectures Satisfy budget, staffing, and other constraints Meet risk profiles Clarifying roles and responsibilities Providing appropriate oversight Ensuring they are well planned and thoroughly researched prior to starting Defining, tracking, and evaluating project progress frequently to achieve budget, schedule, scope, and quality expectations Completing them successfully so that business goals and objectives are realized Manage projects by: Operate and maintain assets so that: Benefits/costs are optimized over their useful lives through astute and timely renovations, consolidations, or eliminations Services offered meet availability, reliability, security, quality, and recoverability expectations within acceptable budgets Retirements and replacements are effected when assets are no longer cost-justified or risk-acceptable
8 Why Lifetime Management of Applications is Important – Causes of Value Dissipation Asset Life Cycle Value Phase of Investment Life Cycle Potential or Expected Value SelectionImplementation Operation 100% Lose 10 – 15% Lose 5 – 10% Lose 20 – 25% Actual Value Realized 50-65% Lack of strategic business plan Not strategically aligned with business goals and objectives Business cases deficient in tenuous benefits, overly optimistic costs, too ambitious schedules, unrealistic staffing, optimistic risk assessments, and/or unachievable benefits/returns Poor architecture fit Inadequate investment evaluation, ranking, and selection processes (pick wrong investments) Lacking executive support Weak project manager Deficient project planning, monitoring, and reporting Insufficient or inadequate requirements definition; contracting; and management of risks, vendors, testing, training, scope, quality, change, data conversion, communications, etc. Failure to reengineer business processes Over-customizing COTS packages No or inadequate post implementation assessments (PIAs) Lacking service management best practice framework (e.g., ITIL) and not implementing associated good processes Inadequate asset management best practices – current and complete inventories; periodic assessments; management plans for useful lives; and business cases for renovations, replacements, or retirements Assets are not cost justified or risk acceptable, but are not being remodeled, retired, consolidated, or replaced Adopted from PMO Executive Council Research
9 Definition of an Application – Business / IT Alignment View Applications are inventoried, analyzed, and reported in the applications portfolio management system Infrastructure assets are inventoried, analyzed, and reported in the asset management system Some of the criteria used to evaluate applications
10 NC is not Alone in Implementing APM - Gartner Prediction for 2006 Gartner predicts that 40% of large public and private enterprises will implement application portfolio management in the next two years. The reason for the rapid growth in the use of APM is other companies and government entities have achieved successes in cost reduction, managing the complexities of hundreds of established assets, and improving budget process effectiveness. Applications portfolio management is critical to understanding and managing the 40 percent to 80 percent of IT budgets devoted to maintaining and enhancing software. Most organizations don’t track established applications over time to ascertain return on investment (or to determine which should be disposed of), and few manage application portfolios with tools. In other words, these organizations haven’t truly associated the substantial amount of money they’re spending with what they are spending it on. Gartner Research Note “Predicts 2006 Reacting to Application Development Challenges With Management and Automation” dated November 15, 2005
11 Why the Management of Legacy Applications is Important 1.Risks – Consequences of unanticipated failures may be severe (due to operations or technical problems or inability to meet future business needs) 2.Costs – Applications require significant $ to operate, maintain, and enhance; thereby, necessitating scrutiny and justification of these expenses 3.Investment Planning – Improve accuracy, effectiveness, and timeliness of planning for replacements, renovations, and consolidations 4.Benefit/Cost optimization – Limited fiscal resources must be allocated to the assets and investments offering the most benefits and value. 5.Fiscal liability – Funding bodies must know future $ requirements to anticipate and plan for covering O&M, enhancement, and remediation costs. 6.Performance and capacity – Must be measured and monitored and appropriate actions taken to ensure applications continue to meet business needs (adaptability, availability, reliability, maintainability, scalability, etc.) 7.Disaster recovery and business continuity – Enable the development of viable plans and support recovery actions Ongoing and long-term management of:
12 Reasons for Applying APM Concepts and Disciplines to Existing Applications 1.Identify and catalogue all applications – know what you have and what they do in order to manage them. 2.Track and communicate technical and business status of applications to identify problems and take advantage of opportunities. 3.Enhance the alignment of applications with agency strategies and technical architectures to improve support of business processes. 4.Identify and eliminate or replace applications that are redundant, high-risk, low-performance, or high-cost (especially O&M). 5.Develop a multi-year management decision roadmap to optimize benefits/costs and minimize risks over application useful lives.
13 Primary Goals for Managing Applications Identify high-risk applications (serious vulnerabilities with severe impacts) and assist in developing remediation approaches. Identify areas of over- and under-investments and reallocate budgets to more appropriately mitigate risks and maximize benefits. Achieve all possible savings through eliminations of duplications and unnecessary applications, reduce complexities of underlying infrastructure through remediation efforts (achieve better fit with state and agency technical architectures), and employ savings as a source of funds for new investments. Align IT with business priorities – better satisfy business strategies and evolving goals and objectives of governmental programs. Create a disciplined ongoing approach for the life cycle management of applications – there is not enough money to do everything, so do the right things.
14 Seems to run forever, but ultimately has a finite business, economic, operational, and/or technical life Sources of Risks Issues Surrounding Systems Obsolescence Over time, sustainability of applications becomes questionable due to age and technology advances, combined with changed business needs. They no longer: a) support business goals and objectives, b) are cost-effective to operate or maintain, and/or c) are risk-acceptable by presenting too much security vulnerability and/or too great a likelihood of failure with cataclysmic consequences. Business Issues Impediment to the implementation of new and more cost-effective service delivery models – unable to respond to demands for new functionality or expanding user base, support business processes, or provide adequate and secure information access Becomes a constraint in meeting regulatory or compliance requirements Staffing Issues - Unavailability of Skills Unavailability of staff skills or expertise to maintain Unavailability of third party vendors Dependency on individual contractors Technology and Operational Issues Expired warranties, with no vendor support Can not handle increased usage or volumes of data Does not run anymore on available platforms Inefficient IT resource utilization Used beyond original intent, and cannot be enhanced Cannot meet security, privacy, or confidentiality requirements Are not easily recoverable for disaster recovery and business continuity System can fail, with untraceable error Inconsistent or inadequate information and data quality Not compliant with state or agency technical architectures
15 Business Technology Operational Application Portfolio Analysis Perspectives Do we have the right capabilities in place to support business processes? Are they aligned with business priorities? Where are potential synergies? Are there duplications? Do they provide quality and timely information? Do they fit the desired technical architecture? What is the technical migration road-map? What risks are presented by outdated technology? How do we maximize overall value, especially by redirecting funds to other applications or uses offering more value? Can costs be optimized across the organization, especially by eliminating or renovating costly applications? To what extent can innovation and new applications be funded by cost savings? Do they cost too much to operate or maintain? Key Concepts: Analysis Perspectives Business, technology, operational, and financial perspectives are combined to determine the posture of the application, indicate the appropriate remediation strategy, and to provide recommendations for managing the application portfolio over time General idea – action is required when an asset is not cost-effective or risk- acceptable (it is worn out, no longer technically fits, or costs to much to keep) Technology / Operational Financial Are applications sustainable? Are they risk-acceptable? Do they present security, privacy, or disaster recovery vulnerabilities? Do they meet availability, reliability, and maintainability requirements? Is there long-term staffing support? Do they require a supporting infrastructure that is too complex or diverse? Are updates current with vendor releases? Do they support interoperability and information exchange among applications? Are they scalable, extendable, and adaptable – can they accommodate change easily? Do they help standardize underlying infrastructure to simplify operations and reduce costs?
16 Applications Portfolio Inventory and Classification General – ID, business owner, age, etc. Business processes enabled/supported Business value/criticality User information Functional quality –Present business requirements –Future business growth and new business needs Technical quality –Architectural compliance –Operations and maintenance – support of or detriment to Costs –Operations –Maintenance and technical support Risk profile Disaster recovery/business continuity status Key Attributes for Each Application Attributes can be unlimited – use potential for compelling analyses (usefulness) and ability for consistent refresh as decision criteria for the selection of them.
17 Applications Portfolio Inventory and Classification Who Knows About Particular Attributes: Public Users (State’s Citizens and Businesses) Users From Other Government Entities Business Users Managers and Executives IT Managers Technical Architects Application Developers Application Maintainers IT Operations Help Desk Business and IT Security and DR/BC Staff Financial, Accounting, and Budgeting Personnel Sources of information can (and maybe should) be numerous – don’t overcomplicate, but ensure that all perspectives are offered and data is fact-based, reliable, and complete.
18 Analysis of Applications Portfolio - Basics Business leaders –What are strategic business drivers? –Which apps fit drivers (are mission critical)? Which do not? Users –Which apps meet business needs? Which are lacking? –How many users are dependent on app? What are the vulnerabilities and what are the impacts of outages. Business analysts –Which apps have accessible, complete, actionable, accurate, timely, and useful data? Which do not? –Which apps enable business process reengineering? Which do not? Applications maintenance –Which apps require the most maintenance effort and expense? Which are scalable and adaptable? Which are not? Which are most reliable and maintainable? Which are not? Help desk –Which apps generate the most trouble tickets?
19 Analysis of Applications Portfolio - Basics Technical architects –Which apps contain components that comply with agency and statewide technical architectures? Which do not? –Which apps contain components that are beyond vendor support – aged releases and/or removal of product support? IT managers –Which apps have reliable and dependable vendor maintenance support – either in-house or outsource? Which do not? –Which apps do not integrate (share data) well? How critical are the these apps to the performance of other applications supporting critical business processes? –Which apps have performance problems? What are the business and cost impacts of these? Can they be rectified? –Which apps are subject to determinable vendor mergers or acquisitions? What are the consequences, and how can they be mitigated? –Which apps have questionable risk profiles – security; DR/BCP; vendor viability; regulatory compliance; HR risk from staff retirement; privacy and confidentiality; and/or information availability, quality, and retention?
21 Application Portfolio Management - Action Approaches Tolerate: Evaluate costs and business, technical, and operational quality If low costs and/or no business, technical, and/or operational problems, may consider elimination or consolidation or continue as is Eliminate: If low business value or high costs, probably doesn’t justify replacement or renovation Consider decommissioning or consolidation Reengineer/Modernize or Replace: Consider renovation, retirement and replacement, or consolidation Risks Importance to the Organization / Strategic Alignment Maintain/Evolve: Evaluate costs and business, technical, and operational quality If provides value as is and costs reasonable, continue regular support and maintenance High/Good Alignment High Low/Bad Alignment Low
22 Application Portfolio Management - Action Approaches Eliminate: Evaluate risks and cost If high risk and/or high cost, consider elimination or consolidation Tolerate: Evaluate risks and cost If low risks and low cost, continue regular support and maintenance If high risks and/or high cost, consider remediation, elimination or consolidation Maintain/Evolve: Evaluate risks and costs If low risks and costs, continue regular support and maintenance Technical Architecture Fit or Operational Quality Importance to the Organization / Strategic Alignment Reengineer/Modernize or Replace: Consider renovation, consolidation, or retirement and replacement High/Good Alignment Good Low/Bad Alignment Bad
23 Application Portfolio Management - Action Approaches Tolerate: Evaluate risks and business, technical, and operational quality If low risk and/or no business, technical, and/or operational problems, may consider elimination or consolidation or continue as is Eliminate: If low business value or high risks, probably doesn’t justify replacement or renovation Consider decommissioning or consolidation Reengineer/Modernize or Replace: Consider renovation, retirement and replacement, or consolidation Operations and Maintenance Costs Importance to the Organization / Strategic Alignment Maintain/Evolve: Evaluate risks and business, technical, and operational quality If provides value as is and risks low, continue regular support and maintenance High/Good Alignment High Low/Bad Alignment Low
24 Application Portfolio Management - Action Approaches Technical Architecture Fit or Operational Quality Importance to the Organization / Strategic Alignment High/Good Alignment Good Low/Bad Alignment Bad High Risk and High Cost Medium Risk and Medium Cost Low Risk and Low Cost Maintain/Evolve: Eliminate: High Risk and High Cost Reengineer/Modernize or Replace: Tolerate: Low Risk and Low Cost Risk is indicated by color of bubble: red is high, yellow is medium, and green is low Cost is indicated by size of bubble: large is high, medium is medium, and small is low Choice of Actions ???
25 Expensive to operate or maintain None or decreasing vendor support for major components Insufficient or decreasing availability of staff support Can not enhance for new business requirements Inefficient IT resource utilization Inadequate data access and quality Vulnerable security Recoverability difficult or suspect Not compliant with state or agency tech. architectures Cost-effective to operate and maintain Adequate vendor support for major components Adequate availability of staff support Can enhance for new business requirements Efficient IT resource utilization Adequate data access and quality Adequate security protection Resilient to human-induced or natural disasters Compliant with state and agency tech. Architectures Easily recoverable Meets present service delivery needs Meets anticipated needs for new services, business process reengineering initiatives, and information access Protective of individual privacy and data confidentiality Creates inefficient and less effective service delivery processes Constraint on implementation of new services, expanded citizen benefits, and/or more efficient business processes Individual privacy and data confidentiality at risk Business Perspective Low High High Attention Zone – Both Business and Technical Risks Safe Zone Warning Zone – Not Making Best Use of In-Place Technology to Meet Business Needs Warning Zone – High Technical Risks Application Portfolio Management - Determining the Posture of Applications Technical Perspective Safe Zone Generic criteria are defined to assess applications from a business and technology perspective Bad Good Bad
26 Application Portfolio Management - Remediation Approaches Replace - if possible, with Commercial or Government Package: If low business value, probably doesn’t justify custom code renovation or replacement Consider elimination or consolidation No Technical Reengineering: Re-host candidate Functional enhancement Tolerate or invest Low Priority Technical Reengineering: Low maintenance and support costs Provides value as is Regular support and maintenance Technical Perspective Business Perspective Good Technical Reengineering Candidates: High business value means quicker ROI Renovation will improve support and maintenance costs High/Good Low/Bad
27 Application Portfolio Management - Investment Selection and Prioritization “ Very Important and At Risk/Great Urgency” are highest priority were level of risks and degree of urgency drive remediation activities “Very Important and Limited Risk/Less Urgent” applications are second priority compared to above due to less strategic importance and/or mission criticality “Less Important and At Risk/Great Urgency” applications are also second priority for remediation, but may deserve slightly higher consideration due to high risk and more pressing business urgency “Less Important and Limited Risk/Less Urgent” are lowest priority Importance to the Organization / Strategic Alignment Low/Low High/high High/High Selectively Second Priority Risk / Business Urgency Second Priority First Priority Very Important and At Risk / Great Urgency Less Important and Limited Risk / Less Urgent Very Important and Limited Risk / Less Urgent Less Important and At Risk / Great Urgency Prioritization and timeframe for action are driven by overall importance to the organization/strategic alignment of application, business urgency for remediation, and risks. In addition prioritization is driven by: – Specific business initiatives, programs, and/or funding streams available – Overall risk issues, interrelationships between applications, and the general need for modernization of legacy systems Low/Low
28 Application Rationalization Rationalization implies the use of logical processes, rational thought, and agreed upon principles to weed out unwanted items and effect change. The rationalization of applications portfolios involves a step-by-step process conducted on an application-by-application basis with agreed upon methodologies and criteria and within a decision-making governance model to: 1) reduce the number of applications by the consolidation of those performing similar functions and the elimination those of low value and high cost, and 2) remodel or replace those providing value but not fitting technical architectures, requiring high cost, and/or presenting exposure to unacceptable risks. Business Value Low Bad High Good Architecture Fit and Cost- Effectiveness of Operations High Value, Poor Architecture Fit, and High Costs – Renovate or replace High Value, Good Architecture Fit, and Low Costs – Maintain and keep current Low Value, Poor Architecture Fit, and High Costs – Eliminate, consolidate, or replace Low Value, Good Architecture Fit, and Low Costs – Evaluate if really needed, consider functional enhancement
29 Portfolio Management Strategy The management of applications portfolios uses similar strategies and disciplines as those employed by financial managers. Portfolios are optimized by determining which applications receive current, lower, or increased levels of funding and which ones are targeted for renovation, consolidation, elimination, or replacement. Over time, the applications portfolios as a whole should reflect the greatest business value and closest architectural fit with the lowest costs and risks. Business Value Low Bad High Good Architecture Fit and Cost- Effectiveness of Operations High Value, Poor Architecture Fit, and High Costs – Renovate or replace High Value, Good Architecture Fit, and Low Costs – Maintain and keep current Low Value, Poor Architecture Fit, and High Costs – Eliminate, consolidate, or replace Low Value, Good Architecture Fit, and Low Costs – Evaluate if really needed, consider functional enhancement
30 APM is an Ongoing Process – Not Just a Project Identify expansion budget requests for: –Long (biennial budget) session of General Assembly –Short (2 nd year of biennial budget) session of General Assembly Assist in the preparation of annual DR/BCPs (COOPs) Assist in the preparation of biennial agency IT plans Identify funding needs from other sources, such as federal funds Assist in making decisions for or documenting changes in applications due to: –New implementation projects –Additions, renovations, or upgrades to technical infrastructure –Renovations/modernizations to applications Provide answers to ad hoc questions Examples of How APM Information Will be Used by Agencies
31 Overview of IT Portfolio Management Agency Missions and Vision and Business Goals and Objectives Statewide and Agency IT Plans Application Portfolio Management Project Portfolio Management Investment Portfolio Management Identify Problems and Opportunities Funded New Projects Manage Portfolio Analyze Portfolio Optimize Portfolio Build and Maintain Inventory Develop Business Drivers and Business Cases Analyze Candidate Investments Adjust Project Portfolio Assess Value of Projects and Portfolio Manage Portfolio Implement Projects Select and Plan Investments New or Renovated Applications Project Proposals for Applications Renovations, Retirements, or Replacements
32 Inventory (Build and Maintain Inventory) Application identity and basic information Financial (Analyze and Manage Portfolio) Detailed application-level costs and cost-effectiveness analyses Assessment (Analyze and Manage Portfolio) Risk, Operational Performance, Architectural Fit Alignment (Optimize Portfolio) Process Inventory, contribution, function association Core Business Drivers, priorities, process contribution Application Portfolio Management Perspectives Level I (Step 1) Level II (Steps 2 and 3) Level III (Steps 2 and 3) Level IV (Step 4) Initial Deployment Focus Scope of Keane- Gartner Study
33 Conclusions Applications swallow cost, time, and management bandwidth, while increasing risks – unless they are well managed to reduce complexity and risk and retired or consolidated in a timely fashion, the entire IT budget will be operations and DR/BCP will be unaffordable Creating a portfolio view of existing applications does not have to be complicated; focus on the basics and the big picture – let the software tool highlight problem areas and offer improvement opportunities for management decision making Benefits of APM are clear; –Investment decisions for elimination, replacement, or remediation are made in a consistent manner considering application risks, value/importance to organization and its priorities, most effective use of personnel, and life span optimization of costs/benefits –IT complexity is reduced; thereby, maximizing business value received while minimizing IT cost incurred –Planning for DR/BCP is facilitated to ensure continuity of operations –Risks are managed, and stewardship for assets is facilitated