Implementation of Application Portfolio Management Governance, Process, and Execution (The What and Why of APM) February, 2006
Approximate Times (Minutes) Presentation Agenda Topic Slides Perspectives and Overview of APM Concepts, Processes, and Practices of APM Implementation of APM in NC State Government Questions 3 -10 10 10 - 24 20 24 -36 15 15 Total Time 60
Portfolio Management is: Portfolio Management A collection of items grouped together to facilitate efficient and effective management and optimally allocate fiscal, staffing, and other scarce resources. The purpose is to meet strategic business goals and objectives in the most effective and productive manner by appropriately considering key factors, such as desired returns or public value, initial and life cycle costs, architectural directions, risk profiles, and the inter-relations among investments. The objective is to make fact-based, data-driven, and analytics -oriented management decisions, using a consistent and disciplined approach within a well-defined governance structure. Major Portfolio Management Tasks are: • Inventory and classify items in the portfolios. • Perform relevant analyses – identify problems and opportunities, develop viable options, determine relevant criteria, ask the right questions, evaluate alternatives using pertinent information, and make decisions.
Phase/Type of Portfolio Management Effort Implementation Status and Timeframe Status of Implementation of Portfolio Management Completed – performed in 2004 and early 2005 Topic Research and Purchase of Tool Project (PPM) Completed – performed summer and fall 2005 Applications (APM) In process - winter and spring 2006 Investment (IPM) In process - initial efforts in winter and spring 2006 as part of applications endeavor; more advanced capabilities will be implemented later as agencies are ready and need them
Summary of Findings of Keane/Gartner Legacy Applications Study – December 2004 • In the portfolio of approximately 900 applications: 40% are considered critical for department mission/strategy; 17% are enterprise (statewide) applications; and 75 of the applications processed by the state data center require 1-day return-to-service capability. • The statewide portfolio is relatively young, with an average age of 7.5 years – since 1997, from 70 to 90 new or replacement applications have been added each year to bring down the average age. • Health status is: 23% presenting functional, technical, or both problems; 50% with some problems, but manageable; and 27% healthy, with a prescription for continuing on-going operations and maintenance. • Remediation timeframes are: 11% require action immediately (within next two years), 35% require action in the near term (2 to 4 years), and 54% require action in the long term (4 to 6 years). • Although the immediate needs of the portfolio appear to be manageable, projections of its future status, if no remediation actions are taken, indicate an increasingly deteriorating condition as the applications age.
I. Strategic Business and IT Planning and Investment Selection and Budgeting - Investment Portfolio Management (IPM) – Build, Buy, and/or Implement the Right Assets III. Investment Operation and Maintenance, and Renewal, Retirement, or Replacement - Applications Portfolio Management (APM) – Maintain and Operate Assets in the Right Ways and Retire or Replace Them at the Right Times Framework for Managing IT Investments Life Cycle of IT Investments • Identify investments that best: • Enable governmental initiatives or agency missions and strategies • Result in financial returns – revenue generation or cost savings • Provide better constituent services or program effectiveness • Fit technical architectures • Satisfy budget, staffing, and other constraints • Meet risk profiles • Operate and maintain assets so that: • Benefits/costs are optimized over their useful lives through astute and timely renovations, consolidations, or eliminations • Services offered meet availability, reliability, security, quality, and recoverability expectations within acceptable budgets • Retirements and replacements are effected when assets are no longer cost-justified or risk-acceptable II. Project Implementation-Project Portfolio Management (PPM) – Build and Implement Assets in the Right Manner Manage projects by: • Clarifying roles and responsibilities • Providing appropriate oversight • Ensuring they are well planned and thoroughly researched prior to starting • Defining, tracking, and evaluating project progress frequently to achieve budget, schedule, scope, and quality expectations • Completing them successfully so that business goals and objectives are realized
NC is not Alone in Implementing APM - Gartner Prediction for 2006 Gartner predicts that 40% of large public and private enterprises will implement application portfolio management in the next two years. The reason for the rapid growth in the use of APM is other companies and government entities have achieved successes in cost reduction, managing the complexities of hundreds of established assets, and improving budget process effectiveness. Applications portfolio management is critical to understanding and managing the 40 percent to 80 percent of IT budgets devoted to maintaining and enhancing software. Most organizations don’t track established applications over time to ascertain return on investment (or to determine which should be disposed of), and few manage application portfolios with tools. In other words, these organizations haven’t truly associated the substantial amount of money they’re spending with what they are spending it on. Gartner Research Note “Predicts 2006 Reacting to Application Development Challenges With Management and Automation” dated November 15, 2005
Reasons for Applying APM Concepts and Disciplines to Existing Applications • Identify and catalogue all applications – know what you have and what they do in order to manage them. • Track and communicate technical and business status of applications to identify problems and take advantage of opportunities. • Enhance the alignment of applications with agency strategies and technical architectures to improve support of business processes. • Identify and eliminate or replace applications that are redundant, high-risk, low-performance, or high-cost (especially O&M). • Develop a multi-year management decision roadmap to optimize benefits/costs and minimize risks over application useful lives.
Primary Goals for Managing Applications • Reduce maintenance and support costs – provide a source of funds for new investments. • Align IT with business – better satisfy business priorities and evolving needs. • Fund the right application remediation efforts – maximize benefits/costs for dollars spent. • Coordinate and prioritize IT investments – there is not enough money to do everything, so do the right things.
Issues Surrounding Systems Obsolescence Over time, sustainability of applications becomes questionable due to age and technology advances, combined with changed business needs. They no longer: a) support business goals and objectives, b) are cost-effective to operate or maintain, and/or c) are risk-acceptable by presenting too great a likelihood of failure with cataclysmic consequences. Business Issues • Impediment to the implementation of new and more cost-effective service delivery models – unable to respond to demands for new functionality, support business processes, or provide adequate and secure information access • Becomes a constraint in meeting regulatory requirements Staffing issues - Unavailability of Skills • Unavailability of staff skills or expertise to maintain • Unavailability of third party vendors • Dependency on individual contractors Technology issues • Expired warranties, with no vendor support • Can not handle increased usage or volumes of data • Does not run anymore on available platforms • Inefficient IT resource utilization • Used beyond original intent, and cannot be enhanced • Cannot meet security, privacy, or confidentiality requirements • Are not easily recoverable for disaster recovery and business continuity • System can fail, with untraceable error • Inconsistent or inadequate information and data quality • Not compliant with state or agency technical architectures Sources of Risks Seems to run forever, but ultimately has a finite business, economic, and/or technical life
Business, technology, and financial perspectives are combined to determine the posture of the application, indicate the appropriate remediation strategy, and to provide recommendations for managing the application portfolio over time Key Concepts: Analysis Perspectives General idea – action is required when an asset is not cost-effective or risk-acceptable (it is worn out, no longer technically fits, or costs to much to keep) • Do we have the right capabilities in place? • Are they aligned with business priorities? • Where are potential synergies? • Are there duplications? Business • How do we maximize overall value? • Can costs be optimized across the organization? • To what extent can innovation and new applications be funded by cost savings? • Do they cost too much to operate or maintain? Application Portfolio Analysis Perspectives Technology Financial • Are applications sustainable? • Do they fit in the desired architecture? • What is the technical migration road-map? • Are they risk-acceptable? • Do they present security, privacy, or disaster recovery vulnerabilities?
Key Attributes for Each Application Applications Portfolio Inventory and Classification • General – ID, business owner, age, etc. • Business processes enabled/supported • Business value/criticality • User information • Functional quality • Present business requirements • Future business growth and new business needs • Technical quality • Architectural compliance • Operations and maintenance – support of or detriment to • Costs • Operations • Maintenance and technical support • Risk profile • Disaster recovery/business continuity status Attributes can be unlimited – use potential for compelling analyses (usefulness) and ability for consistent refresh as decision criteria for the selection of them.
Who Knows About Particular Attributes: • Public Users (State’s Citizens and Businesses) • Users From Other Government Entities • Business Users • Managers and Executives • IT Managers • Technical Architects • Application Developers • Application Maintainers • IT Operations • Help Desk • Business and IT Security and DR/BC Staff • Financial, Accounting, and Budgeting Personnel Applications Portfolio Inventory and Classification Sources of information can (and maybe should) be numerous – don’t overcomplicate, but ensure that all perspectives are offered and data is fact-based, reliable, and complete.
Analysis of Applications Portfolio - Basics • Business leaders • What are strategic business drivers? • Which apps fit drivers (contribute to business)? Which do not? • Users • Which apps meet business needs? Which are lacking? • How many users are dependent on app? What are the vulnerabilities and what are the impacts of outages. • Business analysts • Which apps have accessible, complete, actionable, accurate, and timely data? Which do not? • Which apps enable business process reengineering? Which do not? • Applications maintenance • Which apps require the most maintenance effort and expense? Which are scalable and adaptable? Which are not? Which are most reliable and maintainable? Which are not? • Help desk • Which apps generate the most trouble tickets?
Analysis of Applications Portfolio - Basics • Technical architects • Which apps contain components that comply with agency and statewide technical architectures? Which do not? • Which apps contain components that are beyond vendor support – aged releases and/or removal of product support? • IT managers • Which apps have reliable and dependable vendor maintenance support – either in-house or outsource? Which do not? • Which apps do not integrate (share data) well? How critical are the these apps to the performance of other applications supporting critical business processes? • Which apps have performance problems? What are the business and cost impacts of these? Can they be rectified? • Which apps are subject to determinable vendor mergers or acquisitions? What are the consequences, and how can they be mitigated? • Which apps have questionable risk profiles – security; DR/BCP; vendor viability; regulatory compliance; HR risk from staff retirement; privacy and confidentiality; and/or information availability, quality, and retention?
Application Portfolio Management -Approach for Assessing and Managing Applications Data Collection, Analysis, and Decision-Making Process Step 1 - Build and Maintain Inventory Step 2 - Analyze Portfolio Step 3 - Manage Portfolio Next Steps Step 4 – Optimize Portfolio Determine if Remediation (Other Than Regular Ongoing Support and Maintenance) Required and Develop Life Span Transformation Roadmap Incorporate Results in Business and IT Planning and Funding Request Processes - Investment Portfolio Management Assess Overall Posture of Application • Business Status? • Technical Status? Continue Regular Support & Mainte-nance Create and Maintain Inventory in UMT Portfolio Management Software Tool Near-Term Action Needed? No Yes Approximately 50% of UMT database updated from data used in Keane/Gartner study Evaluate Business Importance and Criticality of Problems or Opportunities – Prioritize, Specify Timeframe for Action, and Determine Costs and Benefits
Application Portfolio Management - Determining the Posture of Applications Generic criteria are defined to assess applications from a business and technology perspective Good • Meets present service delivery needs • Meets anticipated needs for new services, business process reengineering initiatives, and information access • Protective of individual privacy and data confidentiality High Warning Zone – High Technical Risks Safe Zone Safe Zone Business Perspective • Creates inefficient and less effective service delivery processes • Constraint on implementation of new services, expanded citizen benefits, and/or more efficient business processes • Individual privacy and data confidentialityat risk Warning Zone – Not Making Best Use of In-Place Technologyto Meet Business Needs High Attention Zone – Both Business and Technical Risks Bad High Low Bad Good Technical Perspective • Expensive to operate or maintain • None or decreasing vendor support for major components • Insufficient or decreasing availability of staff support • Can not enhance for new business requirements • Inefficient IT resource utilization • Inadequate data access and quality • Vulnerable security • Recoverability difficult or suspect • Not compliant with state or agency tech. architectures • Cost-effective to operate and maintain • Adequate vendor support for major components • Adequate availability of staff support • Can enhance for new business requirements • Efficient IT resource utilization • Adequate data access and quality • Adequate security protection • Resilient to human-induced or natural disasters • Compliant with state and agency tech. Architectures • Easily recoverable
Options for Life Span Transformation Roadmap • Technical renovation/enhancement, such as re-host, employ Service Oriented Architecture (SOA) or Web services architectures to modernize, recode, update database management software, etc. • Functional enhancement. • Replace (COTS, GOTS, or custom development) and retire. • Sunset/eliminate. • Consolidate with applications performing the same or similar business functions. • Consolidate with multiple diverse applications as part of an agency wide or state wide initiative. • Continue maintenance.
Application Portfolio Management - Remediation Approaches High/Good • Low Priority Technical Reengineering: • Low maintenance and support costs • Provides value as is • Regular support and maintenance • Good Technical Reengineering Candidates: • High business value means quicker ROI • Renovation will improve support and maintenance costs Business Perspective • Replace - if possible, with Commercial or Government Package: • If low business value, probably doesn’t justify custom code renovation or replacement • Consider elimination or consolidation • No Technical Reengineering: • Re-host candidate • Functional enhancement • Tolerate or invest Low/Bad Low/Bad High/Good Technical Perspective
Application Portfolio Management - Investment Selection and Prioritization Prioritization and timeframe for action is driven by overall importance as well as risks. • “At Risk/Critical” are highest priority were level of risks drive (broader) remediation activities • “Limited Risk/Critical” applications are second priority compared to critical/at risk • “At Risk/Less Critical” applications are also second priority for remediation, especially if risks can be mitigated • “Limited Risk/Non Critical” applications should be reviewed to minimize technology investments and look for opportunities to consolidate or substitute for better solutions High Limited Risk / Critical At Risk / Critical Second Priority First Priority Overall Importance to Organization Selectively Second Priority Limited Risk / Non Critical At Risk / Less Critical Low Low High Business/Technology Risk or Urgency In addition prioritization is driven by: • Specific business initiatives, programs, and/or funding streams available • Overall risk issues, interrelationships between applications, and the general need for modernization of legacy systems
Identify expansion budget requests for: Long (biennial budget) session of General Assembly Short (2nd year of biennial budget) session of General Assembly Assist in preparation of BCPs Provide IT cost data to OSC for annual report submitted to General Assembly Identify funding needs from other sources, such as federal funds Assist in making decisions for or documenting changes due to: New implementation projects Additions, renovations, or upgrades to technical infrastructure Renovations/modernizations to applications Provide answers to ad hoc questions APM is an Ongoing Process – Not Just a Project Examples of How APM Information Will be Used by Agencies
Agency Missions and Vision and Business Goals and Objectives Overview of IT Portfolio Management Develop Business Drivers and Business Cases Investment Portfolio Management Identify Problems and Opportunities Statewide and Agency IT Plans Analyze Candidate Investments Project Proposals for Applications Renovations, Retirements, or Replacements Select and Plan Investments Funded New Projects Manage Portfolio Adjust Project Portfolio Application Portfolio Management Analyze Portfolio Optimize Portfolio Assess Value of Projects and Portfolio Project Portfolio Management Manage Portfolio Implement Projects New or Renovated Applications Build and Maintain Inventory
Conclusions • Applications swallow cost, time, and management bandwidth, while increasing risks – unless they are well managed to reduce complexity and risk and retired or consolidated in a timely fashion, the entire IT budget will be operations and DR/BCP will be unaffordable • Creating a portfolio view of existing applications does not have to be complicated; focus on the basics and the big picture – let the software tool highlight problem areas and offer improvement opportunities for management decision making • Benefits of APM are clear; • Investment decisions for elimination, replacement, or remediation are made in a consistent manner considering application risks, value/importance to organization and its priorities, most effective use of personnel, and life span optimization of costs/benefits • IT complexity is reduced; thereby, maximizing business value received while minimizing IT cost incurred • Planning for DR/BCP is facilitated to ensure continuity of operations • Risks are managed, and stewardship for assets is facilitated
Application Portfolio Management Perspectives Alignment (Optimize Portfolio) • Process Inventory, contribution, function association • Core Business Drivers, priorities, process contribution Level IV (Step 4) Level III (Steps 2 and 3) Initial Deployment Focus Financial (Analyze and Manage Portfolio) • Detailed application-level costs and cost-effectiveness analyses Level II (Steps 2 and 3) Assessment (Analyze and Manage Portfolio) • Risk, Operational Performance, Architectural Fit Scope of Keane-Gartner Study Level I (Step 1) Inventory (Build and Maintain Inventory) • Application identity and basic information
Transition to Executive Decision Making Process Funding Requests Applications Portfolio Management Process Tool Assisted Decisions Subjective Business Decisions Step 1 – Level I Collect, Validate, and Maintain Data (Build and Maintain Inventory) Step 3 – Levels II & III Determine Dispositions and Life Span Transition Roadmap (Manage Portfolio) Investment Portfolio Management (IPM) Process Step 2 – Levels II & III Perform Assessments (Analyze Portfolio) Step 4 – Level IV Determine Priorities, Timeframes, Costs, and Benefits (Optimize Portfolio) • One-Time Work • Transfer data from Keane/Gartner study • Perform initial collection and validation of remaining data • Ongoing Work • Perform data changes and validations as they occur • Collect and validate data for implementation projects transitioning to applications assets • Major Data Elements • ID • Costs • Business criticality • Business processes enabled or supported • Functional quality • Technical quality • Risk profile • Identify • Business problems/issues • Technical problems/issues • Risk vulnerabilities, probabilities, and impacts • Other problems/issues • Evaluate • Status/Health (Good, Bad, Moderate) • Value to organization (High, Moderate, Low) • Risk of unrecoverable failure (High, Medium, Low) • Identify • Dependencies on other applications and projects • Costs/fiscal requirements • Technical infrastructure requirements • Benefits/value to accrue • Alignment with state/agency priorities • Confirm and/or Develop • Implementation approach • Determine Priorities and Timeframes • Select priority for action (High, Medium, Low) • Select timeframe for action (Immediate, Near-Term, Long-Term) • Potential Benefits for Selected Actions • Cost savings from consolidate/eliminate applications • Improvements in public service, reliability, recoverability, and security resulting from functional/technical renovation or replacement • Consider • Cost-effectiveness • Risk acceptability – status of • Identify • Problems/opportunities • Alternative approaches • Best actions for managing application over expected life spans • Mission criticality/importance to agency • Determine Whether To • Invest additional funds (technical or functional enhancement or replacement) • Sunset/eliminate • Consolidate • Replace and consolidate as part of an agency wide or state wide initiative • Continue maintenance
Comparison and Contrast of Keane/Gartner Study with APM Implementation Project • 1. Database attributes for applications: • K/G – all data collected by agencies and input by K/G staff from scratch • APM – Approximately 50% of data elements transferred from K/G study and agency staff will both collect additional data and input it into UMT software tool • 2. Annual maintenance and support costs: • K/G – not included in data collection or analyses • APM – included in data and an important part of analyses • 3. Perspectives for analyses and future actions for applications: • K/G – Single point-in-time assessment, analogous to annual physical • APM – Long-term management plan, analogous to lifetime health/fitness plan
Comparison and Contrast of Keane/Gartner Study with APM Implementation Project • 4. Responsibilities for application assessments and action plans: • K/G – K/G staff performed all analyses with agency review • APM – Agency staff responsibility for performing assessments and developing life-span transition roadmaps • 5. Follow-up to initial assessments and updating of attributes, analyses, and transition plans over time: • K/G – Not within scope of study and little/limited follow-up to date • APM – Frequent and regular, especially in response to budgeting and funding cycles and development of BCPs • 6. Project planning, management, and reporting: • K/G – K/G staff and State CIO project team • APM – Each agency responsible for its performance and the meeting of schedules and quality, while the State CIO project team will provide overall coordination, training, and assistance to agencies
January 2006 APM Rollout Preparation Beta Implementation Beta Implementation Beta Implementation Beta Implementation
February 2006 Beta Implementation Beta Implementation Beta Implementation Beta Implementation Beta Feedback – Revise Configuration & Training Beta Feedback – Revise Configuration & Training
March 2006 Beta Feedback – Revise Configuration & Training Wave 1 Wave 1 Wave 1 Wave 1 Wave 2
April 2006 Wave 1 Wave 2 Wave 2 Wave 2 Wave 3 Wave 2 Wave 3
May 2006 Wave 3 Wave 3 Wave 4 Wave 3 Wave 4 Wave 4 Wave 4
Agency “To Do” List Before Start of APM Implementation – We Will Help Accomplish • Develop approach for collecting and inputting application attribute data: • Application independence and autonomy (minimum central control of data integrity or completeness) • More centralized input and quality control (managed approach) • Develop approach for conducting application analyses work, reviewing results, and making decisions regarding life span transformation roadmaps • Determine agency personnel that will participate in the project, and ensure each is scheduled for training, has the time availability to contribute to the effort, and calendars are updated to reflect time commitments
Agency “To Do” List Before Start of APM Implementation – We Will Help Accomplish • Develop high level project plan, with key responsibilities, schedule/milestones, organization chart, etc.: • Appropriate to size, business and IT complexities, number of applications, governing structure/relations, and culture of agency • Include sufficient numbers of personnel and appropriate representation from business, IT, senior executive/management, and other types of agency staff • Determine whether agency desires to participate in Level IV (step 4) implementation – voluntary option: • Significant participation and commitment from top executives, business managers, and senior IT staff • May introduce needs for major cultural changes and considerable modifications to long-standing business unit-to-business unit relations and business-to-IT interactions • May not be appropriate/useful for all agencies, and must request this optional implementation effort through the State CIO
Contact Information • Tom Runkle • Tom.Runkle@its.nc.gov • 754-6677 • Jim Tulenko • Jim.Tulenko@its.nc.gov • 754 – 6606 • Charles Richards • Charles.Richards@its.nc.gov • 754 - 6612 • Barbara Swartz • Barbara.Swartz@its.nc.gov • 754 - 6657