Running Head: THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
The Scientific Method Applied To Digital Forensics
by student name
Professor D. Barrett
University
Course
Todays date
1
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
2
Abstract
Computer forensics is the process of digital investigation combining technology, the science of discovery and the
methodical application of legal procedures. Judges and jurors often do not understand the inner workings of
computers and rely on digital forensics experts to seek evidence and provide reliable, irrefutable testimony based on
their findings. The scientific method is the process of diligent, disciplined discovery where a hypothesis is formed
without bias, and analysis and testing is performed with the goal of effectively proving or disproving a sound
hypothesis. When investigative teams do not follow standard investigative procedures it can lead to inappropriate
and inaccurate evidentiary presentations that are extremely difficult for non-technical participants to refute. The
practitioners of digital forensics can make strides to measure and improve the accuracy of their findings using the
scientific method. This paper includes a summary of the scientific method as applied to the emerging and growing
field of digital forensics and presents details of a specific case where both the prosecution and defense would have
benefitted greatly from the use of this proven method of discovery and analysis. Findings can only be deemed
reasonably conclusive when the scientific process is correctly applied to an investigation, findings are repeatable and
verifiable, and where both the evidence collected and the tools used are subject to the utmost scrutiny.
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
3
The Scientific Method Applied To Digital Forensics
The forensic analyst and investigator must use a unique combination of technical, investigative, and
scientific skills when approaching a forensic case. Most adults remember the Scientific Method from their middle
school science class as a set of six steps beginning with stating a problem, gathering information, forming a
hypothesis, testing the hypothesis, analyzing the data and drawing conclusions that either support or do not support
the hypothesis. Peisert, Bishop, & Marzullo (2008) note that the term computer forensics has evolved to mean
“scientific tests of techniques used with the detection of crime” yet note that many academic computer scientists also
use the term to refer to the “process of logging, collecting, auditing or analyzing data in a post hoc investigation”.
The necessity to maintain chain of custody requires methodical and detailed procedures, as does the formulation of a
legitimate and unbiased hypothesis and conclusion using the scientific method. Since many judges and jurors
assume that computer forensic evidence is as “reliable and conclusive” as it is depicted on television, the legal
system is unaware of the volatile nature of computer forensics investigations and the significance of a scientific
approach to evidence gathering and analysis (Peisert et al., 2008).
The Scientific Process as Applied to Computer Forensics
Peisert et al. (2008) discuss in detail the need for the use of the scientific method in forensic investigations,
not only for the process of discovery and analysis of evidence, but for measuring the accuracy of the forensic tools
used in an investigation. Casey (2010) agrees, and cautions that evidence must be compared to known samples so
that investigators better understand the scope and context of the evidence that is discovered or presented and to
better understand the output of forensic tools. Casey (2010) further elaborates that the scientific method is a
powerful tool for forensic investigators who must be neutral fact finders rather than advocates for one side of a case
or the other.
The process of creating a hypothesis and completing experiments to prove or disprove them allows an
investigator to gain a concrete understanding of the digital evidence or mere traces of evidence under analysis.
Casey (2010) also notes that while there is no ethical requirement to do so and may be impractical, a thorough
investigative practice would consider investigation of alternate scenarios presented by defense.
Forensic examination tools can contain bugs, or behave differently with various types of data and forensic
images. Casey (2010) recommends that investigators examine evidence at both the physical and logical layers since
both methods can provide unique perspectives, and the physical layer may not yield deleted, corrupted or hidden
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
4
data. Suspects with limited technical experience can rename image files with different extensions not used for
images, and those with more technical knowledge can use advanced steganography techniques to embed data within
other data in an attempt to defy detection.
The 2004 case of State of Connecticut v. Julie Amero in Norwich, Connecticut is one where the scientific
method was clearly missing from both the defense and prosecution. Eckelberry, Dardick, Folkerts, Shipp, Sites,
Stewart, & Stuart (2007) completed a comprehensive post-trial analysis of the evidence as provided to the defense
and discovered very different evidentiary results using a structured scientific approach to their investigation.
Amero was a substitute elementary teacher accused of displaying pornographic images that appeared on pop-up’s to
her students from what ultimately was proven to be a spyware-infected school computer. The credibility of the legal
system was compromised and the prosecution made a numerous incorrect assumptions based on results provided
from inadequate forensic tools and poor investigative techniques (Eckelberry et al., 2007).
The computer that Amero was using in her classroom was a Windows 98 machine running Internet
Explorer 6.0.2800 and a trial version of Cheyenne AntiVirus that had not received an update in several years. The
content filtering at the school had expired several months prior to the incident. The prosecution presented nonfactual statements that may easily have been misconstrued by a non-technical jury and that likely caused a guilty
verdict. The false testimony made by the school IT specialist indicated that the virus protection was updated weekly
when in fact they were not since computer logs and the signatures clearly showed that virus updates were no longer
supported by the vendor. The updates may have been performed but against files that had no new updates for many
months. The IT Manager who testified also incorrectly claimed that adware was not able to generate pornography
and especially not “endless loop pornography”. This information was received as a fact by the non-technical jury
and incredibly not refuted by the defense. The detective for the prosecution also stated that his testimony was based
completely on the product ComputerCop which the vendor admits is incapable of determining if a website was
visited purposefully or unintentionally. The forensic detective astoundingly admitted that he did not examine the
computer for the presence of adware (Eckelberry et al., 2007, p. 7-10).
The case against Amero was largely based on testimony stating that she deliberately visited the offensive
pornographic websites and that the sites visited subsequently showed the links in red. The post-trial investigative
team quickly verified that the ‘sites visited’ color setting in Internet Explorer on the suspect machine was set to
“96,100,32” which is a greenish-gray color. One of the web pages that the defendant allegedly visited had an
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
5
HTML override to highlight one of the links presented in red and was not colored based on a deliberate visit to the
site. According to Eckelberry et al. (2007) the page in question was not discovered in “any of the caches or Internet
history files or the Internet History DAT files. The post-trial investigative team through meticulous investigation
and use of the scientific method were able to present facts that were “exculpatory evidence showing that the link was
never clicked on by the defendant” or any other person, and disproved most of the statements made by the forensics
examiner and the witnesses for the prosecution (Eckelberry et al., 2007, p. 12-14).
The prosecution testimony stated that there was no evidence of uncontrollable pop ups found on the suspect
machine, however, the post-trial investigative team discovered irrefutable evidence that the page in question was
loaded twenty-one times in one second using a computer forensics tool called X-Ways Trace. Eckleberry et al.
(2007) detail many other instances where testimony was haphazard and discovered that a Halloween screen saver
was the source of the adware that presented the continuous stream of pornographic sites. The chain of custody was
also compromised in that the disk image was from a Dell PC but the defense witness saw a Gateway PC stored at the
police station. The officer reportedly seized a computer but the police report contradicts this and states that only a
drive was taken (Eckelberry et al., 2007, p. 14-17).
The case described and investigated by Eckelberry et al. (2007) resembles a staged blunder designed as a
humorous sample case for beginning forensic students to discuss. The case was however very real and even though
the defendant was eventually acquitted she suffered lasting harm from the notoriety based on the initial conviction of
contributing to the delinquency of minors. If the prosecution or defense had investigated the evidence using the
scientific method and maintained a credible chain of custody, or at least used clear critical thinking while
performing a thorough forensic investigation this case may never have gone to trial. It wasted the time and
resources of judge, jury, and countless other participants in the trial and permanently damaged an innocent victim
(Eckelberry et al., 2007).
Conclusion
The scientific method is a process that allows confidence in a hypothesis when it can be subjected to
repeated identical tests. The use of the scientific method not only provides a methodical structure to a forensic
investigation, it lends credibility to a case in the very nature of the steps used to document and diligently test any
given hypothesis. The case independently investigated post-trial by Eckelberry et al. (2007) was performed by a
team of trained experts who were well aware of the necessity of the methodical requirements and necessity of the
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
scientific method of discovery. Their findings proved that the suspect was in fact a victim of poorly maintained
computers by a local Connecticut school system, that the forensic expert and witnesses who testified in the case
were untrained and uninformed and used inadequate tools for the investigation. Cases such as State of Connecticut
v. Julie Amero illustrate the importance of using the scientific method, and the necessity of proper training in the art
and science of digital forensics.
6
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
7
References
Carrier, B. (2002, October). Open Source Digital Forensics Tools: The Legal Argument. In @ Stake Inc. Retrieved
September 8, 2011, from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.7899&rep=rep1&type=pdf
Casey, E. (Ed.). (2010). Handbook of Digital Forensics and Investigation (Kindle ed.). Burlington, MA: Elsevier,
Inc.
Eckelberry, A., Dardick, G., Folkerts, J., Shipp, A., Sites, E., Stewart, J., & Stuart, R. (2007, March 21). Technical
Review of the Trial Testimony of State of Connecticut vs. Julie Amero. Retrieved September 9, 2011, from
http://www.sunbelt-software.com/ihs/alex/julieamerosummary.pdf
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations (4th ed.). Boston,
MA: Course Technology, Cengage Learning.
Peisert, S., Bishop, M., & Marzullo, K. (2008, April). Computer Forensics in Forensis. Retrieved September 8,
2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.3949&rep=rep1&type=pdf
IT STRATEGY:
ISSUES AND PRACTICES
This page intentionally left blank
Third Edition
IT STRATEGY:
ISSUES AND PRACTICES
James D. McKeen
Queen’s University
Heather A. Smith
Queen’s University
Boston Columbus Indianapolis New York San Francisco Upper Saddle River
Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto
Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
Editor in Chief: Stephanie Wall
Acquisitions Editor: Nicole Sam
Program Manager Team Lead: Ashley Santora
Program Manager: Denise Vaughn
Editorial Assistant: Kaylee Rotella
Executive Marketing Manager: Anne K. Fahlgren
Project Manager Team Lead: Judy Leale
Project Manager: Thomas Benfatti
Procurement Specialist: Diane Peirano
Cover Designer: Lumina Datamantics
Full Service Project Management: Abinaya Rajendran at Integra Software Services, Pvt. Ltd.
Cover Printer: Courier/Westford
Composition: Integra Software Services, Pvt. Ltd.
Printer/Binder: Courier/Westford
Text Font: 10/12 Palatino LT Std
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this
textbook appear on appropriate page within text.
Copyright © 2015, 2012 and 2009 by Pearson Education, Inc., Upper Saddle River, New Jersey, 07458. Pearson
Prentice Hall. All rights reserved. Printed in the United States of America. This publication is protected by
Copyright and permission should be obtained from the publisher prior to any prohibited reproduction, storage
in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying,
recording, or likewise. For information regarding permission(s), write to: Rights and Permissions Department.
Library of Congress Cataloging-in-Publication Data
McKeen, James D.
IT strategy: issues and practices/James D. McKeen, Queen’s University, Heather A. Smith,
Queen’s University.—Third edition.
pages cm
ISBN 978-0-13-354424-4 (alk. paper)
ISBN 0-13-354424-9 (alk. paper)
1. Information technology—Management. I. Smith, Heather A. II. Title.
HD30.2.M3987 2015
004.068—dc23
2014017950
10 9 8 7 6 5 4 3 2 1
ISBN–10:
0-13-354424-9
ISBN–13: 978-0-13-354424-4
CONTENTS
Preface xiii
About the Authors
xxi
Acknowledgments
xxii
Section I
Delivering Value with IT
1
Chapter 1 DEVELOPING AND DELIVERING ON THE IT VALUE
PROPOSITION 2
Peeling the Onion: Understanding IT Value 3
What Is IT Value? 3
Where Is IT Value? 4
Who Delivers IT Value? 5
When Is IT Value Realized? 5
The Three Components of the IT Value Proposition 6
Identification of Potential Value 7
Effective Conversion 8
Realizing Value 9
Five Principles for Delivering Value 10
Principle 1. Have a Clearly Defined Portfolio Value Management
Process 11
Principle 2. Aim for Chunks of Value 11
Principle 3. Adopt a Holistic Orientation to Technology Value 11
Principle 4. Aim for Joint Ownership of Technology Initiatives 12
Principle 5. Experiment More Often 12
Conclusion
12 t References
13
Chapter 2 DEVELOPING IT STRATEGY FOR BUSINESS VALUE
15
Business and IT Strategies: Past, Present, and Future 16
Four Critical Success Factors 18
The Many Dimensions of IT Strategy 20
Toward an IT Strategy-Development Process 22
Challenges for CIOs 23
Conclusion
25 t 3FGFSFODFT
25
Chapter 3 LINKING IT TO BUSINESS METRICS 27
Business Measurement: An Overview 28
Key Business Metrics for IT 30
v
vi
Contents
Designing Business Metrics for IT 31
Advice to Managers 35
Conclusion
36 t 3FGFSFODFT
36
Chapter 4 BUILDING A STRONG RELATIONSHIP
WITH THE BUSINESS 38
The Nature of the Business–IT Relationship 39
The Foundation of a Strong Business–IT
Relationship 41
Building Block #1: Competence 42
Building Block #2: Credibility 43
Building Block #3: Interpersonal Interaction 44
Building Block #4: Trust 46
Conclusion
48 t 3FGFSFODFT
48
Appendix A The Five IT Value Profiles 50
Appendix B Guidelines for Building a Strong Business–IT
Relationship 51
Chapter 5 COMMUNICATING WITH BUSINESS MANAGERS 52
Communication in the Business–IT Relationship 53
What Is “Good” Communication? 54
Obstacles to Effective Communication 56
“T-Level” Communication Skills for IT Staff 58
Improving Business–IT Communication 60
Conclusion
61 t 3FGFSFODFT
61
Appendix A IT Communication Competencies 63
Chapter 6 BUILDING BETTER IT LEADERS FROM
THE BOTTOM UP 64
The Changing Role of the IT Leader 65
What Makes a Good IT Leader? 67
How to Build Better IT Leaders 70
Investing in Leadership Development: Articulating the Value
Proposition 73
Conclusion
74 t 3FGFSFODFT
75
MINI CASES
Delivering Business Value with IT at Hefty Hardware 76
Investing in TUFS 80
IT Planning at ModMeters 82
Contents
Section II
IT Governance
87
Chapter 7 CREATING IT SHARED SERVICES 88
IT Shared Services: An Overview 89
IT Shared Services: Pros and Cons 92
IT Shared Services: Key Organizational Success Factors 93
Identifying Candidate Services 94
An Integrated Model of IT Shared Services 95
Recommmendations for Creating Effective IT
Shared Services 96
Conclusion
99 t 3FGFSFODFT
99
Chapter 8 A MANAGEMENT FRAMEWORK FOR
IT SOURCING 100
A Maturity Model for IT Functions 101
IT Sourcing Options: Theory Versus Practice 105
The “Real” Decision Criteria 109
Decision Criterion #1: Flexibility 109
Decision Criterion #2: Control 109
Decision Criterion #3: Knowledge Enhancement 110
Decision Criterion #4: Business Exigency 110
A Decision Framework for Sourcing IT Functions 111
Identify Your Core IT Functions 111
Create a “Function Sourcing” Profile 111
Evolve Full-Time IT Personnel 113
Encourage Exploration of the Whole Range
of Sourcing Options 114
Combine Sourcing Options Strategically 114
A Management Framework for Successful
Sourcing 115
Develop a Sourcing Strategy 115
Develop a Risk Mitigation Strategy 115
Develop a Governance Strategy 116
Understand the Cost Structures 116
Conclusion
117 t 3FGFSFODFT
117
Chapter 9 THE IT BUDGETING PROCESS 118
Key Concepts in IT Budgeting 119
The Importance of Budgets 121
The IT Planning and Budget Process 123
vii
viii
Contents
Corporate Processes 123
IT Processes 125
Assess Actual IT Spending 126
IT Budgeting Practices That Deliver Value 127
Conclusion
128 t 3FGFSFODFT
129
Chapter 10 MANAGING IT- BASED RISK 130
A Holistic View of IT-Based Risk 131
Holistic Risk Management: A Portrait 134
Developing a Risk Management Framework 135
Improving Risk Management Capabilities 138
Conclusion 139 t 3FGFSFODFT 140
Appendix A A Selection of Risk Classification
Schemes 141
Chapter 11 INFORMATION MANAGEMENT: THE NEXUS
OF BUSINESS AND IT 142
Information Management: How Does IT Fit? 143
A Framework For IM 145
Stage One: Develop an IM Policy 145
Stage Two: Articulate the Operational
Components 145
Stage Three: Establish Information Stewardship 146
Stage Four: Build Information Standards 147
Issues In IM 148
Culture and Behavior 148
Information Risk Management 149
Information Value 150
Privacy 150
Knowledge Management 151
The Knowing–Doing Gap 151
Getting Started in IM 151
Conclusion
153 t 3FGFSFODFT
154
Appendix A Elements of IM Operations 155
MINI CASES
Building Shared Services at RR Communications 156
Enterprise Architecture at Nationstate Insurance 160
IT Investment at North American Financial 165
Contents
Section III IT-Enabled Innovation
169
Chapter 12 INNOVATION WITH IT 170
The Need for Innovation: An Historical
Perspective 171
The Need for Innovation Now 171
Understanding Innovation 172
The Value of Innovation 174
Innovation Essentials: Motivation, Support,
and Direction 175
Challenges for IT leaders 177
Facilitating Innovation 179
Conclusion
180 t 3FGFSFODFT
181
Chapter 13 BIG DATA AND SOCIAL COMPUTING 182
The Social Media/Big Data Opportunity 183
Delivering Business Value with Big Data 185
Innovating with Big Data 189
Pulling in Two Different Directions: The Challenge
for IT Managers 190
First Steps for IT Leaders 192
Conclusion
193 t 3FGFSFODFT
194
Chapter 14 IMPROVING THE CUSTOMER EXPERIENCE:
AN IT PERSPECTIVE 195
Customer Experience and Business value 196
Many Dimensions of Customer Experience 197
The Role of Technology in Customer Experience 199
Customer Experience Essentials for IT 200
First Steps to Improving Customer Experience 203
Conclusion
204 t 3FGFSFODFT
204
Chapter 15 BUILDING BUSINESS INTELLIGENCE 206
Understanding Business Intelligence 207
The Need for Business Intelligence 208
The Challenge of Business Intelligence 209
The Role of IT in Business Intelligence 211
Improving Business Intelligence 213
Conclusion
216 t 3FGFSFODFT
216
ix
x
Contents
Chapter 16 ENABLING COLLABORATION WITH IT 218
Why Collaborate? 219
Characteristics of Collaboration 222
Components of Successful Collaboration 225
The Role of IT in Collaboration 227
First Steps for Facilitating Effective Collaboration 229
Conclusion
231 t 3FGFSFODFT
232
MINI CASES
Innovation at International Foods 234
Consumerization of Technology at IFG 239
CRM at Minitrex 243
Customer Service at Datatronics 246
Section IV
IT Portfolio Development and Management 251
Chapter 17 APPLICATION PORTFOLIO MANAGEMENT 252
The Applications Quagmire 253
The Benefits of a Portfolio Perspective 254
Making APM Happen 256
Capability 1: Strategy and Governance 258
Capability 2: Inventory Management 262
Capability 3: Reporting and Rationalization 263
Key Lessons Learned 264
Conclusion
265 t 3FGFSFODFT
265
Appendix A Application Information 266
Chapter 18 MANAGING IT DEMAND 270
Understanding IT Demand 271
The Economics of Demand Management 273
Three Tools for Demand management 273
Key Organizational Enablers for Effective Demand
Management 274
Strategic Initiative Management 275
Application Portfolio Management 276
Enterprise Architecture 276
Business–IT Partnership 277
Governance and Transparency 279
Conclusion
281 t 3FGFSFODFT
281
Contents
Chapter 19 CREATING AND EVOLVING A TECHNOLOGY
ROADMAP 283
What is a Technology Roadmap? 284
The Benefits of a Technology Roadmap 285
External Benefits (Effectiveness) 285
Internal Benefits (Efficiency) 286
Elements of the Technology Roadmap 286
Activity #1: Guiding Principles 287
Activity #2: Assess Current Technology 288
Activity #3: Analyze Gaps 289
Activity #4: Evaluate Technology
Landscape 290
Activity #5: Describe Future Technology 291
Activity #6: Outline Migration Strategy 292
Activity #7: Establish Governance 292
Practical Steps for Developing a Technology
Roadmap 294
Conclusion
295 t 3FGFSFODFT
295
Appendix A Principles to Guide a Migration
Strategy 296
Chapter 20 ENHANCING DEVELOPMENT
PRODUCTIVITY 297
The Problem with System Development 298
Trends in System Development 299
Obstacles to Improving System Development
Productivity 302
Improving System Development Productivity: What we
know that Works 304
Next Steps to Improving System Development
Productivity 306
Conclusion
308 t 3FGFSFODFT
308
Chapter 21 INFORMATION DELIVERY: IT’S EVOLVING ROLE 310
Information and IT: Why Now? 311
Delivering Value Through Information 312
Effective Information Delivery 316
New Information Skills 316
New Information Roles 317
New Information Practices 317
xi
xii
Contents
New Information Strategies 318
The Future of Information Delivery 319
Conclusion
321 t 3FGFSFODFT
322
MINI CASES
Project Management at MM 324
Working Smarter at Continental Furniture International 328
Managing Technology at Genex Fuels 333
Index
336
PREFACE
Today, with information technology (IT) driving constant business transformation,
overwhelming organizations with information, enabling 24/7 global operations, and
undermining traditional business models, the challenge for business leaders is not
simply to manage IT, it is to use IT to deliver business value. Whereas until fairly recently,
decisions about IT could be safely delegated to technology specialists after a business
strategy had been developed, IT is now so closely integrated with business that, as one
CIO explained to us, “We can no longer deliver business solutions in our company
without using technology so IT and business strategy must constantly interact with
each other.”
What’s New in This Third Edition?
r 4JY OFX DIBQUFST GPDVTJOH PO DVSSFOU DSJUJDBM JTTVFT JO *5 NBOBHFNFOU JODMVEJOH
IT shared services; big data and social computing; business intelligence; managing IT demand; improving the customer experience; and enhancing development
productivity.
r 5XP TJHOJGJDBOUMZ SFWJTFE DIBQUFST PO EFMJWFSJOH *5 GVODUJPOT UISPVHI EJGGFSFOU
resourcing options; and innovating with IT.
r 5XP OFX NJOJ DBTFT CBTFE PO SFBM DPNQBOJFT BOE SFBM *5 NBOBHFNFOU TJUVBUJPOT
Working Smarter at Continental Furniture and Enterprise Architecture at Nationstate
Insurance.
r "SFWJTFETUSVDUVSFCBTFEPOSFBEFSGFFECBDLXJUITJYDIBQUFSTBOEUXPNJOJDBTFT
from the second edition being moved to the Web site.
All too often, in our efforts to prepare future executives to deal effectively with
the issues of IT strategy and management, we lead them into a foreign country where
they encounter a different language, different culture, and different customs. Acronyms
(e.g., SOA, FTP/IP, SDLC, ITIL, ERP), buzzwords (e.g., asymmetric encryption, proxy
servers, agile, enterprise service bus), and the widely adopted practice of abstraction
(e.g., Is a software monitor a person, place, or thing?) present formidable “barriers to
entry” to the technologically uninitiated, but more important, they obscure the importance of teaching students how to make business decisions about a key organizational
resource. By taking a critical issues perspective, IT Strategy: Issues and Practices treats IT
as a tool to be leveraged to save and/or make money or transform an organization—not
as a study by itself.
As in the first two editions of this book, this third edition combines the experiences and insights of many senior IT managers from leading-edge organizations with
thorough academic research to bring important issues in IT management to life and
demonstrate how IT strategy is put into action in contemporary businesses. This new
edition has been designed around an enhanced set of critical real-world issues in IT
management today, such as innovating with IT, working with big data and social media,
xiii
xiv
Preface
enhancing customer experience, and designing for business intelligence and introduces
students to the challenges of making IT decisions that will have significant impacts on
how businesses function and deliver value to stakeholders.
IT Strategy: Issues and Practices focuses on how IT is changing and will continue to
change organizations as we now know them. However, rather than learning concepts
“free of context,” students are introduced to the complex decisions facing real organizations by means of a number of mini cases. These provide an opportunity to apply
the models/theories/frameworks presented and help students integrate and assimilate
this material. By the end of the book, students will have the confidence and ability to
tackle the tough issues regarding IT management and strategy and a clear understanding of their importance in delivering business value.
Key Features of This Book
r "GPDVTPO*5management issues as opposed to technology issues
r $SJUJDBM*5JTTVFTFYQMPSFEXJUIJOUIFJSPSHBOJ[BUJPOBMDPOUFYUT
r 3FBEJMZBQQMJDBCMFNPEFMTBOEGSBNFXPSLTGPSJNQMFNFOUJOH*5TUSBUFHJFT
r .JOJDBTFTUPBOJNBUFJTTVFTBOEGPDVTDMBTTSPPNEJTDVTTJPOTPOSFBMXPSMEEFDJsions, enabling problem-based learning
r 1SPWFOTUSBUFHJFTBOECFTUQSBDUJDFTGSPNMFBEJOHFEHFPSHBOJ[BUJPOT
r 6TFGVMBOEQSBDUJDBMBEWJDFBOEHVJEFMJOFTGPSEFMJWFSJOHWBMVFXJUI*5
r &YUFOTJWFUFBDIJOHOPUFTGPSBMMNJOJDBTFT
A DIFFERENT APPROACH TO TEACHING IT STRATEGY
The real world of IT is one of issues—critical issues—such as the following:
r
r
r
r
r
r
r
)PXEPXFLOPXJGXFBSFHFUUJOHWBMVFGSPNPVS*5JOWFTUNFOU
)PXDBOXFJOOPWBUFXJUI*5
8IBUTQFDJGJD*5GVODUJPOTTIPVMEXFTFFLGSPNFYUFSOBMQSPWJEFST
)PXEPXFCVJMEBO*5MFBEFSTIJQUFBNUIBUJTBUSVTUFEQBSUOFSXJUIUIFCVTJOFTT
)PXEPXFFOIBODF*5DBQBCJMJUJFT
8IBUJT*5TSPMFJODSFBUJOHBOJOUFMMJHFOUCVTJOFTT
)PXDBOXFCFTUUBLFBEWBOUBHFPGOFXUFDIOPMPHJFT TVDIBTCJHEBUBBOETPDJBM
media, in our business?
r )PXDBOXFNBOBHF*5SJTL
However, the majority of management information systems (MIS) textbooks are organized by system category (e.g., supply chain, customer relationship management, enterprise
resource planning), by system component (e.g., hardware, software, networks), by system
function (e.g., marketing, financial, human resources), by system type (e.g., transactional,
decisional, strategic), or by a combination of these. Unfortunately, such an organization
does not promote an understanding of IT management in practice.
IT Strategy: Issues and Practices tackles the real-world challenges of IT management. First, it explores a set of the most important issues facing IT managers today, and
second, it provides a series of mini cases that present these critical IT issues within the
context of real organizations. By focusing the text as well as the mini cases on today’s
critical issues, the book naturally reinforces problem-based learning.
Preface
IT Strategy: Issues and Practices includes thirteen mini cases—each based on a real
company presented anonymously.1 Mini cases are not simply abbreviated versions of
standard, full-length business cases. They differ in two significant ways:
1. A horizontal perspective. Unlike standard cases that develop a single issue within
an organizational setting (i.e., a “vertical” slice of organizational life), mini cases
take a “horizontal” slice through a number of coexistent issues. Rather than looking
for a solution to a specific problem, as in a standard case, students analyzing a mini
case must first identify and prioritize the issues embedded within the case. This mimics real life in organizations where the challenge lies in “knowing where to start” as
opposed to “solving a predefined problem.”
2. Highly relevant information. Mini cases are densely written. Unlike standard
cases, which intermix irrelevant information, in a mini case, each sentence exists for
a reason and reflects relevant information. As a result, students must analyze each
case very carefully so as not to miss critical aspects of the situation.
Teaching with mini cases is, thus, very different than teaching with standard cases.
With mini cases, students must determine what is really going on within the organization. What first appears as a straightforward “technology” problem may in fact be a
political problem or one of five other “technology” problems. Detective work is, therefore, required. The problem identification and prioritization skills needed are essential
skills for future managers to learn for the simple reason that it is not possible for organizations to tackle all of their problems concurrently. Mini cases help teach these skills to
students and can balance the problem-solving skills learned in other classes. Best of all,
detective work is fun and promotes lively classroom discussion.
To assist instructors, extensive teaching notes are available for all mini cases. Developed
by the authors and based on “tried and true” in-class experience, these notes include case
summaries, identify the key issues within each case, present ancillary information about the
company/industry represented in the case, and offer guidelines for organizing the classroom discussion. Because of the structure of these mini cases and their embedded issues, it
is common for teaching notes to exceed the length of the actual mini case!
This book is most appropriate for MIS courses where the goal is to understand how
IT delivers organizational value. These courses are frequently labeled “IT Strategy” or
“IT Management” and are offered within undergraduate as well as MBA programs. For
undergraduate juniors and seniors in business and commerce programs, this is usually
the “capstone” MIS course. For MBA students, this course may be the compulsory core
course in MIS, or it may be an elective course.
Each chapter and mini case in this book has been thoroughly tested in a variety
of undergraduate, graduate, and executive programs at Queen’s School of Business.2
1
We are unable to identify these leading-edge companies by agreements established as part of our overall
research program (described later).
2
Queen’s School of Business is one of the world’s premier business schools, with a faculty team renowned
for its business experience and academic credentials. The School has earned international recognition for
its innovative approaches to team-based and experiential learning. In addition to its highly acclaimed MBA
programs, Queen’s School of Business is also home to Canada’s most prestigious undergraduate business
program and several outstanding graduate programs. As well, the School is one of the world’s largest and
most respected providers of executive education.
xv
xvi
Preface
These materials have proven highly successful within all programs because we adapt
how the material is presented according to the level of the students. Whereas undergraduate students “learn” about critical business issues from the book and mini cases
for the first time, graduate students are able to “relate” to these same critical issues
based on their previous business experience. As a result, graduate students are able to
introduce personal experiences into the discussion of these critical IT issues.
ORGANIZATION OF THIS BOOK
One of the advantages of an issues-focused structure is that chapters can be approached
in any order because they do not build on one another. Chapter order is immaterial; that
is, one does not need to read the first three chapters to understand the fourth. This provides an instructor with maximum flexibility to organize a course as he or she sees fit.
Thus, within different courses/programs, the order of topics can be changed to focus on
different IT concepts.
Furthermore, because each mini case includes multiple issues, they, too, can be
used to serve different purposes. For example, the mini case “Building Shared Services
at RR Communications” can be used to focus on issues of governance, organizational
structure, and/or change management just as easily as shared services. The result is a
rich set of instructional materials that lends itself well to a variety of pedagogical applications, particularly problem-based learning, and that clearly illustrates the reality of IT
strategy in action.
The book is organized into four sections, each emphasizing a key component of
developing and delivering effective IT strategy:
r Section I: Delivering Value with IT is designed to examine the complex ways that
IT and business value are related. Over the past twenty years, researchers and practitioners have come to understand that “business value” can mean many different
things when applied to IT. Chapter 1 (Developing and Delivering on the IT Value
Proposition) explores these concepts in depth. Unlike the simplistic value propositions often used when implementing IT in organizations, this chapter presents
“value” as a multilayered business construct that must be effectively managed at
several levels if technology is to achieve the benefits expected. Chapter 2 (Developing
IT Strategy for Business Value) examines the dynamic interrelationship between
business and IT strategy and looks at the processes and critical success factors
used by organizations to ensure that both are well aligned. Chapter 3 (Linking IT
to Business Metrics) discusses new ways of measuring IT’s effectiveness that promote closer business–IT alignment and help drive greater business value. Chapter
4 (Building a Strong Relationship with the Business) examines the nature of the
business–IT relationship and the characteristics of an effective relationship that
delivers real value to the enterprise. Chapter 5 (Communicating with Business
Managers) explores the business and interpersonal competencies that IT staff will
need in order to do their jobs effectively over the next five to seven years and what
companies should be doing to develop them. Finally, Chapter 6 (Building Better IT
Leaders from the Bottom Up) tackles the increasing need for improved leadership
skills in all IT staff and examines the expectations of the business for strategic and
innovative guidance from IT.
Preface
In the mini cases associated with this section, the concepts of delivering
value with IT are explored in a number of different ways. We see business and
IT executives at Hefty Hardware grappling with conflicting priorities and perspectives and how best to work together to achieve the company’s strategy. In
“Investing in TUFS,” CIO Martin Drysdale watches as all of the work his IT department has put into a major new system fails to deliver value. And the “IT Planning
at ModMeters” mini case follows CIO Brian Smith’s efforts to create a strategic
IT plan that will align with business strategy, keep IT running, and not increase
IT’s budget.
r Section II: IT Governance explores key concepts in how the IT organization is
structured and managed to effectively deliver IT products and services to the organization. Chapter 7 (IT Shared Services) discusses how IT shared services should be
selected, organized, managed, and governed to achieve improved organizational
performance. Chapter 8 (A Management Framework for IT Sourcing) examines
how organizations are choosing to source and deliver different types of IT functions
and presents a framework to guide sourcing decisions. Chapter 9 (The IT Budgeting
Process) describes the “evil twin” of IT strategy, discussing how budgeting mechanisms can significantly undermine effective business strategies and suggesting
practices for addressing this problem while maintaining traditional fiscal accountability. Chapter 10 (Managing IT-based Risk) describes how many IT organizations
have been given the responsibility of not only managing risk in their own activities
(i.e., project development, operations, and delivering business strategy) but also
of managing IT-based risk in all company activities (e.g., mobile computing, file
sharing, and online access to information and software) and the need for a holistic
framework to understand and deal with risk effectively. Chapter 11 (Information
Management: The Nexus of Business and IT) describes how new organizational
needs for more useful and integrated information are driving the development of
business-oriented functions within IT that focus specifically on information and
knowledge, as opposed to applications and data.
The mini cases in this section examine the difficulties of managing complex IT issues when they intersect substantially with important business issues.
In “Building Shared Services at RR Communications,” we see an IT organization in transition from a traditional divisional structure and governance model
to a more centralized enterprise model, and the long-term challenges experienced by CIO Vince Patton in changing both business and IT practices, including information management and delivery, to support this new approach. In
“Enterprise Architecture at Nationstate Insurance,” CIO Jane Denton endeavors
to make IT more flexible and agile, while incorporating new and emerging technologies into its strategy. In “IT Investment at North American Financial,” we
show the opportunities and challenges involved in prioritizing and resourcing
enterprisewide IT projects and monitoring that anticipated benefits are being
achieved.
r Section III: IT-Enabled Innovation discusses some of the ways technology is
being used to transform organizations. Chapter 12 (Innovation with IT) examines
the nature and importance of innovation with IT and describes a typical innovation life cycle. Chapter 13 (Big Data and Social Computing) discusses how IT
leaders are incorporating big data and social media concepts and technologies
xvii
xviii
Preface
to successfully deliver business value in new ways. Chapter 14 (Improving the
Customer Experience: An IT Perspective) explores the IT function’s role in creating
and improving an organization’s customer experiences and the role of technology
in helping companies to understand and learn from their customers’ experiences.
Chapter 15 (Building Business Intelligence) looks at the nature of business intelligence and its relationship to data, information, and knowledge and how IT can be
used to build a more intelligent organization. Chapter 16 (Enabling Collaboration
with IT) identifies the principal forms of collaboration used in organizations, the
primary business drivers involved in them, how their business value is measured,
and the roles of IT and the business in enabling collaboration.
The mini cases in this section focus on the key challenges companies face in
innovating with IT. “Innovation at International Foods” contrasts the need for process and control in corporate IT with the strong push to innovate with technology
and the difficulties that ensue from the clash of style and culture. “Consumerization
of Technology at IFG” looks at issues such as “bring your own device” (BYOD) to
the workplace. In “CRM at Minitrex,” we see some of the internal technological and
political conflicts that result from a strategic decision to become more customercentric. Finally, “Customer Service at Datatronics” explores the importance of presenting unified, customer-facing IT to customers.
r Section IV: IT Portfolio Development and Management looks at how the IT
function must transform itself to be able to deliver business value effectively in
the future. Chapter 17 (Application Portfolio Management) describes the ongoing
management process of categorizing, assessing, and rationalizing the IT application
portfolio. Chapter 18 (Managing IT Demand) looks at the often neglected issue of
demand management (as opposed to supply management), explores the root causes
of the demand for IT services, and identifies a number of tools and enablers to
facilitate more effective demand management. Chapter 19 (Creating and Evolving
a Technology Roadmap) examines the challenges IT managers face in implementing new infrastructure, technology standards, and types of technology in their realworld business and technical environments, which is composed of a huge variety of
hardware, software, applications, and other technologies, some of which date back
more than thirty years. Chapter 20 (Enhancing Development Productivity) explores
how system development practices are changing and how managers can create
an environment to promote improved development productivity. And Chapter 21
(Information Delivery: IT’s Evolving Role) examines the fresh challenges IT faces in
managing the exponential growth of data and digital assets; privacy and accountability concerns; and new demands for access to information on an anywhere, anytime basis.
The mini cases associated with this section describe many of these themes
embedded within real organizational contexts. “Project Management at MM” mini
case shows how a top-priority, strategic project can take a wrong turn when project management skills are ineffective. “Working Smarter at Continental Furniture”
mini case follows an initiative to improve the company’s analytics so it can reduce
its environmental impact. And in the mini case “Managing Technology at Genex
Fuels,” we see CIO Nick Devlin trying to implement enterprisewide technology for
competitive advantage in an organization that has been limping along with obscure
and outdated systems.
Preface
SUPPLEMENTARY MATERIALS
Online Instructor Resource Center
The following supplements are available online to adopting instructors:
r
r
r
r
1PXFS1PJOU-FDUVSF/PUFT
*NBHF-JCSBSZ UFYUBSU
&YUFOTJWF5FBDIJOH/PUFTGPSBMM.JOJDBTFT
"EEJUJPOBMDIBQUFSTJODMVEJOH%FWFMPQJOH*51SPGFTTJPOBMJTN*54PVSDJOH.BTUFS
Data Management; Developing IT Capabilities; The Identity Management Challenge;
Social Computing; Managing Perceptions of IT; IT in the New World of Corporate
Governance Reforms; Enhancing Customer Experiences with Technology; Creating
Digital Dashboards; and Managing Electronic Communications.
r "EEJUJPOBMNJOJDBTFT JODMVEJOH*5-FBEFSTIJQBU.BY5SBEF$SFBUJOHB1SPDFTT%SJWFO
Organization at Ag-Credit; Information Management at Homestyle Hotels; Knowledge
Management at Acme Consulting; Desktop Provisioning at CanCredit; and Leveraging
IT Vendors at SleepSmart.
For detailed descriptions of all of the supplements just listed, please visit http://
www.pearsonhighered.com/mckeen.
CourseSmart eTextbooks Online
CourseSmart is an exciting new choice for students looking to save money. As an alternative to purchasing the print textbook, students can purchase an electronic version of
the same content and save up to 50 percent off the suggested list price of the print text.
With a CourseSmart etextbook, students can search the text, make notes online, print
out reading assignments that incorporate lecture notes, and bookmark important passages for later review. www.coursesmart.com.
THE GENESIS OF THIS BOOK
Since 1990 we have been meeting quarterly with a group of senior IT managers from
a number of leading-edge organizations (e.g., Eli Lilly, BMO, Honda, HP, CIBC, IBM,
Sears, Bell Canada, MacDonalds, and Sun Life) to identify and discuss critical IT management issues. This focus group represents a wide variety of industry sectors (e.g., retail,
manufacturing, pharmaceutical, banking, telecommunications, insurance, media, food
processing, government, and automotive). Originally, it was established to meet the companies’ needs for well-balanced, thoughtful, yet practical information on emerging IT
management topics, about which little or no research was available. However, we soon
recognized the value of this premise for our own research in the rapidly evolving field
of IT management. As a result, it quickly became a full-scale research program in which
we were able to use the focus group as an “early warning system” to document new IT
management issues, develop case studies around them, and explore more collaborative
approaches to identifying trends, challenges, and effective practices in each topic area.3
3
This now includes best practice case studies, field research in organizations, multidisciplinary qualitative
and quantitative research projects, and participation in numerous CIO research consortia.
xix
xx
Preface
As we shared our materials with our business students, we realized that this issuesbased approach resonated strongly with them, and we began to incorporate more of our
research into the classroom. This book is the result of our many years’ work with senior
IT managers, in organizations, and with students in the classroom.
Each issue in this book has been selected collaboratively by the focus group after
debate and discussion. As facilitators, our job has been to keep the group’s focus on IT
management issues, not technology per se. In preparation for each meeting, focus group
members researched the topic within their own organization, often involving a number
of members of their senior IT management team as well as subject matter experts in
the process. To guide them, we provided a series of questions about the issue, although
members are always free to explore it as they see fit. This approach provided both structure for the ensuing discussion and flexibility for those members whose organizations
are approaching the issue in a different fashion.
The focus group then met in a full-day session, where the members discussed all
aspects of the issue. Many also shared corporate documents with the group. We facilitated
the discussion, in particular pushing the group to achieve a common understanding of
the dimensions of the issue and seeking examples, best practices, and guidelines for dealing with the challenges involved. Following each session, we wrote a report based on the
discussion, incorporating relevant academic and practitioner materials where these were
available. (Because some topics are “bleeding edge,” there is often little traditional IT
research available on them.)
Each report has three parts:
1. A description of the issue and the challenges it presents for both business and IT
managers
2. Models and concepts derived from the literature to position the issue within a contextual framework
3. Near-term strategies (i.e., those that can be implemented immediately) that have
proven successful within organizations for dealing with the specific issue
Each chapter in this book focuses on one of these critical IT issues. We have learned
over the years that the issues themselves vary little across industries and organizations,
even in enterprises with unique IT strategies. However, each organization tackles the
same issue somewhat differently. It is this diversity that provides the richness of insight
in these chapters. Our collaborative research approach is based on our belief that when
dealing with complex and leading-edge issues, “everyone has part of the solution.”
Every focus group, therefore, provides us an opportunity to explore a topic from a
variety of perspectives and to integrate different experiences (both successful and otherwise) so that collectively, a thorough understanding of each issue can be developed
and strategies for how it can be managed most successfully can be identified.
ABOUT THE AUTHORS
James D. McKeen is Professor Emeritus at the Queen’s School of Business. He has been
working in the IT field for many years as a practitioner, researcher, and consultant. In
2011, he was named the “IT Educator of the Year” by ComputerWorld Canada. Jim has
taught at universities in the United Kingdom, France, Germany, and the United States.
His research is widely published in a number of leading journals and he is the coauthor (with Heather Smith) of five books on IT management. Their most recent book—IT
Strategy: Issues and Practices (2nd ed.)—was the best-selling business book in Canada
(Globe and Mail, April 2012).
Heather A. Smith has been named the most-published researcher on IT management
issues in two successive studies (2006, 2009). A senior research associate with Queen’s
University School of Business, she is the author of five books, the most recent being IT
Strategy: Issues and Practices (Pearson Prentice Hall, 2012). She is also a senior research
associate with the American Society for Information Management’s Advanced Practices
Council. A former senior IT manager, she is codirector of the IT Management Forum and
the CIO Brief, which facilitate interorganizational learning among senior IT executives.
In addition, she consults and collaborates with organizations worldwide.
xxi
ACKNOWLEDGMENTS
The work contained in this book is based on numerous meetings with many senior IT
managers. We would like to acknowledge our indebtedness to the following individuals
who willingly shared their insights based on their experiences “earned the hard way”:
Michael Balenzano, Sergei Beliaev, Matthias Benfey, Nastaran Bisheban, Peter
Borden, Eduardo Cadena, Dale Castle, Marc Collins, Diane Cope, Dan Di Salvo,
Ken Dschankilic, Michael East, Nada Farah, Mark Gillard, Gary Goldsmith, Ian
Graham, Keiko Gutierrez, Maureen Hall, Bruce Harding, Theresa Harrington,
Tom Hopson, Heather Hutchison, Jim Irich, Zeeshan Khan, Joanne Lafreniere,
Konstantine Liris, Lisa MacKay, Mark O’Gorman, Amin Panjwani, Troy Pariag,
Brian Patton, Marius Podaru, Helen Restivo, Pat Sadler, A. F. Salam, Ashish
Saxena, Joanne Scher, Stewart Scott, Andy Secord, Marie Shafi, Helen Shih, Trudy
Sykes, Bruce Thompson, Raju Uppalapati, Len Van Greuning, Laurie Schatzberg,
Ted Vincent, and Bond Wetherbe.
We would also like to recognize the contribution of Queen’s School of Business
to this work. The school has facilitated and supported our vision of better integrating academic research and practice and has helped make our collaborative approach
to the study of IT management and strategy an effective model for interorganizational
learning.
James D. McKeen
Kingston, Ontario
Heather A. Smith
School of Business
June 2014
xxii
SECTION I
Delivering Value with IT
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Developing and Delivering on the IT Value Proposition
Developing IT Strategy for Business Value
Linking IT to Business Metrics
Building a Strong Relationship with the Business
Communicating with Business Managers
Building Better IT Leaders from the Bottom Up
Mini Cases
■
■
■
Delivering Business Value with IT at Hefty Hardware
Investing in TUFS
IT Planning at ModMeters
CHAPTER
1
Developing and Delivering
on the IT Value Proposition1
I
t’s déjà vu all over again. For at least twenty years, business leaders have been
trying to figure out exactly how and where IT can be of value in their organizations.
And IT managers have been trying to learn how to deliver this value. When IT was
used mainly as a productivity improvement tool in small areas of a business, this was
a relatively straightforward process. Value was measured by reduced head counts—
usually in clerical areas—and/or the ability to process more transactions per person.
However, as systems grew in scope and complexity, unfortunately so did the risks. Very
few companies escaped this period without making at least a few disastrous investments in systems that didn’t work or didn’t deliver the bottom-line benefits executives
thought they would. Naturally, fingers were pointed at IT.
With the advent of the strategic use of IT in business, it became even more difficult
to isolate and deliver on the IT value proposition. It was often hard to tell if an investment had paid off. Who could say how many competitors had been deterred or how
many customers had been attracted by a particular IT initiative? Many companies can
tell horror stories of how they have been left with a substantial investment in new forms
of technology with little to show for it. Although over the years there have been many
improvements in where and how IT investments are made and good controls have been
established to limit time and cost overruns, we are still not able to accurately articulate
and deliver on a value proposition for IT when it comes to anything other than simple
productivity improvements or cost savings.
Problems in delivering IT value can lie with how a value proposition is conceived
or in what is done to actually implement an idea—that is, selecting the right project and
doing the project right (Cooper et al. 2000; McKeen and Smith 2003; Peslak 2012). In
addition, although most firms attempt to calculate the expected payback of an IT investment before making it, few actually follow up to ensure that value has been achieved or
to question what needs to be done to make sure that value will be delivered.
1
This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen.
“Developing and Delivering on the IT Value Proposition.” Communications of the Association for Information
Systems 11 (April 2003): 438–50. Reproduced by permission of the Association for Information Systems.
2
$IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO
This chapter first looks at the nature of IT value and “peels the onion” into its
different layers. Then it examines the three components of delivering IT value: value
identification, conversion, and value realization. Finally, it identifies five general
principles for ensuring IT value will be achieved.
PEELING THE ONION: UNDERSTANDING IT VALUE
Thirty years ago the IT value proposition was seen as a simple equation: Deliver the
right technology to the organization, and financial benefits will follow (Cronk and
Fitzgerald 1999; Marchand et al. 2000). In the early days of IT, when computers were
most often used as direct substitutes for people, this equation was understandable,
even if it rarely worked this simply. It was easy to compute a bottom-line benefit where
“technology” dollars replaced “salary” dollars.
Problems with this simplistic view quickly arose when technology came to be
used as a productivity support tool and as a strategic tool. Under these conditions,
managers had to decide if an IT investment was worth making if it saved people time,
helped them make better decisions, or improved service. Thus, other factors, such as
how well technology was used by people or how IT and business processes worked
together, became important considerations in how much value was realized from an IT
investment. These issues have long confounded our understanding of the IT value proposition, leading to a plethora of opinions (many negative) about how and where technology has actually contributed to business value. Stephen Roach (1989) made headlines
with his macroeconomic analysis showing that IT had had absolutely no impact on productivity in the services sector. More recently, research shows that companies still have a
mixed record in linking IT to organizational performance, user satisfaction, productivity,
customer experience, and agility (Peslak 2012).
These perceptions, plus ever-increasing IT expenditures, have meant business
managers are taking a closer look at how and where IT delivers value to an organization
(Ginzberg 2001; Luftman and Zadeh 2011). As they do this, they are beginning to change
their understanding of the IT value proposition. Although, unfortunately, “silver bullet
thinking” (i.e., plug in technology and deliver bottom-line impact) still predominates, IT value is increasingly seen as a multilayered concept, far more complex than
it first appeared. This suggests that before an IT value proposition can be identified
and delivered, it is essential that managers first “peel the onion” and understand more
about the nature of IT value itself (see Figure 1.1).
What Is IT Value?
Value is defined as the worth or desirability of a thing (Cronk and Fitzgerald 1999). It is
a subjective assessment. Although many believe this is not so, the value of IT depends
very much on how a business and its individual managers choose to view it. Different
companies and even different executives will define it quite differently. Strategic positioning, increased productivity, improved decision making, cost savings, or improved
service are all ways value could be defined. Today most businesses define value broadly
and loosely, not simply as a financial concept (Chakravarty et al. 2013). Ideally, it is tied
to the organization’s business model because adding value with IT should enable a firm
to do its business better. In the focus group (see the Preface), one company sees value
3
4
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
What Value will be
Delivered?
Where will Value be
Delivered?
Who will
Deliver Value?
When will Value
be Delivered?
How will Value
be Delivered?
FIGURE 1.1
IT Value Is a Many-Layered Concept
resulting from all parts of the organization having the same processes; another defines
value by return on investment (ROI); still another measures it by a composite of key
performance indicators. In short, there is no single agreed-on measure of IT value. As a
result, misunderstandings about the definition of value either between IT and the business or among business managers themselves can lead to feelings that value has not
been delivered. Therefore, a prerequisite of any IT value proposition is that everyone
involved in an IT initiative agree on what value they are trying to deliver and how they
will recognize it.
Where Is IT Value?
Value may also vary according to where one looks for it (Davern and Kauffman 2000;
Oliveira and Martins 2011). For example, value to an enterprise may not be perceived as
value in a work group or by an individual. In fact, delivering value at one level in an organization may actually conflict with optimizing value at another level. Decisions about
IT value are often made to optimize firm or business process value, even if they cause
difficulties for business units or individuals. As one manager explained, “At the senior
levels, our bottom-line drivers of value are cost savings, cash flow, customer satisfaction,
and revenue. These are not always visible at the lower levels of the organization.” Failure
to consider value implications at all levels can lead to a value proposition that is counterproductive and may not deliver the value that is anticipated. Many executives take a
hard line with these value conflicts. However, it is far more desirable to aim for a value
$IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO
that is not a win–lose proposition but is a win–win at all levels. This can leverage overall
value many times over (Chan 2000; Grant and Royle 2011).
Who Delivers IT Value?
Increasingly, managers are realizing that it is the interaction of people, information, and
technology that delivers value, not IT alone.2 Studies have confirmed that strong IT
practices alone do not deliver superior performance. It is only the combination of these
IT practices with an organization’s skills at managing information and people’s behaviors and beliefs that leads to real value (Birdsall 2011; Ginzberg 2001; Marchand et al.
2000). In the past, IT has borne most of the responsibility for delivering IT value. Today,
however, business managers exhibit a growing willingness to share responsibility with
IT to ensure value is realized from the organization’s investments in technology. Most
companies now expect to have an executive sponsor for any IT initiative and some business participation in the development team. However, many IT projects still do not
have the degree of support or commitment from the business that IT managers feel is
necessary to deliver fully on a value proposition (Peslak 2012).
When Is IT Value Realized?
Value also has a time dimension. It has long been known that the benefits of technology take time to be realized (Chan 2000; Segars and Chatterjee 2010). People must be
trained, organizations and processes must adapt to new ways of working, information
must be compiled, and customers must realize what new products and services are
being offered. Companies are often unprepared for the time it takes an investment to
pay off. Typically, full payback can take between three and five years and can have at
least two spikes as a business adapts to the deployment of technology. Figure 1.2 shows
this “W” effect, named for the way the chart looks, for a single IT project.
Initially, companies spend a considerable amount in deploying a new technology.
During this twelve-to-sixteen-month period, no benefits occur. Following implementation, some value is realized as companies achieve initial efficiencies. This period lasts
for about six months. However, as use increases, complexities also grow. Information
overload can occur and costs increase. At this stage, many can lose faith in the initiative. This is a dangerous period. The final set of benefits can occur only by making the
business simpler and applying technology, information, and people more effectively. If
a business can manage to do this, it can achieve sustainable, long-term value from its IT
investment (Segars and Chatterjee 2010). If it can’t, value from technology can be offset
by increased complexity.
Time also changes perceptions of value. Many IT managers can tell stories of
how an initiative is vilified as having little or no value when first implemented, only
to have people say they couldn’t imagine running the business without it a few years
later. Similarly, most managers can identify projects where time has led to a clearer
2
These interactions in a structured form are known as processes. Processes are often the focus of much organizational effort in the belief that streamlining and reengineering them will deliver value. In fact, research
shows that without attention to information and people, very little value is delivered (Segars and Chatterjee
2010). In addition, attention to processes in organizations often ignores the informal processes that contribute
to value.
5
6
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
EVA
12–16 Months
16–22 Months
22–38 Months
3–5 Years
Get the House
in Order
Harvest LowHanging Fruit
Make the
Business
Complex
Make Business
Simpler
Time
FIGURE 1.2
The ‘W’ Effect in Delivering IT Value (Segars & Chatterjee, 2010)
understanding of the potential value of a project. Unfortunately, in cases where anticipated value declines or disappears, projects don’t always get killed (Cooper et al. 2000).
Clarifying and agreeing on these different layers of IT value is the first step involved
in developing and delivering on the IT value proposition. All too often, this work is forgotten or given short shrift in the organization’s haste to answer this question: How will
IT value be delivered? (See next section.) As a result, misunderstandings arise and technology projects do not fulfill their expected promises. It will be next to impossible to do a
good job developing and delivering IT value unless and until the concepts involved in IT
value are clearly understood and agreed on by both business and IT managers.
THE THREE COMPONENTS OF THE IT VALUE PROPOSITION
Developing and delivering an IT value proposition involves addressing three components. First, potential opportunities for adding value must be identified. Second, these
opportunities must be converted into effective applications of technology. Finally, value
Best Practices in Understanding IT Value
r
r
r
r
r
-JOL*5WBMVFEJSFDUMZUPZPVSCVTJOFTTNPEFM
3FDPHOJ[FWBMVFJTTVCKFDUJWF BOENBOBHFQFSDFQUJPOTBDDPSEJOHMZ
"JNGPSBWBMVFiXJOmXJOuBDSPTTQSPDFTTFT XPSLVOJUT BOEJOEJWJEVBMT
4FFLCVTJOFTTDPNNJUNFOUUPBMM*5QSPKFDUT
.BOBHFWBMVFPWFSUJNF
$IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO
Identification
FIGURE 1.3
Conversion
Realization
IT
Value
The Three Components of the IT Value Proposition
must be realized by the organization. Together, these components comprise the fundamentals of any value proposition (see Figure 1.3).
Identification of Potential Value
Identifying opportunities for making IT investments has typically been a fairly
informal activity in most organizations. Very few companies have a well-organized
means of doing research into new technologies or strategizing about where these technologies can be used (McKeen and Smith 2010). More companies have mechanisms
for identifying opportunities within business units. Sometimes a senior IT manager
will be designated as a “relationship manager” for a particular unit with responsibility for working with business management to identify opportunities where IT
could add value (Agarwal and Sambamurthy 2002; Peslak 2012). Many other companies, however, still leave it up to business managers to identify where they want
to use IT. There is growing evidence that relegating the IT organization to a passive
role in developing systems according to business instructions is unlikely to lead to
high IT value. Research shows that involving IT in business planning can have a direct
and positive influence on the development of successful business strategies using IT
(Ginzberg 2001; Marchand et al. 2000). This suggests that organizations should establish joint business–IT mechanisms to identify and evaluate both business and technical
opportunities where IT can add value.
Once opportunities have been identified, companies must then make decisions
about where they want to focus their dollars to achieve optimal value. Selecting the
right projects for an organization always involves balancing three fundamental factors:
cash, timing, and risk (Luehrman 1997). In principle, every company wants to undertake only high-return projects. In reality, project selection is based on many different
factors. For example, pet or political projects or those mandated by the government or
competitors are often part of a company’s IT portfolio (Carte et al. 2001). Disagreement
at senior levels about which projects to undertake can arise because of a lack of a coherent and consistent mechanism for assessing project value. All organizations need some
formal mechanism for prioritizing projects. Without one, it is very likely that project
selection will become highly politicized and, hence, ineffective at delivering value.
There are a variety of means to do this, ranging from using strictly bottom-line metrics,
to comparing balanced scorecards, to adopting a formal value-assessment methodology.
However, although these methods help to weed out higher cost–lower return projects,
they do not constitute a foolproof means of selecting the right projects for an organization. Using strict financial selection criteria, for example, can exclude potentially highvalue strategic projects that have less well-defined returns, longer payback periods,
and more risk (Cooper et al. 2000; DeSouza 2011). Similarly, it can be difficult getting
7
8
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
important infrastructure initiatives funded even though these may be fundamental to
improving organizational capabilities (Byrd 2001).
Therefore, organizations are increasingly taking a portfolio approach to project
selection. This approach allocates resources and funding to different types of projects,
enabling each type of opportunity to be evaluated according to different criteria (McKeen
and Smith 2003; Smith and McKeen 2010). One company has identified three different
classes of IT—infrastructure, common systems, and business unit applications—and
funds them in different proportions. In other companies, funding for strategic initiatives is allocated in stages so their potential value can be reassessed as more information
about them becomes known. Almost all companies have found it necessary to justify
infrastructure initiatives differently than more business-oriented projects. In fact, some
remove these types of projects from the selection process altogether and fund them with
a “tax” on all other development (McKeen and Smith 2003). Other companies allocate a
fixed percentage of their IT budgets to a technology renewal fund.
Organizations have come a long way in formalizing where and how they choose to
invest their IT dollars. Nevertheless, there is still considerable room for judgment based
on solid business and technical knowledge. It is, therefore, essential that all executives
involved have the ability to think strategically and systematically as well as financially
about project identification and selection.
Effective Conversion
“Conversion” from idea/opportunity to reality has been what IT organizations have
been all about since their inception. A huge amount of effort has gone into this central
component of the IT value proposition. As a result, many IT organizations have become
very good at developing and delivering projects on time and on budget. Excellent
project management, effective execution, and reliable operations are a critical part of
IT value. However, they are not, in and of themselves, sufficient to convert a good idea
into value or to deliver value to an organization.
Today managers and researchers are both recognizing that more is involved in
effective conversion than good IT practices. Organizations can set themselves up for
failure by not providing adequate and qualified resources. Many companies start more
projects than they can effectively deliver with the resources they have available. Not
having enough time or resources to do the job means that people are spread too thin
and end up taking shortcuts that are potentially damaging to value (Cooper et al. 2000).
Resource limitations on the business side of a project team can be as damaging to conversion as a lack of technical resources. “[Value is about] far more than just sophisticated
managerial visions. . . . Training and other efforts . . . to obtain value from IT investments
Best Practices in Identifying Potential Value
r
r
r
r
+PJOUCVTJOFTTm*5TUSVDUVSFTUPSFDPHOJ[FBOEFWBMVBUFPQQPSUVOJUJFT
"NFBOTPGDPNQBSJOHWBMVFBDSPTTQSPKFDUT
"QPSUGPMJPBQQSPBDIUPQSPKFDUTFMFDUJPO
"GVOEJOHNFDIBOJTNGPSJOGSBTUSVDUVSF
$IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO
are often hamstrung by insufficient resources” (Chircu and Kauffman 2000). Inadequate
business resources can lead to poor communication and ineffective problem solving on
a project (Ginzberg 2001). Companies are beginning to recognize that the number and
quality of the staff assigned to an IT project can make a difference to its eventual outcome. They are insisting that the organization’s best IT and businesspeople be assigned
to critical projects.
Other significant barriers to conversion that are becoming more apparent now
that IT has improved its own internal practices include the following:
r Organizational barriers. The effective implementation of IT frequently requires
the extensive redesign of current business processes (Chircu and Kauffman 2000).
However, organizations are often reluctant to make the difficult complementary
business changes and investments that are required (Carte et al. 2001). “When
new IT is implemented, everyone expects to see costs come down,” explained one
manager. “However, most projects involve both business and IT deliverables. We,
therefore, need to take a multifunctional approach to driving business value.” In
recognition of this fact, some companies are beginning to put formal change management programs in place to help businesses prepare for the changes involved
with IT projects and to adapt and simplify as they learn how to take advantage of
new technology.
r Knowledge barriers. Most often new technology and processes require employees to work differently, learn new skills, and have new understanding of how and
where information, people, and technologies fit together (Chircu and Kauffman
2000; Perez-Lopez and Alegre 2012). Although training has long been part of new
IT implementations, more recently businesses are recognizing that delivering value
from technology requires a broader and more coordinated learning effort (Smith
and McKeen 2002). Lasting value comes from people and technology working
together as a system rather than as discrete entities. Research confirms that highperforming organizations not only have strong IT practices but also have people
who have good information management practices and who are able to effectively
use the information they receive (Beath et al. 2012; Marchand et al. 2000).
Realizing Value
The final component of the IT value proposition has been the most frequently ignored.
This is the work involved in actually realizing value after technology has been implemented. Value realization is a proactive and long-term process for any major initiative.
All too often, after an intense implementation period, a development team is disbanded
to work on other projects, and the business areas affected by new technology are left to
Best Practices in Conversion
r
r
r
r
"WBJMBCJMJUZPGBEFRVBUFBOERVBMJGJFE*5BOECVTJOFTTSFTPVSDFT
5SBJOJOHJOCVTJOFTTHPBMTBOEQSPDFTTFT
.VMUJGVODUJPOBMDIBOHFNBOBHFNFOU
&NQIBTJTPOIJHIFSMFWFMMFBSOJOHBOELOPXMFEHFNBOBHFNFOU
9
10
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
sink or swim. As a result, a project’s benefits can be imperfectly realized. Technology
must be used extensively if it is to deliver value. Poorly designed technology can lead
to high levels of frustration, resistance to change, and low levels of use (Chircu and
Kauffman 2000; Sun et al., 2012).
Resistance to change can have its root cause in an assumption or an action that
doesn’t make sense in the everyday work people do. Sometimes this means challenging workers’ understanding of work expectations or information flows. At other times
it means doing better analysis of where and how a new process is causing bottlenecks,
overwork, or overload. As one manager put it, “If value is not being delivered, we
need to understand the root causes and do something about it.” His company takes
the unusual position that it is important to keep a team working on a project until the
expected benefits have been realized. This approach is ideal but can also be very costly
and, therefore, must be carefully managed. Some companies try to short-circuit the
value management process by simply taking anticipated cost savings out of a business
unit’s budget once technology has been implemented, thereby forcing it to do more
with less whether or not the technology has been as beneficial as anticipated. However,
most often organizations do little or no follow-up to determine whether or not benefits
have been achieved.
Measurement is a key component of value realization (Thorp 1999). After implementation, it is essential that all stakeholders systematically compare outcomes against
expected value and take appropriate actions to achieve benefits. In addition to monitoring metrics, a thorough and ongoing assessment of value and information flows must
also be undertaken at all levels of analysis: individual, team, work unit, and enterprise.
Efforts must be taken to understand and improve aspects of process, information, and
technology that are acting as barriers to achieving value.
A significant problem with not paying attention to value recognition is that areas
of unexpected value or opportunity are also ignored. This is unfortunate because it is
only after technology has been installed that many businesspeople can see how it could
be leveraged in other parts of their work. Realizing value should, therefore, also include
provisions to evaluate new opportunities arising through serendipity.
FIVE PRINCIPLES FOR DELIVERING VALUE
In addition to clearly understanding what value means in a particular organization and
ensuring that the three components of the IT value proposition are addressed by every
project, five principles have been identified that are central to developing and delivering value in every organization.
Best Practices in Realizing Value
r
r
r
r
r
1MBOBWBMVFSFBMJ[BUJPOQIBTFGPSBMM*5QSPKFDUT
.FBTVSFPVUDPNFTBHBJOTUFYQFDUFESFTVMUT
-PPLGPSBOEFMJNJOBUFSPPUDBVTFTPGQSPCMFNT
"TTFTTWBMVFSFBMJ[BUJPOBUBMMMFWFMTJOUIFPSHBOJ[BUJPO
)BWFQSPWJTJPOTGPSBDUJOHPOOFXPQQPSUVOJUJFTUPMFWFSBHFWBMVF
$IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO
Principle 1. Have a Clearly Defined Portfolio
Value Management Process
Every organization should have a common process for managing the overall value
being delivered to the organization from its IT portfolio. This would begin as a means of
identifying and prioritizing IT opportunities by potential value relative to each other. It
would also include mechanisms to optimize enterprise value (e.g., through tactical, strategic, and infrastructure projects) according to a rubric of how the organization wants
to allocate its resources.
A portfolio value management process should continue to track projects as they
are being developed. It should ensure not only that projects are meeting schedule and
budget milestones but also that other elements of conversion effectiveness are being
addressed (e.g., business process redesign, training, change management, information management, and usability). A key barrier to achieving value can be an organization’s unwillingness to revisit the decisions made about its portfolio (Carte et al. 2001).
Yet this is critically important for strategic and infrastructure initiatives in particular.
Companies may have to approve investments in these types of projects based on imperfect information in an uncertain environment. As they develop, improved information
can lead to better decision making about an investment. In some cases this might lead to
a decision to kill a project; in others, to speed it up or to reshape it as a value proposition
becomes clearer.
Finally, a portfolio value management process should include an ongoing means
of ensuring that value is realized from an investment. Management must monitor
expected outcomes at appropriate times following implementation and hold someone
in the organization accountable for delivering benefits (Smith and McKeen 2010).
Principle 2. Aim for Chunks of Value
Much value can be frittered away by dissipating IT investments on too many projects
(Cho et al. 2013; Marchand et al. 2000). Focusing on a few key areas and designing a set
of complementary projects that will really make a difference is one way companies are
trying to address this concern. Many companies are undertaking larger and larger technology initiatives that will have a significant transformational and/or strategic impact
on the organization. However, unlike earlier efforts, which often took years to complete
and ended up having questionable value, these initiatives are aiming to deliver major
value through a series of small, focused projects that, linked together, will result in both
immediate short-term impact and long-term strategic value. For example, one company
has about three hundred to four hundred projects underway linked to one of a dozen
major initiatives.
Principle 3. Adopt a Holistic Orientation to Technology Value
Because value comes from the effective interaction of people, information, and technology, it is critical that organizations aim to optimize their ability to manage and use
them together (Marchand et al. 2000). Adopting a systemic approach to value, where
technology is not viewed in isolation and interactions and impacts are anticipated and
planned, has been demonstrated to contribute to perceived business value (Ginzberg
2001). Managers should aim to incorporate technology as an integral part of an overall
11
12
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
program of business change rather than dealing with people and information management as afterthoughts to technology (Beath et al. 2012). One company has done this by
taking a single business objective (e.g., “increase market penetration by 15 percent over
five years”) and designing a program around it that includes a number of bundled technology projects.
Principle 4. Aim for Joint Ownership of Technology Initiatives
This principle covers a lot of territory. It includes the necessity for strong executive
sponsorship of all IT projects. “Without an executive sponsor for a project, we simply
won’t start it,” explained one manager. It also emphasizes that all people involved in
a project must feel they are responsible for the results. Said another manager, “These
days it is very hard to isolate the impact of technology, therefore there must be a ‘we’
mentality.” This perspective is reinforced by research that has found that the quality of
the IT–business relationship is central to the delivery of IT value. Mutual trust, visible
business support for IT and its staff, and IT staff who consider themselves to be part of
a business problem-solving team all make a significant difference in how much value
technology is perceived to deliver (Ginzberg 2001).
Principle 5. Experiment More Often
The growing complexity of technology, the range of options available, and the
uncertainty of the business environment have each made it considerably more difficult
to determine where and how technology investments can most effectively be made.
Executives naturally object to the risks involved in investing heavily in possible business
scenarios or technical gambles that may or may not realize value. As a result, many
companies are looking for ways to firm up their understanding of the value proposition
for a particular opportunity without incurring too much risk. Undertaking pilot studies
is one way of doing this (DeSouza 2011). Such experiments can prove the value of an
idea, uncover new opportunities, and identify more about what will be needed to make
an idea successful. They provide senior managers with a greater number of options
in managing a project and an overall technology portfolio. They also enable potential value to be reassessed and investments in a particular project to be reevaluated
and rebalanced against other opportunities more frequently. In short, experimentation
enables technology investments to be made in chunks and makes “go/no go” decisions
at key milestones much easier to make.
Conclusion
This chapter has explored the concepts
and activities involved in developing and
delivering IT value to an organization. In
their efforts to use technology to deliver
business value, IT managers should keep
clearly in mind the maxim “Value is in the
eye of the beholder.” Because there is no
single agreed-on notion of business value, it
is important to make sure that both business
and IT managers are working to a common
goal. This could be traditional cost reduction,
process efficiencies, new business capabilities, improved communication, or a host of
other objectives. Although each organization
$IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO
or business unit approaches value differently, increasingly this goal includes much
more than the simple delivery of technology
to a business unit. Today technology is being
used as a catalyst to drive many different
types of organizational transformation and
strategy. Therefore, IT value can no longer
13
be viewed in isolation from other parts of
the business, namely people and information. Thus, it is no longer adequate to focus
simply on the development and delivery of
IT projects in order to deliver value. Today
delivering IT value means managing the
entire process from conception to cash.
References
Agarwal, R., and V. Sambamurthy. “Organizing
the IT Function for Business Innovation
Leadership.”
Society
for
Information
Management Advanced Practices Council
Report, Chicago, September 2002.
Beath, C., I. Becerra-Fernandez, J. Ross, and J.
Short. “Finding Value in the Information
Explosion.” MIT Sloan Management Review 53,
no. 4 (2012): 18–20.
Birdsall,
W.
“Human
Capabilities
and
Information and Communication Technology:
The Communicative Connection.” Ethics and
Information Technology 13, no. 2 (2011): 93–106.
Byrd, T. A. “Information Technology, Core
Competencies, and Sustained Competitive
Advantage.” Information Resources Management
Journal 14, no. 2 (April–June 2001): 27–36.
Carte, T., D. Ghosh, and R. Zmud. “The Influence
of IT Budgeting Practices on the Return
Derived from IT Investments.” CMISS White
Paper, November 2001.
Chakravarty, A., R. Grewal, and V. Sambamurthy.
“Information
Technology
Competencies,
Organizational Agility, and Firm Performance:
Enabling and Facilitating Roles.” Information
Systems Research 24, no. 4 (2013): 976–97, 1162–63,
1166.
Chan, Y. “IT Value: The Great Divide Between
Qualitative and Quantitative and Individual
and Organizational Measures.” Journal of
Management Information Systems 16, no. 4
(Spring 2000): 225–61.
Cho, W., M. Shaw, and H. Kwan. “The Effect
of Synergy Enhancement on Information
Technology Portfolio Selection.” Information
Technology and Management 14, no. 2 (2013):
125–42.
Chircu, A., and R. J. Kauffman. “Limits to Value in
Electronic Commerce-Related IT Investments.”
Journal of Management Information Systems 17,
no. 2 (Fall 2000): 59–80.
Cooper, R., S. Edgett, and E. Kleinschmidt. “New
Problems, New Solutions: Making Portfolio
Management More Effective.” Research
Technology Management 43, no. 2 (March/April
2000): 18–33.
Cronk, M., and E. Fitzgerald. “Understanding ‘IS
Business Value’: Derivation of Dimensions.”
Logistics Information Management 12, no. 1–2
(1999): 40–49.
Davern, M., and R. Kauffman. “Discovering
Potential
and
Realizing
Value
from
Information Technology Investments.” Journal
of Management Information Systems 16, no. 4
(Spring 2000): 121–43.
DeSouza, K. Intrapreneurship: Managing Ideas
in Your Organization. Toronto: University of
Toronto Press, 2011.
Ginzberg, M. “Achieving Business Value Through
Information Technology: The Nature of High
Business Value IT Organizations.” Society for
Information Management Advanced Practices
Council Report, Chicago, November 2001.
Grant, G. L., and M. T. Royle. “Information
Technology and Its Role in Creating Sustainable
Competitive Advantage.” Journal of International
Management Studies 6, no. 1 (2011): 1–7.
Luehrman, T. A. “What’s It Worth? A General
Manager’s Guide to Valuation.” Harvard
Business Review (May–June 1997): 131–41.
Luftman, J., and H. S. Zadeh. “Key Information
Technology and Management Issues 2010–
2011: An International Study.” Journal of
Information Technology 26, no. 3 (2011): 193–204.
14
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
Marchand, D., W. Kettinger, and J. Rollins.
“Information Orientation: People, Technology
and the Bottom Line.” Sloan Management
Review (Summer 2000): 69–80.
McKeen, J. D., and H. A. Smith. Making IT
Happen. Chichester, England: John Wiley &
Sons, 2003.
McKeen, J. D., and H. A. Smith. “Application
Portfolio Management.” Communications for the
Association of Information Systems 26, Article 9
(March 2010), 157–70.
Oliveira, T., and M. F. Martins. “Literature Review
of Information Technology Adoption Models
at Firm Level.” Electronic Journal of Information
Systems Evaluation 14, no.1 (2011): 110–21.
Perez-Lopez, S., and J. Alegre. “Information
Technology Competency, Knowledge Processes
and Firm Performance.” Industrial Management
and Data Systems 112, no. 4 (2012): 644–62.
Peslak, A. R. “An Analysis of Critical Information
Technology Issues Facing Organizations.”
Industrial Management and Data Systems 112, no.
5 (2012): 808–27.
Roach, S. “The Case of the Missing Technology
Payback.” Presentation at the Tenth
International Conference on Information
Systems, Boston, December 1989.
Segars, A. H., and D. Chatterjee. “Diets That Don’t
Work: Where Enterprise Resource Planning
Goes Wrong.” Wall Street Journal, August 23,
2010. online.wsj.com/article/SB100014240527
48703514404574588060852535906.html.
Smith, H., and J. McKeen. “Instilling a Knowledge
Sharing Culture.” Presentation at the KM
Forum, Queen’s School of Business, Kingston,
Ontario, Canada, 2002.
Smith, H., and J. McKeen. “Investment Spend
Optimization at BMO Financial Group.” MISQ
Executive 9, no. 2 (June 2010): 65–81.
Sun, Y., Y. Fang, K. Lim, and D. Straub. “User
Satisfaction with Information Technology
Service Delivery: A Social Capital Perspective.”
Information Systems Research 23, no. 4 (2012):
1195–211.
Thorp, J. “Computing the Payoff from IT.” Journal of
Business Strategy 20, no. 3 (May/June 1999): 35–39.
CHAPTER
2
Developing IT Strategy
for Business Value1
S
uddenly, it seems, executives are “getting” the strategic potential of IT. Instead
of being relegated to the back rooms of the enterprise, IT is now being invited to
the boardrooms and is being expected to play a leading role in delivering topline value and business transformation (Korsten 2011; Luftman and Zadeh 2011; Peslak
2012). Thus, it can no longer be assumed that business strategy will naturally drive IT
strategy, as has traditionally been the case. Instead, different approaches to strategy
development are now possible and sometimes desirable. For example, the capabilities
of new technologies could shape the strategic direction of a firm (e.g., mobile, social
media, big data). IT could enable new competencies that would then make new business strategies possible (e.g., location-based advertising). New options for governance
using IT could also change how a company works with other firms (think Wal-Mart
or Netflix). Today new technologies coevolve with new business strategies and new
behaviors and structures (see Figure 2.1). However, whichever way it is developed, if
IT is to deliver business value, IT strategy must always be closely linked with sound
business strategy.
Ideally, therefore, business and IT strategies should complement and support each
other relative to the business environment. Strategy development should be a two-way
process between the business and IT. Yet unfortunately, poor alignment between them
remains a perennial problem (Frohman 1982; Luftman and Zadeh 2011; McKeen and
Smith 1996; Rivard et al. 2004). Research has already identified many organizational
challenges to effective strategic alignment. For example, if their strategy-development
processes are not compatible (e.g., if they take place at different times or involve different levels of the business), it is unlikely that the business and IT will be working toward
the same goals at the same time (Frohman 1982). Aligning with individual business
units can lead to initiatives that suboptimize the effectiveness of corporate strategies
(McKeen and Smith 1996). Strategy implementation must also be carefully aligned to
1
This chapter is based on the authors’ previously published article, Smith, H. A., J. D. McKeen, and S. Singh.
“Developing IT Strategy for Business Value.” Journal of Information Technology Management XVIII, no. 1 (June
2007): 49–58. Reproduced by permission of the Association of Management.
15
4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5
y
New Behavior
s&
New
Capabilities
tures
ruc
St
New Techno
log
16
s
gie
New Strate
FIGURE 2.1 Business and IT Strategies Co-evolve to Create New Capabilities
ensure the integration of business and IT efforts (Smith and McKeen 2010). Finally, companies often try to address too many priorities, leading to an inadequate focus on key
strategic goals (Weiss and Thorogood 2011).
However, strategic alignment is only one problem facing IT managers when they
develop IT strategy. With IT becoming so much more central to the development and
delivery of business strategy, much more attention is now being paid to strategy development than in the past. What businesses want to accomplish with their IT and how IT
shapes its own delivery strategy are increasingly vital to the success of an enterprise.
This chapter explores how organizations are working to improve IT strategy development and its relationship with business strategy. It looks first at how our understanding
of business and IT strategies has changed over time and at the forces that will drive
even further changes in the future. Then it discusses some critical success factors for IT
strategy development about which there is general consensus. Next it looks at the different dimensions of the strategic use of IT that IT management must address. Finally,
it examines how some organizations are beginning to evolve a more formal IT strategydevelopment process and some of the challenges they are facing in doing so.
BUSINESS AND IT STRATEGIES: PAST, PRESENT, AND FUTURE
At the highest level, a strategy is an approach to doing business (Gebauer 1997).
Traditionally, a competitive business strategy has involved performing different activities from competitors or performing similar activities in different ways (Porter 1996).
Ideally, these activities were difficult or expensive for others to copy and, therefore,
resulted in a long-term competitive advantage (Gebauer 1997). They enabled firms to
charge a premium for their products and services.
Until recently, the job of an IT function was to understand the business’s strategy
and figure out a plan to support it. However, all too often IT’s strategic contribution
was inhibited by IT managers’ limited understanding of business strategy and by business managers’ poor understanding of IT’s potential. Therefore, most formal IT plans
were focused on the more tactical and tangible line of business needs or opportunities
$IBQUFS r %FWFMPQJOH*54USBUFHZGPS#VTJOFTT7BMVF
for operational integration rather than on supporting enterprise strategy (Burgelman
and Doz 2001). And projects were selected largely on their abilities to affect the shortterm bottom line rather than on delivering top-line business value. “In the past IT had
to be a strategic incubator because businesspeople simply didn’t recognize the potential
of technology,” said a member of the focus group.
As a result, instead of looking for ways to be different, in the past much business
strategy became a relentless race to compete on efficiencies with IT as the primary means
of doing so (Hitt et al. 1998; Porter 1996). In many industries, companies’ improved
information-processing capabilities have been used to drive down transaction costs to
near zero, threatening traditional value propositions and shaving profit margins. This
is leading to considerable disruption as business models (i.e., the way companies add
value) are under attack by new, technology-enabled approaches to delivering products
and services (e.g., the music industry, bookselling). Therefore:
Strategists [have to] honestly face the many weaknesses inherent in [the]
industrial-age ways of doing things. They [must] redesign, build upon and reconfigure their components to radically transform the value proposition. (Tapscott 1996)
Such new business strategies are inconceivable without the use of IT. Other factors,
also facilitated by IT, are further influencing the relationship between the business
and IT strategy. Increasingly, globalization is altering the economic playing field. As
countries and companies become more deeply interrelated, instability is amplified.
Instead of being generals plotting out a structured campaign, business leaders are now
more likely to be participating in guerilla warfare (Eisenhardt 2002; Friedman 2005).
Flexibility, speed, and innovation are, therefore, becoming the watchwords of competition and must be incorporated into any business or IT strategy–development process.
These conditions have dramatically elevated the business’s attention to the
value of IT strategy (Korsten 2011; Weiss and Thorogood 2011). As a result, business
executives recognize that it was a mistake to consider technology projects to be solely
the responsibility of IT. There is, thus, a much greater understanding that business
executives have to take leadership in making technology investments in ways that will
shape and/or complement business strategy. There is also recognition at the top of most
organizations that problems with IT strategy implementation are largely the fault of
leaders who “failed to realize that adopting … systems posed a business—not just a
technological—challenge” and didn’t take responsibility for the organizational and
process changes that would deliver business value (Ross and Beath 2002).
Changing value models and the development of integrated, cross-functional
systems have elevated the importance of both a corporate strategy and a technology
strategy that crosses traditional lines of business. Many participants remarked that their
executive teams at last understand the potential of IT to affect the top line. “IT recently
added some new distribution channels, and our business has just exploded,” stated
one manager. Others are finding that there is a much greater emphasis on IT’s ability to
grow revenues, and this is...
Purchase answer to see full
attachment