IT

2010 Hot Tech Jobs

“Everyone knows someone who loves Honda” commercial in context with Honda Facebook is a prime example how social network channels have changed today’s business.  If any IT executives still thinks that social networking platform is for kids and teenagers, wake up! You have already missed lots of opportunity, try to speed up and catch on.

Social network is integral in today’s sales and marketing for almost all products and services.  Customization of a product or service based on each individual requirement is not a new concept and it has been discussed and implemented in isolation. The challenge faced before was to approximate each individual’s requirements and social network is an approach to approximate individual’s requirement. Once the requirements are understood, social networks are again used to influence individual customers to buy the given product or service. There are quite a few books written to leverage social network to promote and market products and services. To summarize, in today’s challenging market, it is obvious and evident that social network plays major role in selling product and services to consumers and some cases, even to big corporations.

Given this context, current economical circumstances, growth potential, emergence of cloud computing, compliance conformance requirements,

The following IT jobs will have high market demand in 2010..

1. Enterprise Architect – (Thorough understanding of business process management, business strategy, IT strategy, portfolio management, social networking tools ,techniques and its business application and etc)
2. Security Officer/Analyst (Audit, compliance,policy management, Threats from social networking, Identify Management Strategy,proactive incident avoidance – data loss prevention)
3. Network Engineer – (SAN/IPS/BGP/SONET/DNS/Firewall/Load Balancer/NetCache devices/SSL Accelerator/SMTP/SNMP/High availability/Disaster recovery/..)
4. Cloud Architect ( Cloud operating system – like VMVare, Business cloud)
5. Application Architect – (open source technologies,blog – wordpress, blogspot, facebook, youtube, SaaS, twitter, GoogleWave, web services, Rich Internet application – AJAX/Adobe Flex/Microsoft Silverlight)
6. Information Architect (Data Mining, Dataware house, Reporting, business intelligence, text minig, search optimization)
7. ERP specialist (SAP, PeopleSoft, JD Edward, Oracle financial, Banking – Fidelity, FiServ, Shaw, Phoenix, Hartland, and etc) 
8. Vendor/Contract Management ( ITIL)
9. Program/Project Management (PMBOK, PRINCE frameworks)
10.Smart Phone Application Architecture & Design – (iPhone, BlackBerry, etc)

IT Finance Management Framework – Part 1

There is a need to develop an IT finance management framework and I propose a general framework for a specific organization as a starting point.

Some of you may be wondering why EA & IT strategy person proclaims a need for development of a general IT finance management framework and proposes one for a specific organization type.

To develop practical enterprise architecture and receive value from it, understanding the financial management and integrating to the enterprise architecture is a key. IT Finance management plays a vital role in enterprise architecture analysis. For instance, to identify and report the cost drivers for systems with high maintenance cost in the enterprise, enterprise architects required to generate the list of software systems which has high maintenance cost first. If the enterprise system landscape is not integrated with the IT fiancé management, this of kind of analysis becomes manual, laborious and inaccurate.

Current state of IT Finance Management:

IT Finance management function is performed in non-uniform way across the industry. Lack of a general framework in IT Finance Management leads the IT industry to proliferate inconsistent methodology and creates a challenge to collaborate and share knowledge.

For broader utilization of the framework, the framework development needs collaboration and participation from IT financial analyst across multiple industries. As a starting point, I’m going to propose a general framework to manage IT finance for a specific organization type and welcome critiques from others to improve it.

Organization Type:
The proposed framework is for IT organizations which are business enablers, does not directly generate revenue, does not pay cash directly to payables and perform three major functions.

  • Lights on support to IT systems to enable business
  • Perform Enhancement/Discretionary changes to meet business requirements
  • Execute projects to transform/thrive/sustain the business

Key steps in IT Finance Management:

  • IT Financial Planning
  • IT Budgeting
  • IT Finance Reporting

IT Financial Planning: It is a first step in the ITFM. Financial planning must be aligned to corporate strategy. Corporate strategy provides a road map to reach corporation’s vision and corporate annual plan is a step towards reaching the organization vision. Annual corporate plan is an execution step of corporate strategy. Based on annual corporate plan, IT financial plan is developed by the IT Financial analyst, office of CIO in collaboration with financial controllers (Office of CFO) and office of Chief operating officers. The decisions like, invest in more product development, penetration to a new market segment, expand the presence to new country and etc are made, part of the annual corporate plan. IT financial plan is a high level executive plan to support the annual corporate plan. It will consists of major line items like, improve IT spend on new security projects, change systems to support multiple languages, continue the same level of lights on operation , improve the system reliability and etc. IT Financial plan will be created and will be used as base line to develop the IT budget.

IT Budget: Budgeting is a one of key piece of IT Finance management. Budgeting is a development of  IT organization cost plan for the year. Cost plan answers questions like, What is the total cost IT organization can spend and how they are going to spend. Once the budget is approved by CIO and corporate controlling, then the actual cost are tracked on monthly basis and variance analysis are preformed and reported to the various stakeholders like CIO, controlling office, senior management team, managers and others.

There are three different types of budget for different purposes.

  • Capital Budget – Lays out a plan for investment like plant installation, product development and provides a principle for investment life cycle steps like depreciation, amortization. Generally it is managed by a generalized group for the entire company. It is one of the functions under controlling organization under the CFO.
  • Cash Budget – It is a predication of expected cash balances the organization will experience during the forecast period. Cash budget depends on operating and capital budget. It also evaluates if the corporation has sufficient liquidity (like cash in hand, credit) available to meet the expected cash disbursements. It is part of the management accounting. The cash flow and fund flow of the corporation depends on the cash budget.
  • Operating Budget – It is a plan to reflect the daily operating expenses and depreciation. Typically the operating budget is developed annually.

For the organization selected, IT budget will be an operating budget. The major functions performed by the organization are lights on, enhancement and projects. It is so tempting to categorize all the cost under these categories in the highest level. It will become difficult to analyze different perspective of the IT cost structure like by hardware, provider etc.

Cost Categorization:

  • Employee – (On roll employees)
  • Contractors – (includes purchased service, consultants and etc)
  • Sourcing Providers – (in source, out source, multi source and etc for a specific service)
  • Software recurring fee – (includes software maintenance fee, service fee and etc)
  • Hardware recurring fee – (includes all servers, mainframe, disks, network, hardware maintenance fee and etc)
  • Others – (It is a catch all category includes like travel, training, depreciation, office & admin, rent, telephone, stationary, depreciation, rent)

The categorization is not a clean separation. As needed, the items in each category can be shifted between the category.

Direct cost vs indirect cost, project cost vs lights on cost are various categorization of cost structure. Those cost categorization  are just allocation issue. Once the cost are captured in the above categories, then the various other perspective can be easily created. I will demonstrate it specifically how to capture and how to report it.
Any line item in general & administration (G&A) spend in the IT organization should come under in one of the above category. This does not include the capital budget. Any capital project under taking or any new capital software purchase will not be included under IT G&A budget. That will come under capital budget. The scope of the framework at this point is to focus on G&A only. Once the framework is matured for G&A, capital budget can be added at the later stage. However, the capital budget will feed the depreciation value to the G&A.

Let us say the IT organization has the budget of $100. CIO has 4 directors reporting to him and there is a small set of staff in the office of CIO who directly support the CIO in the strategy, architecture, IT financement and etc. Let me show the end result of the budget and walk through the steps involved in the framework. After the budget cycles are complete the budget of IT organization of $100 will look like as given in the figure.

it-finance-mgmt

Let me walk through in part #2 what technique should be followed and each and every steps to develop an IT budget for the $100.

Future AAS

Cloud computing is in the horizon. The topic has come to architects and strategist for a consideration and discussion.  It is not in the research paper any more. It is viable to any enterprise as a technological innovative solution  for cost efficiency, speed and agility.

At this time, I should say, all the enterprise architects, strategist and IT leaders are familiar with SaaS model. Salesforce.com is a prime example of a successful SaaS model and the trust index for this business model has transformed to trust worthy due to its success.

A successful business model is always twicked and fine tuned for an another business model in a different market segment. Saas is not an exception. SaaS concept has been extropolated to other areas and there are quite a few “Aas” prolifirated so far. Here are the few..

  • Infrastructure As a Service (IaaS)
  • Platform as a Service (Paas)
  • Database as a Service (Daas)
  • STorage as a service (STaas)
  • E-mail as a Service (EaaS)
  • Desktop as a Service (DEaas)
  • ERP as a service (ERaaS)

and this list is expected to grow. IaaS and Paas sounds the same but there is a subtle difference between IaaS and PaaS. PaaS provides a platform with a set of APIs to develop applications. GoogleApp engine is a prime example of PaaS whereas Iaas provides a stack of hardware infrastructre like servers, database, network, web server, application server and etc.

Amazon is a leader in the cloud computing space. No surprise that Amazon made lots of money in the tough economy but also they projected better outlook in future. Amazon stock would become like apple or google stock.

Management in business – Not a precision engineering

I observed few management team members  got into the trap of making management in business, a precision engineering.  Philosophically, I completely differ that management in business can’t be precise in a corporate environment. Due to office dynamics, politics, internal and external uncertainties, management in business is all about approximation but not perfection.

In most of the cases, the practical approach should be : “THINK BIG, START SMALL, RUN FAST”

Technically, management in business can be precise but it’s very expensive. I had read few dynamic programming papers published from Nasa on how the project schedule conflicts are resolved using various optimization theories. Those techniques were published as a research paper. While management in launching a rocket to outer space business need precision engineering but, for instance, when you create a draft project charter, you do not.  Corporation should not be spending their time to make it perfect when they you are dealing with uncertainities. I understand, plan is nothing but planning is everything. But when a project lacks clarity on its scope, don’t spend  time on planning but use it wisely to improve the clarity of the project.

IT Vendor Risk Management

IT vendor risk management is a component of over all IT risk management. In my previous blog on over all IT risk management, there is a comment from pmhut  to expand each component of the IT risk management.  Let me expand my thoughts on IT vendor risk management and provide a framework to develop the IT vendor risk management.

Steps to develop a IT vendor risk management plan:

  1. Develop a consolidated list of all IT vendors
  2. Categorize the vendors broadly
  3. Prioritize the vendors in each category based on the type of business you are in. For instance, if IT supports retail business, the Point of Sale is key functioin and the vendors supporting that line of business is very critical to the day to day operation. It will have top most priority than any other vendors.)
  4. Identify the potential risk of the vendors
  5. Analyze the potential risk of the vendors
  6. Develop residual risk matrix
  7. Monitor the residual risk matrix and repeat from step 4.
  8. Report the residual risk matrix to CIO office periodically.

Step I: Develop a consolidated list of all IT vendors

Get a IT vendor list from corporate purchase/procurement department. Make sure the following information are available

  • Account representative contact information – Office Phone, cell phone, snail address, email address
  • Investor contact information – Depends on the type of the company – corporate, partnership, properitary and etc
  • Client list

Step II: Categorize the vendors

Types of vendor involved in a typical IT organization.

  • Sourcing provider
    • Alliance provider (like out sourcing provider)
    • Human resource provider for in sourcing. It is generally for time and material model for 6 months to 1 year engagement
    • Consultant provider for insourcing. It is generally for time and material model for a specialized role for a very short time.
  • Software provider
    • Enterprise software system provider (like SAP, Peoplesoft, Fidelity and etc). Enterprise software system depends on the type of business.
    • Office software (like MS Office,and etc)
    • Specialized software provider  (for instance, in the financial industry, quantum is a specialized treasury software provided)
  • Service provider
    • Infrastructure service provider (in most cases, it includes all the system software like OS, database and etc)
    • Research consulting service provider (market research and etc – like gartner.com, executiveboard.com)
    • Specialized service provider (depends on type of business – credit score card development provider and etc)

Step III: Prioritize the vendors

Prioritize the vendors based on their dependencies to the core IT operation. It depends on the business you are in. If there is alliance provider to performing lights on support to an IT organization, then that provider play a vital role in IT operation. For an instance, if it is financial administration company (like financial out sourcing) then their enterprise application like SAP financial plays a major role to perform their core operation. 

 Lately, almost all organization utilizes the outsourcing company to provide lights on service to the core IT operation.

Step IV: Identify the potential risk of the vendors

Sourcing provider (includes alliance and out sourcing provider) is taken as an example and the associated risk are identified. The similar steps can be taken for other types of vendors.

Service level risk

Measure the performance of the provider against the objective set in the beginning of the engagement.  In some cases, the sourcing provider is selected to provide partnership or alliance to improve innovation or business consultation or value creation and few other cases, the provider is selected to provide the on going lights on support. In my example, I will assume the provider is selected to provide the on going lights on support. The typical performance measure for the lights on support are given below:

  • Service quality
  • Service delivery time
  • Missed service level
  • Response time
  • Resolution time
  • Problem repeatability rate

For an outsourcing engagements after the due diligence and contract and terms & conditions are agreed by all parties, there are two major phases. Transition phase and stabilization phases. The sample performance measure listed above will be used for the risk identification after the stabilization phase.

Receive the trend data for the performance measure and compare against the original agreement with the provider. Develop a variance analysis and repeat the cycle. If there is a negative variance in the measure for a prolonged duration then there is an issue. There is a risk that provider to continue under perform and impact the core IT operation.

Vendor Financial stability risk

I would not have come up with this as one of the potential risk item before Satyam scandal. I would not had  even considered it before the scandal. 

  • Participate in quarterly earning call
  • Study the provider balance sheet
  • Study the probability of liquidation or solvenacy
  • Identify your contribution percentage to the provider’s bottom line
  • Identify their auditors reputation

Vendor strategy risk

Request vendor to provide their corporate strategy and make sure their direction is aligned to your expectation of their service. If provider corporate strategy is to out of service business and sell software products, then organization currently receiving provider’s service need to know that. There is a risk that the provider will not focus on the service in near future and their service quality will deteriorate

Vendor cultural risk

It is a philosophical discussion. It depends on the philosophy you believe in. Few believes, same behavioural partners will lead into the strong longer marriage and few believe the opposite. I have an unpublished paper on “Q-learning algorithm for a quick and better mutal understanding of marital partners in the east Indian arranged marriage culture”. Two years after my arranged marriage (I saw my wife a week before my marriage) I wrote this paper. This paper assumes that both partners have commitment before the marriage that no matter what happens, they are going to make their marriage successful. 

I will leave the vendor cultural risk assessment up to your belief. Whatever your believe, the vendor cultural risk must be assessment.

Vendor Geo-political risk

Majority of the outsourcing players are from India. Geo-political risk for an outsourcing project has been a factor all the time. When it comes the analysis of the risk and probability of occurance, it used to score very low. In the recent past, as mentioned in my previous blog, it is elevated.

Vendor take over risk

In the financial world, when a small fish swims with strong cash gills, the big fish will swallow for good.

The above identified risks are  the major risks I could think of. There are few risks like provider employee retention and etc.. Those risk can be amplified based on type of organization you are in. I heard many times that business knowledge like electronic fund transfer knowledge will be lost if the provider keep losing their employees. In my opinion, those are very insignificant risk because eft can be learned by any programmer very quickly. However there are areas like 3D drafting package development out sourcing. Systems like this needs extensive analytical geomentry mathematical knowledge, programming language knowledge, device drivers knowledge and etc. It is very difficult to get people with all the skills. Mathematicians with extensive computer engineering hands on experience with executive level communication skills.  The initial training for these kind of development would take 8 – 10 months. These are rare cases and I’m not going to expand.

Step V: Risk analysis

All the above identified risk should have:

  • Probabaility of occurance
  • Cost of business impact if the risk becomes an issue
  • Risk treatment
    • Avoidance
    • Reduction
    • Transfer
    • Retention (accept it)
  • A plan for avoidance, redution and transfer risk treatments

Step VI: Residual Risk Matrix

The residual risk matrix is a consolidated vendor risk exposure to the organization.

Step VII: Monitor Residual Risk Matrix

A dedicated team and process to monitor the residual risk matrix of the organization.

Step VIII: Reporting

Report the RRM to the CIO, steering committe and operating committe of vendor management for a proactive informated decisions.

Enterprise Collaborative Quotient

Better collaboration within IT will

  • fetch more innovation
  • improve team building
  • improve effectiveness & efficiency
  • reduce the over all IT residual risk
  • improve organization attitude

The above are top 5 value added imperatives a better collaboration will bring to an IT organization. Each one of the above adds value to the core business, saves IT G&A and minimizes the IT risk exposure.

How the CIOs and other senior executives will manage and measure the collaboration within their organization. We all familiar with Intelligent Quotient (IQ) and it is a measure how smart a person is? Likewise, an organization must have a metric to measure the collaboration  within their organization.

I was searching to find out what kind of metric is available to measure it in the industry. Based on my research, I could not find any metric to measure it. So I innovated a metric called enterprise collaborative quotient (ECQ)

What is collaboration?

Group of people working towards the same goal.

Why collaboration is needed?

IT has an organization goal every year (which is aligned to the IT strategy which supports the business strategy which supports the competitive strategy) and every member of the organization works towards the goal (Strategy focused organization). When a group of people working towards the same goal, to avoid duplication and ensure full coverage, collaboration is required within the organization.

What is the Enterprise Collaborative quotient?

Even though I prefer to have more mathematical way to calculate it, in reality, the formula approach will not work in management science. My famous saying is, it is not \pi r^2

However, a methodical approach is proposed to calculate the enterprise collaborative quotient. Let me make sure we understand why are we measuring this? To measure how the organization is working together towards the organization goal.

The structure to the problem is, what are the factors involved in measuring it. The factors are

1. Understanding of

  • the organization goal (theme),
  • the overall IT strategy (targets, performance measure,strategic objectives),
  • who is who (theme managers, initiative owners)
  • overall business bottom line
  • core values and company’s mission and vision

2. Frequency of

  • formal face to face meetings/discussion
  • informal face to face meetings/discussion
  • Impromptu face to face/phone/chart meetings/discussion
  • proposal of new suggestion/ideas for a target set for a different team
  • brown bag sessions
  • huddle meeting
  • skip level meetings
  • team meeting
  • town halls
  • 1:1 meeting with direct reports
  • special interest groups (boat club, motor cycle club, quantum cafe club,womens forum)
  • lunch meetings
  • dinner meetings
  • group activities (like community services)

3. Willingness to

  • Share knowledge
  • Listen
  • Challenge the obvious
  • care for others
  • be open

Based on types of the organization, the above factors can be used and information can be garnered by interview or survey. The weight factor can be applied based on the core function IT supports.

IT Risk Management – An Elevated view

Risk management is part of any management science. (period) Any good project managers do have a risk management plan of a project, team, organization and etc . Risk management plan is part of any management science (yes, I’m repeating myself to stress the point).

CIO‘s are part of the management team and any good (or even an ordinary) CIOs do have a risk management plan for the over all IT organization.

It is a basic principle of business, more risk more profit. At the same time, business is not pure gambling and some time it is calculated gambling. When it comes to gambling, it is taking the chances. When you take the chances blindly, then it is gambling and when you take chances after your due diligence then it is business. May be, I’m over simplifying it but that is the simple definition. If a bank wants to AVOID risk, the ONLY best way to avoid risk 100% is NOT to do business. That is, not performing steps towards their organization goal, mission and vision. Philosophical interpretation is, if you want no complaints then be nothing and do nothing.

Are we not take chances every day? Yes, we take chances every minute. I know some one do not agree what I’m saying. There is a risk of rejection from someone. To avoid it, the best approach is to stop expressing myself. By doing so, I can completely avoid the risk of rejection of my opinions but I can not accomplish my mission (Blog as much I can). The point I’m trying to make is, risk is part of any management science and it should be managed better.

How to manage IT risk better?

Residual risk matrix (RRM) for an IT organization risk is one of key metrics a CIO should have to have a clear picture on probability of exposure. Before I jump into the RRM, let me explain what are the key components of enterprise IT risk management?

Components of enterprise IT Risk management

  • Compliance Risk
  • Infrastructure risk (including data center and business locations)
  • Project Risk
  • Security Risk
  • Financial Risk
  • Technology Risk
  • Process Risk
  • Competency Risk
  • Vendor Risk (service providers like infra service, right sourcing, etc)
  • License Risk
  • Open source Risk
  • Business Risk

Steps to create an enterprise IT residual risk matrix (IT RRM)

  • Identify the known & known unknown risk for each components of the IT risk management
  • Device a mitigation plan for each identified risk
  • Identify the cost of the mitigation plan
  • Identify the probability of the risk occurrence
  • Calculate the risk at exposure (risk exposed to the organization after the mitigation plan)

IT Residual Risk Matrix provides an elevated view to the executive management on the exposed IT risk.