05 Institutionalization Flashcards
What is Sourcing and IT Sourcing?
-
Sourcing: constructed from “resource” and “using”.
- 3 types: outsourcing, insourcing and backsourcing.
- IT outsourcing encompasses the allocation of IT-related resources outside the organization. These resources can be either part of the IIS (informational and technical) or the IF (human).
- IT outsourcing may refer to:
- IIS or parts of it together with human resources needed to operate/maintain them
- IF responsibilities only (outtasking): development, deployment, HW/SW ops and maintenance
Define the (3) types of sourcing:
- Outsourcing = outside resource using (from inside to outside)
- Insourcing = inside resource using (from outside to inside)
- Backsourcing = backward sourcing (from outside back again what was inside before)
What are the (5) top motives for IT Outsourcing?
-
Cost reduction
- Reduction of production costs, predictability of IT costs, reduce capital investment, increased liquidity.
-
Standardisation (of processes, IF)
- Reduce problems in IT operations and development
- Enable rapid developments
-
Core competence focus
- Focus on core business, core competences, fill gaps in IT resources
-
Flexibility (avoid fixed costs)
- Flexible access to skilled staff and rare specialist IT skills
- Obtain human resources/skills not available internally
-
Enhanced quality (through external know how)
- Enhance quality of services
- Overcome structural-capacity bottlenecks
What are the main disadvantages and risks of outsourcing IT?
Main disadvantages and risks of outsourcing IT:
-
Cost-related factors:
- Coordination costs often ignored
- Hidden costs (staff transfers, renegotiation, contract supervising)
-
Strategic factors:
- Loss of flexibility (sudden changes in technology vs fixed contracts)
- Loss of decision authority and control over tech/data
- Vendor lock-in due to switching costs
- Danger of fraud (contract breach, intellectual property risks)
-
Skill-related factors:
- Loss of critical knowledge and in-house capability
- Loss of touch to latest technologies
- Demoralisation of critical IT staff (no challenges and long term career prospects)
Describe the (4) main Pro/Contra Outsourcing statements:
Aspects pro/contra outsourcing:
-
Costs
- Pro: better cost situation dute to synergies and scale effects, fixed costs turned to variable ones, liquidity, planning.
- Contra: providers aim for profits, coordination/contracting/control costs can be understimated.
-
Know how
- Pro: flexible access to expert staff, broad spectrum of IT know how and competencees
- Contra: imparing internal IT development, less motivation for IT staff, danger of insufficient/outdated vendor skills.
-
Flexibility
- Pro: scalability of services in quantity and quality.
- Contra: inflexible contracts can be difficult to adapt to sudden changes, vendor lock-in.
-
Risk
- Pro: risk is shifted to the service provider (uncertainty and tech risks)
- Contra: loss of control/accountability, opportunistic behaviour from service provider could take place.
What are common IT Service (outsourcing) offers in the market?
(What? Outsourcing domains)
- Computing power and storage capacity
- Data centre services
- Telecommunications and computer network services
- Workstations and server maintenance
- Desktop services
- Application development
- ERP introductions
- Operations and maintenance of applications
- Software-As-a-Service
- Technical user support
- Security and emergency services
Name the functions often successfully outsourced:
(What? Outsourcing domains)
- Operation and maintenance of standard software applications
- User support
- Application software development
- Data centre operations
- Deployment of desktop computers
- Computer network operations
- Telecommunications
- Server maintenance
- Technical support
- Security management, disaster recovery
Mention the functions that are often problematic to outsource:
(What? Outsourcing domains)
- IS Strategy development (confidential details, opportunities lost)
- IS/IT Portfolio Management
- Information Architecture (important and critical to know your own infrastructure)
- IT market analysis and supplier selection (capture knowledge from past projects)
- Vendor contracting and supervision
- Contract and relationship management
- Management of IS innovations
* Rule of thumb: risks of outsourcing are higher at higher levels of managerial decision making.
Provide some key outsourcing examples on the matrix of the externalisation of IIS and IF:
(What? Outsourcing domains)
-
X axis: externalisation of IIS resources
- Provider
- Client
-
Y axis: externalisation of IF (IT Staff)
- Client
- Provider
Explain the relation between Ownership and Coordination mechanism:
(How? Outsourcing arrangements)
- Ownership types: make, hybrid, buy.
- Coordination types: hierarchy, partnership, market.
- From lower to higher ownership:
- Spot market (market: rely more on terms, agreements, penalties)
- Contracts (short-mid-long term)
- Co-operation agreements
- Taking share in IT service provider (partnership: mutual coordination and exchange of benefits)
- Formation of joint ventures
- Wholly owned subsidiary (spin-off)
- Profit-cost-service centre (hierarchy: more authority and self-determination)
- Insourcing
Describe the (3) outsourcing arrangements based on the location of service provider:
(How? Outsourcing arrangements)
Outsourcing types based on location of service provider:
-
Onshoring: onshore + outsourcing
- Outsourcing provider is based in the same country as the client.
- Example: onshore outsourcing, co-sourcing
-
Offshoring: offshore + outsourcing
- Provider produces IT services at a very foreign location.
- Commonly assumed: low-wage region/country located far away.
- Example: offshoring, offshore service centre
-
Nearshoring: nearshore + outsourcing
- Provider is based in a foreign location which is not too far away or has similarities with the client location (language, culture, education, legal system, time zone, economic develoment, short travel distance).
- Example: nearshorring, nearshore service centre
List the (4) types of client-vendor arrangements:
(How? Outsourcing arrangements)
Client-vendor arrangements:
- Single vendor relation (1:1) getting everything from 1 vendor
- Single vendor alliance (n:1)
- Multiple vendor relation (1:n)
- Multiple vendor alliance (n:n)
Explain the relation between Technology integration and commoditisation:
(Making sourcing decisions: Domain)
-
Integration (separation from the infrastructure)
- High (cannot be separated)
- Low (easy to detach)
-
Commoditisation (becoming an standard solution)
- High (easy to extract)
- Low (very specific solution, nobody or few others have it)
Explain the relation between Criticality to operations and Competitive relevance:
(Making sourcing decisions: Domain)
-
Criticality to business operations
- Useful
- Critical
-
Competitive relevance
- Commodity
- Differentiator
- Qualifier: Best source = Don’t outsource, have a closer look.
- Order winner: Insource = Produces money and advantage (don’t outsource)
- Necessary evil: Outsource = Just a comodity that is only useful.
- Distraction: Migrate or scrap = Kill it or discard it, it’s a distraction.
Explain the relation between In-house economies of scale and Skills:
(Making sourcing decisions: Costs and Capabilities)
-
Skills and practices
- Lagging
- Leading
-
In-house economies of scale
- Subcritical mass (service is not that big/representative)
- Critical mass (relevance, in-house economies of scale)
Explain the relation between Market cost efficiencies and Market capability:
(Making sourcing decisions: Costs and Capabilities)
-
Market cost efficiencies
- Inferior
- Superior
-
Market capability
- Inferior (the market is inferior to you)
- Superior (market capabilities are better than yours)
Explain the relation between Operational risk and Relational risk:
(Making sourcing decisions: Risk)
-
Operational risk (risk of service not being provided)
- Low
- Moderate
- High
-
Relational risk (if problems occur, how well can you deal with your partner)
- Low
- Moderate
- High
Describe the (6) phases of a typical outsourcing model:
A typical phase model:
-
Assessment of IIS/IF function
- Analyse service requirements, costs, service quality and processes.
- Screen IT service and outsourcing market.
-
Definition of outsourcing objectives, scope and form (why?, what?, how?)
- Define service quality required, price limits, charging, roles.
- Define inter-party relationship (roles & service processes)
- N-shore, offshore
-
Preparation of tender documents
- Writing requires specification, SLA draft
- Request for interest and prepare call for tenders
- Set up an evaluation team
-
Tender exercise
- Invite tenders
- Evaluation an pre-selection based on high level proposals
- Invitation of top providers
- Assess providers and select based on: company, service offering, relational fit
-
Contract negotiations
- Non-disclosure agreement (NDA) and letter of Intent (LOI)
- Define contract contents, responsibilities and contract monitoring
- Negotiate and sign the contract
-
Transition & relationship development
- Transfer knowledge, transfer IT assets and personnel
- Monitor and report, reviews
- Improve continously and invest in the relationship
What key elements should a call for tenders contain?
A call for tenders should answer core questions to allow for solid and comparable offerings by service providers:
- Outsourcing motivation and objectives.
-
Situation as is and intended future situation.
- IIS, IT assets, staffin (IIS + IF)
- Service requirements
- Business model and processes
- Mode of provider liaison/relations
- Process of outsourcing and limiting factors
- Criteria and process of selecting the external provider
What are the key elements of an Outsourcing contract?
In theory an Outsourcing contract includes:
- Service delivery (extent, quality (SLA) measurement, responsibilities, limitations..)
- Pricing (payment model, prices, penalties, bonuses, adaptation of prices, discounts..)
- Transition (time table, milestones, monitoring, assets, personnel number, salary and benefits)
- Termination (duration of the contract, reasons for extraordinary termination, consequences like fees and transitions)
- Additional agreements (exclusiveness, NDA, sub-contractors, cycles for adaptations and renegotiations, control and decision rights)
In practice, most of the time it covers:
- Costs
- Confidentiality
- SLAs
- Early termination
- Liability & indemnity
- Change contigency
- Suppler non-performance penalty
What are some industry trends (drivers) for Outsourcing?
Which one is the main one?
Outsourcing drives:
- Availability of providers offering reliable services
- Increased competition and decreasing service prices
- Specialization of professional service providers
- Information Technology has increasingly become a commodity (S-a-S, Cloud)
- Shortage of critical IT skills (mobile apps, BI, IT Sec)
- Rapid technology development and obsolescence
- More organizational experience and better competences in IT outsourcing
Top trend: cloud computing (on-demand self-service, broad network access, resource pooling, rapid elasticity, measured service). Private, public, hybrid or community cloud.
Software-/Platform-/Infrastructure-as-aService too.
Why the IF is considered to be a Cross-Sectional Function?
- The IF (also called IT Function) have tasks that concern:
- Planning
- Developing
- Running
- Maintaining
- … an IIS
- Also, an IF is a cross-sectional function, enabling other business functions. It does not only facilitate value-adding functions but also other secondary functions (like logistics).
Describe the Scope of IT tasks and provide some examples:
IF Tasks include managerial and non-managerial tasks:
- Executive task: strategy development, portfolio/programme management, project management.
- Technical & administrative tasks: user help desk, software development, cost accounting.
Examples of tasks types:
Managerial: Plan & control. SISP, business IT consulting, architecture planning, investment planning, IT service planning, portfolio & programme management, project management, supplier planning, disaster & recovery planning.
Mostly technical: Build. Requirements analysis, system analysis and design, database design, web design, software development, SAS introduction, IT/software/services purchasing, network design, IT rollouts, IT service design, supplier supervision.
Technical & administrative: Run. Data centre operations, systems maintenance, DB administration, user rights administration, data and information resource administration, user help desk, issue and problem management, operations monitoring, licensing, performance monitoring of external service providers.
Elaborate on this way of embedding the IF into the organization:
Centralization of the IF
IT personnel and resources are concentrated in exactly one organisational unit.
-
Centralized IF in a divisional organization (corporate + divisions)
- IT is located as a shared “service centre” in a corporate function, located in parallel to all other divisions (corporate finance, corporate purchasing, …)
- Not more than one IT unit within each Business Unit.
- More unrealistic, IT serving all divisions.
-
Functional organization (top management & main departments)
- IT as a main department
Benefits: economies of scale, critical mass (of IT/IS staff) for sharing expertise, common training, clear career paths and professional evaluation. Easier to enforce corporate-wide policies and standards.
Criticism: unresponsive to the need of individual business departments. IT professionals are mere technical specialists with little functional expertise. Danger of becoming insular and unaware of the business outside.
Elaborate on this way of embedding the IF into the organization:
Decentralized IF
(in a functional organization)
General features of a decentralized IF:
- Duplicated IT units which report to superordinate business functions
- No IT unit on the corporate level, therefore, no top unit that sets standards.
- IT units per-department (Production IT, Accounting IT)
Benefits: IT/IS professionals are also knowledgeable in the business area, funding is provided and priorities are set within the business units, objectives and measurement are the same for IT and business (don’t have to translate business measures to IT measures).
Criticism: huge redundancies without an associated value of backing up each other, IT departments will optimize for local business units rather than the firm as a whole, integration and adherence to corporate policies and standards are difficult.
Elaborate on this way of embedding the IF into the organization:
Blended IF
(Blended organization of the Information Function)
Central IT + Local IT in business functions = federal (mixing central and local decisions)
All decisions that affect the whole organization should be centralized, other minor decisions can be taken in the business units.
-
Pros:
- Central IT: IT vision, oversight and integration, economies of scale for shared services, critical mass of skills (expertise, backup).
- Local IT: responsive to business needs, closeness to business/users, BU ownership and funding.
-
Cons:
- Central IT: danger of thinking in IT silos, unresponsive to business and users, unresponsive to business and users, no BU ownership and funding.
- Local IT: no integration, variable standards, redundancy and few specialisation, reinvention of the wheel, local (sub-)optimisation of BUs.
Describe the structure of the traditional IS/IT department:
- A main IT/DP department
- IT controlling present
- Focused on data and typical user support, tools, development, systems.
- No presence of information and communication specific deployment.
Describe the structure of an extended IS/IT department:
- Information & Communication as main department
- Planning and control is present
- Information centre, information services + data management, dev tools, operations and support
- New Telecommunication & Data Network Management
- Focus extended: management of information and communication deployment
According to the practical recomendations from Gartner,
describe the 3 phases that occur in the IT/IS Department of the future:
Changing the composition of the internal IT Department:
-
Traditional IT
- Creating and operating technology, management of internal resources
- Technology is owned, budgeted. Skills from employees.
- IT success measured on create/provide/operate technology.
-
IS Lite (moderated outsourcing)
- In house roles: IT leadership, architecture development, business enhancement, technology advancement, vendor management.
- Technology provisioning and performance.
- Multi-sourced environment, enterprise services and outsource partners.
- IT success measured on service level costs and performance levels.
-
Lean IT (lightweight technology - highly outsourced)
- In-house roles: CIO, office of CIO, architecture (information, process/application, infrastructure sourcing), security risk mgmt., finance and measurement
- Creating productivity and capabilities that support strategy.
- Internal resources create value in a multi-sourced environment (enterprise, cloud, partners).
- IT success measured against changes in business performance.
Mention and describe the (6) types of IT/IS Committees:
-
Investment Committee (IT/IS Investment planning, IT/IS Portfolio management)
- Top executives, provides strategic direction, funding authority for major IT projects.
- Committee meets regularly to allocate/supervise resources to IT investments.
-
Steering Committee (also Board/Council) (IT/IS Portfolio management, IS Programme management)
- Senior executives with a regular schedule to review, monitor and re-direct major IT projects from cross-functional perspective. Reports to the board.
-
Programme/Portfolio Management Office (IT/IS Portfolio management, IS Programme management)
- Administrative personnel supporting portfolio and programme management with continuous controlling and reporting tasks.
-
Project (steering) committees (dedicated to single projects)
- A sponsor, business representatives and IT representatives to monitor the adherence of a project to time, quality and cost/budget targets.
-
Project Management Office (=/= Project Office!)
- Project management experts responsible for instituting and enforcing IS/IT project standards, procedures, methods and reporting across the entire organisation.
- PMO as a permanent organisational function independent of single projects.
-
Project Office
- Office of the IT/IS project manager, comprised of administrative personnel for controlling and reporting tasks.
- The PO is part of each temporary project organisation.
How IS Governance defined? What does it do?
IS Governance (IT Governance) concerns the mechanisms by which decision making on IT and related resources is ruled/takes place in organisations.
- Specifies the decision rights and accountability framework –> Encourages desirable behaviour in IT usage.
- IS Governance is an integral part of Corporate Governance (responsibility of board of directors and executives) and cosist on the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.
-
IS Governance supervises IS Management (Information Management).
- … supervises that more value from IT investments is obtained.
List and define the (4) IS Governance Mechanisms:
-
Formal Structure (taken from job descriptions)
- Mechanisms: IT Executives & accountants, Committees & councils
- Examples: CIO on board, IT Programme Mgr., Business advisory board
-
Formal Procedures (through processes)
- Mechanisms: SISP processes and techniques, Programme & investment mgmt. techniques
- Examples: IT Business cases, IT Portfolio planning, IT Programme Management, IT evaluation, SLA
-
Relational Structures (informal)
- Mechanisms: Stakeholder participation, Business-IT-partnerships
- Examples: Incentives for collaboration between stakeholders, Partnerships, Collocation of IT and business
-
Relational Processes (Informal)
- Mechanisms: IT-Business dialogue, Shared learning
- Examples: Shared vision and understanding, Active conflict resolution policy, Job rotation, Common training
Mention the different kind of success of the 3 different IS Governance Forms:
(Lessons from leaders)
-
More centralized = Profit
- Profitability via enterprisewide integration and focus on core competencies.
- Centrally mandated shared services.
- Low business costs through standardized business processes.
-
Blended = Asset utilization
- Efficient operation by encouraging sharing and reuse.
- Shared services centrally coordinated. Service oriented.
- Low IT unit costs, reuse of standard models or services.
-
More decentralized = Growth
- Encourage business unit innovation with few mandated processes.
- Local customized capabilities, few required shared services. Budget approval, risk management and local accountability.
- Local innovation with communities of practice; optional shared services.
Explain the (5) Decision domains of the MIT IS Governance Framework:
-
IT Principles
- Business principles translated to IT principles. IT role in business.
-
IT Architecture
- Core business processes and information that drives it. Technical capabilities standardized to support IT-efficient process standardization and integration.
-
IT Infrastructure Strategies
- Most critical infrastructure services. Service level of infrastructures, pricing. Keeping technology up-to-date. Outsourcing of infrastructure.
-
Business Application Needs
- Market/Business process opportunities for new business applications. Business needs and architectural standards, exceptions to standards. Owners of outcomes of projects and institutionalization of organizational changes.
-
IT Investment and Prioritization
- Distribution of IT Portfolio. Investment practices and stategic objectives. Assessing business value of IT projects after implementation.
Explain the (6) Governance Archetypes of the MIT IS Governance Framework:
MIT IS Governance Framework archetypes and decision or input rights:
- Business Monarchy = Business executives (CxO). Commitees, senior business executives (CIO). Centralized, driven by business.
- IT Monarchy = Individuals or groups of IT executives (CTO). Centralized, driven by IT.
- Federal = C-level execs and business groups (BU’s leaders, key process owners). IT executives may be additional participants. “Central-States” governments.
- IT Duopoly = IT executives and one other group.
- Feudal = BU’s leaders, key process owners or delegates making separate decisions for their respective units. Decentralized by Business Units.
- Anarchy = Each individual user makes separate decisions. No group decisions.
Graphically explain the MIT IS Governance Framework in relation to:
Governance Archetypes, Decision Domains (input & decisions)
- Designing IT Governance
Graphically explain the MIT IS Governance Framework in relation to:
Governance Archetypes, Decision Domains
- Choosing IT Governance Configurations
Elaborate on the IS Governance Industry Standards:
IS Governance Industry Standards
-
COBIT = Control Objectives for Information and Related Technology
- IT control objectives for use by business managers and auditors.
- Facilitates integration of IT Governance into Corporate Governance
- Became an international standard de jure.
- Gives pracmatic guidance on how to direct and monitor the activities of IM.
- Those who govern act as stewards and take responsibility for ensuring the organisation delivers what the stakeholders expect. Done by:
- Evaluating internal and external environment.
- Directing management.
- Monitoring operational performance.
Elaborate on the IS Governance Industry Consulting:
GRC: IS Governance, Risk, Compliance:
- Consultancy using GRC as umbrella acronym that related IT Governance to managerial responsibilities in Risk and Compliance.
- Consultants argue that the terms are closely related and should be integrated.
- Critically, these terms might lead to a confusion about the purposes and lenses of Governance, Risk and Compliance.
- “GRC” servers to market SW and consultancies their products and services.
