Reorganising the Reorganisation of the Organisation

We live in a changing, and challenging, world. If we weren’t sure about that before, we certainly are now. So where does Enterprise Architecture sit in the middle of all that change?

We could sit under the kitchen table with out hands over our heads and wait for the noise to stop. We could run out into the street screaming and shouting and generally getting hysterical. Neither fit our style. Instead we chose to continue doing what we do in a controlled, calm and professional manner.

Why?

Because all of this change that is going on only serves to remind me that Enterprise Architecture is needed even more than ever right now. We have the vision, we have the blueprint, blimey – we even have principles! What more could you ask for when looking to answer the tough question that is being asked of us all – “How do we continue to provide the services that the citizens of Devon need, using 25% less resources and with 25% less people?”

My answer to that would be to be clear about what you are trying to do, to do it once, and do it in the most efficient way possible.

Reminds me of the good old days of TQM! In those days though, times were good and resources could be thrown at a problem – sorry – opportunity!

Today times are challenging.

As a team of Enterprise Architects we need to make sure that people take advantage of us (in the nicest possible way!). We need to ensure that everyone knows what we do, what our vision is, what principles are and how they can apply them to their part of the organisation. Personally, I don’t think that reorganisations should take place in silos. People should not be concerned about protecting their “patch”, we have one single purpose and we should be viewed as one organisation – a single enterprise.

Or, maybe, I am just trying to protect my patch?

From IT to Enterprise

Have you tried to reposition Enterprise Architecture out of IT and into the Enterprise? Any advice would be gratefully received!

We in Local Government are living through a time of re-organisation, re-focussing and re-budgetting. In fact our reorganisation is being reorganised as I type! Not an easy world to live in, but one that offers up hope and opportunity. Perhaps not for individuals, but certainly for the organisation as a whole. We have a once-in-a-lifetime opportunity to change the face of local government, and get away from the perception that most non-local government people have about us.

We will no longer be huge anonymous entities who do “stuff” that no-one can name. Almost every day now in the press there is talk of service cuts – not good, but bringing to the public’s attention the amazing, important and varied work that we do, usually quietly in the background – is good. More and more people are appreciating the role we play in society, be it big or otherwise.

Our personal circumstances find this EA team with an opportunity to show the rest of the organisation what we can do, and how we can offer true Enterprise Architecture. Over the next week or so we will be concentrating our efforts on developing our Services Model to communicate what that actually means. Currently it concentrates on IT as that is where we have historically sat in the organisation, and we need to expand it out to the whole. It is an exciting opportunity, and we are really looking forward to developing our thinking.

Meanwhile, we still need to ensure that our IT architecture holds up, and develop a new assurance model for the new way of working.  If nothing else, the start of 2011 is a busy one for us!

The Future of EA is no EA

An excellent blog post by Jeff Scott from Forrester on the future of EA has got me thinking about the most likely future state of EA in DCC.

The most obvious future and one which i entirely agree with is that EA as a function will disappear in time. My previous post about mainstreaming ICT functions supports this view as everything becomes a core business competency. But what happens between now and then and what direction are we really moving in and more importantly what direction will the organisation accept us to move in?

In my personal opinion i would suggest the there are two options which are most likely in DCC over the next few years and i think we are likely to end up with both of these scenarios:

Scenario 3: EA remains in IT, largely focused on technology architecture.This seems to be the most likely outcome for small to medium sized IT organizations. In this option business architecture will be developed primarily as input into the technical architecture. The key to success here will be for EAs to evolve from technology planners to true IT strategists.

Scenario 4: EA remains in IT but becomes more business focused.This model will be prevalent in medium to large IT organizations where IT has developed a strong partnership with the business. Here, EAs will be welcome at the business planning table and will be well regarded by business and IT for their ability to match business needs with IT capabilities. The business architecture focus here will be business-IT alignment. EA’s resources will be about evenly split between BA and technology initiatives. Successful architects will be very business savvy but keep their technology roots.

There are some justifications behind my thinking which i will share with you now.

Scenario 3
The likelihood of this future is related to a number of key factors – the ability for the EA team to maintain business people within it.  If this is maintained then this future will become less likely, however without real Business engagement and acceptance across all areas of the organisation to the benefits of Enterprise Architecture as an approach and not just conversations between ICT people and Business people trying to bridge the gap, then we will inevitably resort to Technical Architecture work.

Scenario 4
The likelihood of this future is already taking shape, our new ICT strategy is very much business focused and we already have a team in the business who are leading on Information Architecture. The challenges for this scenario however are again the ability of the team to engage with Business people and to maintain the business skills already developed in the team. However i would suggest that over time the focus of the team will be driving the technical architecture in response to the business. I also think that the business architecture function will not only be about Business/IT alignment but the architecture of the IT function itself.

If we get to a point where the IT function has had appropriate levels of business architecture then it would seem a likely next step to embrace Scenario 1 and 2 – The EA team disappears as a unique function and is absorbed totally by the Business as a core competency.

In my humble opinion we would have succeeded as an Enterprise Architecture function if this outcome is achieved.

No Overall Control – a Future State of ICT

With all the continual talk about how ICT connects more with the Business and how the Business needs to understand ICT more, I have started to think about where all of this will inevitably lead us, plus you hear people say “if we could only solve this problem we would start to get more from our investments in IT”

I’ve had some great conversations with my colleague Martin Howitt about this topic and i want to share some of our thinking here.

Lets start with some of the key drivers impacting and changing Corporate ICT in organisations and in particular the Public Sector:

  • The increasing pressure on budgets and the predicted heavy cost savings and budget reductions
  • The growing influence of knowledge workers and generation XY, the increasing influence of consumerisation, social media and web 2.0 tools
  • The impact of the Cloud and the “stuff” as a service approach
  • Higher levels of IT competence and awareness of technology in general
  • Lower barriers to development tools, eg WordPress, Yahoo Pipes, Drupal, Joomla etc
  • Mobile devices and smartphones have increased information and data exchange and is driving location based, real time requirements for knowledge.

From an organisational perspective however the above creates new risks to be managed and mitigated, new security approaches that meet security standards and frameworks that enable lower cost delivery and information assurance.

This however does not reflect the current state of most corporate ICT functions across the public sector – understandably so – there are huge pressures to simply maintain services and “keep the lights on” around ICT costs.

But this just continues and encourages the separation of skills, so that ICT manages and decides ICT investment and the Business states the requirements and writes the strategies to provide direction.

To really address the gap between people in ICT and people who work in the Business (people outside of ICT) you actually need to start moving the competencies that IT Professionals have into the Business. There has already been a lot of work on mapping and identifying skills and competencies in this area. SFIA (Skills for the Information Age) on its website states:

The Skills Framework for the Information Age (SFIA) provides a common reference model for the identification of the skills needed to develop effective Information Systems (IS) making use of Information Communications Technologies (ICT). It is a simple and logical two-dimensional framework consisting of areas of work on one axis and levels of responsibility on the other.

Via Skills for the Information Age SFIA

The SFIA framework defines 7 levels of skills: follow, assist, apply, enable, ensure/advise, initiate/influence, set strategy/inspire.

So if a whole load of ICT competencies actually sit outside the ICT department, what effect does that have on both the external departments and the internal ICT department?

The aim is to enable better exploitation of the technology now available to us in order to cut the costs of doing business, do business better, and all that good stuff.

The new Business User

  • understands their business (as now)
  • understands the IT they are currently using
  • is on the lookout for better ways of working
  • understands the value of what they are doing
  • understands how ICT helps increase that value

In terms of the SFIA framework this means skills up to and including level 3 (or maybe 4) of the SFIA framework with large elements of infrastructure and delivery either provided by business users themselves, outsourced to the cloud or provided by an in-house delivery section (this is what the old IT department looks like).

JP Rangaswami has posted on the Facebookisation of the Enterprise which sets out the core functions that a ICT Department would need to provide  an element of management /governance around.

  • Simple self-service signup – Access
  • Set of directories, and ways of adding to them, searching them, extracting from them.
  • Tools to classify the elements of the directory.
  • Communications tools.
  • Tools for scheduling events.
  • Provide a News Feed. And ways of managing the firehose
  • A developer platform with the appropriate controls and service wrap around it.
  • Via Confused of Calcutta – 3 Posts on Facebookisation of the Enterprise

So the new Business User needs a re-factored IT department to allow the business to generate value from this core solutions architecture. This Department:

  • Researches new trends and provides analysis of strengths, weaknesess, opportunities and threats to the whole business including IT
  • Provides analysis of performance across the business and where ICT Investments add value and deliver business outcomes
  • Provides consultancy ensuring that the exploitation of IT Investments are realised across the whole business
  • provides Portfolio Management of IT and all internal investments
  • Models the organisation – Ensuring the architecture of the enterprise is fit for purpose – Business Architecture, Information Architecture, Technology Architecture, Security Architecture, Solutions Architecture etc
  • Ensures standards for procurement and support – e.g security architecture for / cost benefit analysis
  • Provides or signposts relevant resources for learning and development around new technologies and solutions
  • Provides assurance that projects meet and contribute to corporate strategy and business plans

In local government, this can be a tall order. To some extent we rely on external bodies (such as SOCITM) to provide a level of analysis to underpin the work and we have to re-use existing models like the ESD toolkit to aid in the modelling. We get some security standards from bodies like CESG (via brokers such as Government Connect) but there is no overarching CIO body for local government in the same way that, for example, John Suffolk acts for central government departments. The Government ICT strategy should, in our view, be setting all this out to enable adoption of new cost-saving delivery models like the G-cloud – which should in term be providing the sort of infrastructure that forms our common solutions architecture.

However without any real central leadership for local government, we will only ever approach this challenge in isolation and miss the opportunity for fundamental and radical cost savings.

Emergent Governance and Enterprise “Business” Architecture

As an Enterprise Architect, you would think that the current financial situation would probably provide the most appropriate climate for Enterprise Architecture – and you would be right. However in the current UK Public Sector context we need to ensure even more than ever that we can consistently demonstrate not just to our managers, but our managers, managers, that we are offering and delivering value across the whole Organisation and across the Enterprise (in local government terms this can include our partners).

The challenge that we face is two fold:

1) Our constant communication and stakeholder engagement challenge – we have plans to communicate and methods for engagement, but we also need to build trust around our deliverables and that is not always in our control, as we don’t provide project/programme management. We do however provide assurance, but we are still developing this alongside the wider governance framework.  It is also not always that easy to simply say that just because we want to encourage and develop re-usable IT components and provide a more agile IT infrastructure and development model that business stakeholders will see you delivering value. These aspects take time and require an Enterprise Architecture programme to be delivered from start to finish. It doesn’t happen overnight, well not in the Public Sector. What the business generally wants is results and not just results but results NOW. They often see more value in project management, although some still think that is a luxury within projects.

The following is an extract from Rik Laurens from CapGemini who outlines this in a much better way that i do.

Projects are managed by projects managers. And good project managers do what they are paid for: reach a predefined target, within time and within budget. It’s good that we have them. And they should stay. But today we are not only interested in a bunch of stove-piped project deliverables anymore. We want re-use of IT assets across projects and we are more than ever interested in project deliverables that are interoperable across the enterprise and beyond and play a role in a broader context. Yes, we still love our project managers that focus on a particular scope and protect that particular scope. But in this era of cloud computing, interoperability, re-use and agility we also need a strong, corporate body that safeguards that the projects are not only doing what is good for the projects themselves but also (or more importantly) do what is good for the enterprise as a whole.

via nterprise Architecture: The Only Way Forward | Capping IT Off | Capgemini

2) We are not always seen as “Enterprise” Architects, mostly we are seen as IT Architects of one kind or the other (we are based within Corporate IT) and that is a boundary that most of the organisation is comfortable with.  This is a big challenge as my role within the team along with a colleague is to develop for the first time an “Enterprise Business Architecture” (EBA).

The EBA challenge is in my opinion a similar one but one which in order to build trust and build some momentum requires a different approach. It is important to acknowledge that we have an agreed Enterprise Architecture programme and have Governance around this but it needs developing and adapting to ensure that it meets the needs of the other architectural effort we are doing. (Information, Technology, Solutions and Business) This is where i believe to help gain some traction and some buy in around “IT people” getting involved in Business issues, we need to find a back door in.

I have thought about this for some time and i’m not sure whether or not it is the right thing to do, but i guess the right thing can only be measured by the type of organisation you work within.

I believe that Governance is the key to unlocking the potential of Enterprise Business Architecture in my organisation and that if we as a team can define, model and deliver a framework of governance that actually supports the over programme. It is worth noting that our Enterprise Architecture team is only 2 years old, so i consider all of what we have done a remarkable success all things considered, but we always want to do more.

The key to governance in my opinion is ensuring that we understand what form of governance we wish to support alongside the type of participation model the culture currently allows. I have posted my thoughts on a Governance Ladder on my personal blog. However in this context we need to ensure that our governance framework is Agile and allows for “Emergent Governance”:

The notion of  emergence, where intelligence is manifested from a collection of minds, is a core concept in chaos theory and the underlying principle in James Surowiecki’s  The Wisdom of Crowds. Scientists have long noted that, on average, the assessments of a crowd are more likely to be correct than the proclamations of an individual expert. From Elisabeth Noelle Neuman’s work on predicting election outcomes ( The Spiral of Silence), to the  central limit theorem that underlies statistical sampling methodology, the emergence of intelligence from large groups has been well established.

The exciting opportunities for governance presented by social networking and collaboration technologies are palpable. The election of a president who understands this potential portents a new golden age for democracy. Perhaps

via Emergent Governance: Who Needs Bees When the Grassroots Swarm the White House

The interesting aspect and similarity i see here is that we have recently undergone some dramatic changes at the top of the organisation. A new Political Administration and a number of our Corporate Management Board retired, this presents opportunities that must be explored and pursued. So with the challenge set out, we now embark on the journey.

Doing the right thing – Todd Biske» IT Needs To Be More Advisory

An excellent blog post by Todd Biske.

IT needs to change its fundamental thinking from provider to advisor or be at risk of becoming irrelevant.

via Todd Biske: Outside the Box » Blog Archive » IT Needs To Be More Advisory.

What i find interesting about this post is that it supports what we are trying to do here in Devon with our Enterprise Architecture Team.

The key point about moving from provider to advisor is as Todd says “stating the obvious” but it clearly does require a fundamental shift in thinking not just within ICT departments but within the wider business as well.

Todd writes:

To illustrate this, take an example from the world of financial services. A broker may simply be someone you call up and say, “Buy 100 shares of APPL at no more than $200.” They are a provider of stock transaction services. A financial advisor on the other hand, should be asking about what your needs are, and matching those against the various financial offerings they have at their disposal. If they don’t understand client needs or if they don’t understand the financial offerings, you’re at risk of getting something sub-optimal.

This is correct, however in a work context, someone has to know that they want an advisor and not a broker, so part of the challenge is shifting the perception of the entire ICT function in the organisation from “provider” to “advisor”. This requires educating and working with your internal customers and delivering value in an advisory role. We believe that our Enterprise Architecture function is part of this transformation here in Devon.

Time will tell but it is reassuring to hear people such as Todd state the obvious and support your efforts.

Are you risk averse?

Back in the mists of time when I started working in local government, I was assured by experienced staff members that the council was a very risk-averse organisation that wouldn’t take kindly to any fancy new ideas.

Well, I’ve come to realise that nothing could be further from the truth: local government takes enormous risks all the time – they just don’t see them as risks.

So what do we mean by risk? In information security it’s often expressed numerically:

Risk = impact x likelihood

This simple equation tries to capture the essence of the risk decision: if a system has a vulnerability then it may or may not be easy to exploit. If it’s easy to exploit then the “likelihood” number goes up. If the consequences of that are major, the “impact” number goes up. Even if you use a totally arbitrary way to determine these numbers, you still end up with what you want: a prioritised list of risks so you know which ones are the most serious so you can tackle them.

Great. So why do I have a bee in my bonnett about it?

It’s just that we choose to ignore some risks and blow others out of proportion. Software vulnerabilities are well-understood and get a high profile – I’m not complaining about that – but risks in other areas, like the software portfolio or HR policies, are not. So what are these risks?

In the software portfolio, a number of things could happen: the supplier of the software may go out of business, hike licensing or support costs, lose a key member of staff, or decide to retire the software you are using. In HR any new policy carries the risk that a key member of staff might get the hump and leave. There is demographic risk that younger people won’t want to work for you leaving you with a skills shortage in key areas: the economy might take a nosedive (the very thought!) leaving you with drastically reduced budgets.

The possible sources of risk are actually as infinite as the universe. In many organisations it is the IT department that deals with IT-related risks, but what if a reduction in the risk in some IT area (for example a tightening up of policy on, say, removable media) leads to an increase in the risk carried by another area (as workers decide to use Google Wave or a social media platform to share documents instead)? This is known as risk asymettry.

There’s also the risk of doing nothing. Sometimes this is greater than the risk in doing something, even something radical, but our brains are programmed to favour stuff that is familiar so we mentally downgrade the risk of doing nothing: this can lead to some pretty nasty situations. I’ve seen projects and applications carry on many years beyond the point at which they were starting to cause instablity in other parts of organisations, simply because the risk of carrying on as before hadn’t been properly calculated and compared with the risks involved with change.

These issues can only be sensibly resolved if the risks are owned in the right place and practical frameworks are adopted to ensure that as many risks as possible are factored into decision-making. This might sound like a lot of red tape, the nanny state, health and safety gone mad etc etc but actually it’s just common sense. If you put your hand in the fire, it will get burned. If you don’t take it out again, it’ll get burned some more. Oh and by the way, we don’t solve the problem by putting the fire out: you must take your blinking hand out!

Risk-based decision-making doesn’t have to be always favouring the conservative approach. It can liberate you as well by enabling you to take decisions you wouldn’t otherwise have taken because you were afraid of the unknown risk. We recently had a supplier down to talk to us about moving to an open-source model for our software: at first sight this is a major change and fraught with danger and difficulty. But if we understood the risks we were currently running with proprietary software properly, then maybe it would look less risky by comparison (please note: I’m not saying this will happen, it’s just an example).

Thankfully my organisation is moving towards a much more comprehensive view in many of these areas as we implement ISO27000. But many organisations are still stuck in an emotional mindset: you only have to look at the banking system to see what happens when all risks aren’t factored in to decision-making!

I feel that risk is a very powerful concept when it comes to aligning IT decisions with the business because it shares a common language and a common goal. IT must realise the risks that it loads onto the rest of the business by making changes (sometimes very minor ones) – but the business must also step up and own all the risks (including the IT ones) in their respective service areas. This forces realistic IT decisions to be made as it becomes clear that risk cannot be outsourced, and procurement, training and whole lifecycle costs naturally get a higher profile in decision-making than before.

GartnerSym 2009: Back to the future with pattern-based strategy

“The general who wins a battle makes many calculations in his temple ere the battle is fought. The general who loses a battle makes but few calculations beforehand. Thus do many calculations lead to victory, and few calculations to defeat: how much more no calculation at all!” – Sun Tzu, The Art of War

I was lucky enough to get the chance to attend the Gartner Symposium and ITXpo in Cannes this year, as a guest of SOCITM. I’ve blogged about my experiences in another post, but the event was notable for the introduction by Gartner of a new strategic framework – pattern-based strategy (TM).

According to Gartner, pattern-based strategy(TM) is a “new IT value model …that is about implementing a framework to proactively seek, model, and adapt to leading indicators, often termed “weak” signals, that form patterns in the marketplace – and to exploit them for competitive advantage.”

As an EA I try to align my approach with whatever style of strategy is dominant in my organisation, and so new models of strategy are a source of constant joy to me (see my previous post on EA styles): I was excited to hear about Gartner’s new sauce.

PBS leverages some pretty impressive technological advances: one of the conference sponsors, Autonomy, is a specialist in analysing patterns in information for meaning. SAP, whose CEO was interviewed in one of the keynote sessions, believe in in-memory databases to enable realtime analytics. All this is made accessible by that old chestnut, Moore’s Law: the advances in computing power now bring large scale analytics solutions within the reach (and budget) of many more reasonably-sized organisations.

Gartner argue that organisations must seek new patterns in the morass of seemingly random data now available to them from “the collective” (the sum total of all structured and unstructured conversations in social media platforms, databases, and other information both inside and outside the organisation), provide models of how the organisation will be affected by these patterns, and provide roadmaps for adaptation of the organisation to optimise their strategic position in the future. The phrase “optempo advantage” is used to describe the ability of an organisation to change rapidly, and this phrase comes from the US military. Which is a bit of a giveaway….

… Because I believe that, while the technology might be new, this approach is actually very old. The strategic style of PBS seems to fit neatly into the “positioning” schools as defined by Henry Mintzberg – analytical approroaches to strategy initially conceived by Sun Tzu, developed by military thinkers like Carl Von Clausewitz  and popularised in business by Michael Porter in the 1980s: the only difference is that we now have access to better analytics.

It’s interesting to me that we seem to be reverting to older models of strategy formation: the only explanation I can think of is that economic pressure is forcing more short-term heuristic thinking within industry – Porter’s ideas were popularised at the time of a previous recession, and perhaps we are now seeing a retrenchment of these older ideas.

Another theory is that this is actually a reaction against the democratising forces of web 2.0 and “digital natives” who are threatening the status quo in many industries. The metaphors of the analytical school are military: we are seeing entire industries fighting for their lives and using the “big guns” of analytics to gain tactical advantages over their competitors.

Another possible reason is that the business of analysis itself is under pressure: in a recession, insight and long-term thinking can be near the top of most lists of “non-essential budget items we could conceivably cut”. The analytical school was very popular in creating the management consulting industry as we know it today, with the creation of McKinsey and the Boston Consulting Group: perhaps Gartner are hoping that Pattern-based strategy will have a similar effect on their own fortunes?


Lost In Translation – The trouble with Business/IT Alignment

One of the biggest challenges with business transformation and technology enabled change, is the ability of both people in the business and in IT to sit down and have a conversation with each other and for that conversation to be fully understood by all concerned. Ok, there are many other challenges such as benefits realisation, programme management, culture change, but aren’t they all people based and therefore conversation based?

Now i am simplifying this somewhat but it is a challenge that people in IT and that includes me now (my previous role of corporate web manager was based within corporate communications)

To give an indication as to the issue i thought i’d use a video from you tube. It is 40 seconds long and is about the German Coastguard.

What i find interesting about this video is that for me it kind of sums up the challenge faced by IT. In the video the guy has all the technology he needs in front of him to do his job and support a wider network of other professionals, who all have the same goal (save people). However with all that technology what lets the person down is the ability to understand the “customer”.

The ability to have “conversations” is becoming the new skill that people require in order to support change. Now i also want to make the point that people in the Business also need to learn how to have better and more productive conversations with people in IT.

Now having worked in the Business for some time, i can already hear people saying “Why should i learn how to interact with IT?” Well the answer is simple, as the pressure of budget reductions increases, technology will become even more critical for progressive business transformation across organisations. It is therefore a priority for Business people to get a real understanding of the applications that support their business and the opportunities they present. If Business people can’t do that then we end up losing the opportunities as they get “lost in translation” between IT people (who don’t understand business) and Business people (who don’t understand IT).

This is however a journey we all have to make together, as a partnership, a fellowship, a collaborative effort, whatever the terminology we decide to choose. Like most journey’s the value is not the destination but what you learn along the way.

Culture Clash

What wins: the unstoppable force, or the immovable object?

Recently we’ve been engaged in a process, like many local authorities, of connecting ourselves up to the Government Secure extranet. In order to do this (and access a range of applications hosted by central government and other agencies) then public sector bodies have to clear a number of hurdles in the form of the Code of Connection (CoCo) – a list of security standards that we have to meet in order to provide assurance that the sensitive data that will be carried will be secure.

So far, so sensible. But there’s a problem: the rules (devised by the Government’s security wing, CESG) state that a local authority must own the equipment that is being used to access the service. That is the immovable object in the opening statement of this posting. So what is the unstoppable force?

The consumerisation of ICT has been on our minds for a long time, and even more so with the advent of cheap (or free) cloud computing services like Google Apps. If the ICT department can’t come up with solutions that satisfy the requirements of ease, speed and convenience demanded by today’s digital natives, they will simply move their data somewhere that does. To this end IT strategy has largely been about providing fast access on any device, from any location, to data.

So we have a problem: how can we enable these consumer devices to access our data whilst protecting the security of our connection to the rest of government?

Possible answers include segmenting our network to provide services to unmanaged devices on one side and fully managed services (including public sector network) on the other. But this is expensive. Alternatively, some argue that a bootable device (like the BeCrypt trusted Client) could be used to provide a trusted platform on any machine to access secure GC services. We don’t yet know if these solutions pass muster with CESG though: so stay tuned.

We’re really interested to know if other local authorities have dealt with this problem and if so, how they’ve gone about mitigating the downsides.