Jan Muchez “Refl ect on your sourcing policy”18

Magazine. Vol. 04, October, 2008.

Editorial: Bigger value? 3Enterprise Architecture: The architect’s role 4CIOnet Survey: Benelux CIOs take the lead in change 8Document management: Still a thorny issue 10IT governance: Value Creation 14Column: Refl ect on your sourcing policy 18IT security: Responsibility moves to the outsourcer 20Column: The fl exibility of IT 22

Bart Van den Bosch“Workfl ow condition for success”10

Luc Verbist“IT closely involved in the business”22

Jan Dobbenie “Banning ‘ad hoc’ development”15

David Robertson“IT focuses on short-term projects”14

3

The shortage of talent on the IT market remains a hot topic. With all the good work done so far by CIOnet, a number of professional organisa-

tions and the academic world, it’s time to ask ourselves if CIOnet could do even more, or if we could better focus our current efforts. As we consider these actions (see summary on the CIOnet website of Academia Belgica June 24, 2008 meeting) we should overcome two key issues that sub-optimise the interest in IT.1. It’s a left-brain-skewed profession, while a heavier right-brain injection would foster more inspirational innovation and marketing/communication of the job/achievements, in other words, the lack of interest in IT could result from lack of good marketing/communication.2. It’s a male-dominated profession, heavily underutilising the female talent pool while the work from home (e.g. 2-3 days a week) could be very attrac-tive to women (and could attract more males as well).

Here are some thoughts that hopefully will stimulate some dialogue and possibly additional action.

First, what can we do within our companies to make the IT function (and thereby the IT jobs) more attractive? Should CIOnet create additional Special Interest Groups, such as ‘Strategy Development for IT based Value Creation’, or ‘IT based Process Innovation’, ‘How to Organise Work from Home’, ‘How to Broaden IT into Business Services Management’.

Secondly, should we develop a more intense cooperation programme between CIOnet member companies and the academic world, by reach-ing out to students (not only in IT specifi c curricula, but also economics and other) with a well organised programme for internships, subjects for theses and projects, e.g. surveys on topics that are of interest to our CIOnet members and students.

Thirdly, should we work with the government to develop a strategy to stimulate our knowledge industry? Our de facto economic strategy is still focused on manufacturing and distribution, our roads are getting more congested every single day, while an IT based knowledge industry doesn’t require massive transportation and allows work from home more than any other industry.

I present you these brainstorming thoughts. Your comments, feedback and additional ideas are very welcome at jos.vanpee@cionet.com.

Bigger value ?

JOS VAN PEE Associate Director CIOnet

Editorial

4

Special feature

The architect’s role

According to Steven Van ’t Veld, Independent Principal Consultant at A/I/M bv it is quite

simple: most companies lack a real Information Architecture, with the emphasis on information. “Information is the reason why you have IT. If you don’t have information, there is no need for IT. It’s information that I want, and not data”, says Van ‘t Veld, and he points out the enormous growth in data over time, of which 75 per cent is a copy. “Information is a strategic resource for the busi-ness,” he continues, “and Information Technolo-gy is a tool.” But Van ‘t Veld thinks IT will vanish over time. “IT will disappear under the hood of the car”, he says. And that’s why organisations should care less about IT and more about their information. They will have to learn to determine exactly which IT solutions they want. The global trend of ‘outsource it’ should be stopped and or-

ganisations should only outsource what they cannot cope with themselves. They have to stay in charge and be able to manage what they do, whether outsourced or not. “Companies can never outsource the responsibility for their own information”, adds Van ‘t Veld.

In IT, there are too many architects. “It has be-come a chaos,” says Van ‘t Veld, “and that is why there should be an architecture of architectures. A meta-architecture.” He distinguishes three kinds of architecture within an organisation. At the bottom of his chart there is the IT Infra-structure Architecture. “There are only wires and software there.” At the top, there is the Business or Process Architecture. “Missing in this picture is the Enterprise Information Architecture”, says Van ‘t Veld, and draws this in between the Business and the Infrastructure Architecture, creating a triangle.

The Architects can be placed in this triangle; at the bottom the IT Infrastructure Architect, between infrastructure and business processes is the Enterprise Architect, responsible for Business Alignment, and at the side, there is the Enterprise Information Architect.

“The Enterprise Information Architect is an infor-mation specialist who operates with information as a corporate resource”, explains Van ‘t Veld. “Whereas the Enterprise Architect is an IT specialist who oversees the IT infrastructure and the added value for the business. He is, in other

There might be some confusion about the role of the Enterprise Architect in the organisation and his reach within it can be limited, but there is a real job for him. As we learn from a meeting, organised by CIOnet in the Netherlands.

PICTURESteven Van ‘t Veld, Independent Principal Consultant at A/I/M bv: “In IT, there are too many architects.”

Enterprise Architecture

>

PICTUREWouter Haasloop Werner, CIO of Maxeda, formerly active at Vitens: “Next time I would put more energy in attempts to get the business managers more involved.”

words, responsible for Business Alignment. And the IT Architect is someone who works with the technology within the IT infrastructure.”

Now where are these Architects within the organi-sation? At a strategic level we see the CIO and the Enterprise Information Architect. They are more or less on the ‘demand’ side. At the ‘supply’ side, we see the IT Enterprise Architect and the IT Infrastructure Architect, at a tactical level. “The Architect is a consultant; an advisor for the manager”, says Van ‘t Veld.

A Merger of four companiesWouter Haasloop Werner is now the CIO of Maxe-da. But he tells of his experiences in his job before that, at Vitens. At the time, Vitens was involved in a merger with three other companies, a process in which important decisions had to be taken. The merger was planned over three years. During the fi rst step we had to decide when to do what. For that purpose, Haasloop Werner made on big sheets of paper designs of possible future informa-tion system landscapes, and used these to start the discussion with his colleagues from the other parts of the business. “That discussion turned out in a big chaos”, he says. “It was too difficult to discuss the integration of the full company on a corporate level with all relevant managers involved. Besides that, most of them at that moment did not have the urgency to think macro and integration, but were busy making micro-plans for their own departments. At one point in time, the conclusion was inevitable that this was not going to work. So we stood back, looked at our designs and made our own choices. We designed a central architec-ture with a clear distinction between fully integrated information systems and more ‘loosely coupled systems’. We saw that the biggest, most central chunk was formed by the fi nancial processes. So we set ourselves the challenge to integrate all financial processes and in- and outgoing cash

fl ows in the fi rst year. And so we did. For the post merger integration planning this architecture became leading. Because obviously, when you integrate the systems for billing, invoicing and cash collection, salary payments, procurement and accounting, you integrate these business process-es as well. For decision making we made a fi nan-cial planning for integrating the systems. The whole approach was very successful. Within the fi rst year, all the fi nancial systems were integrated, and in the mean time there was an enormous positive impact on the IT department in the form of a build-up of knowledge, which resulted in a great self-confi-dence of the IT department. Our experience is that when you integrate information systems, the con-nected processes will follow. Choices concerning these processes are much easier to make in the context of an integration project, than in process design workshops. By taking this route, we man-aged to do successful projects in terms of time and budget.”

But there are certainly things that he would do differently a next time. So he shares his learning experiences. “On the positive side I learned that thinking in architectures can be very powerful. And with a project like this you get to know the power of the ‘intangible assets’. People do ‘grow’ and there you get something in return. And this is what I would do differently a next time. First I would put more energy in attempts to get the business man-agers more involved. Yes we tried, but maybe not

5

Special feature

hard enough. Having said that, I learned that it is very hard for people to look above their own abstraction level. This is indeed very complex and to oversee more than your own area, at a higher level, is for most people diffi cult. Next it is most important to understand the incentives of other people. Everyone has his own interests and you have to be able to place yourself in the other’s position. Then, I would focus more on external factors, such as reducing external risks instead of internal, and on gathering knowledge, creation and enrichment. Besides that, we could have made IT more visible within the company.”

Focus on TOGAFTom Van Sante, in his daily life Principal Consul-tant for Getronics PinkRoccade, reveals that he probably is the only real architect in the room, for at university he studied architecture – of buildings that is. And so he opens his lecture with the question what architecture is, by posing that question with pictures of buildings. The answers seem to be easy looking at a picture of a creation of the famous architect Frank Lloyd Wright, but the reactions from the audience get more hesitant with pictures of more ordinary buildings and a picture of houses in a slum. Then he shows the defi nition of architecture according to IEEE 1471: ‘The fundamental organisation of a system embodied in its components, their relationship to each other and to the environment and the principles guiding its design and evolution’. “I think there is still a lot of confusion about the

word architecture,” says Van Sante, “I never studied architecture to make architecture. I stud-ied architecture to help clients making beautiful and useful cities or buildings. And that by taking out the complexity with models and descriptions, and simplifying the process from idea to realisa-tion.”“Architecture is a process,” he continues, “as we look at Enterprise Architecture, we can defi ne the Enterprise as the organisation, or maybe a set of organisations with a common goal. And therefore Architecture is not only a description of a system, but most importantly it is the process to support its implementation. Enterprise Architecture is the process that helps organisations plan the future.” He again makes the connection with buildings, by describing how there the role of architects came into existence. “Once there was a time when there were no architects, there were just carpenters. But as the projects became larger and the number of carpenters increased, they had to communicate. And the one carpenter that took that job of ‘primus inter pares’ became the architect.”

The world is changing in a rapid pace, and with that, Van Sante sees the role of the architect changing as well. “The world is growing into all kinds of networks that are no longer manageable. The only thing that you can do is applying stan-dards, and continuing to understand what is happening”, he says. “The role of Architecture changes from pure design to the principles and policies within which future designs must fi t.” And that brings us to TOGAF. TOGAF, which stands for The Open Group Architecture Framework, is a tool that Architects can use in their daily jobs, and Van Sante happens to be one of the authors of the pocket guide about TOGAF. He explains the essence of TOGAF. “TOGAF mainly consists of three elements; it’s an Architecture Development Method or ADM, it’s an Enterprise Continuum, that’s a repository with building blocks that you can use and reuse, and finally it’s a Resource Base, a series of ‘best practices’. And the building blocks in the continuum and the best practices in the Resource Base are there to support the Architecture Development Method. But it is not the Holy Grail. It is a tool to build the process in your own organisation.”

Special feature

6

PICTURETom Van Sante, Principal Consultant for Getronics PinkRoccade: “The role of architecture changes from pure design to the principles and policies within which future designs must fi t.”

>

Data theft, hacking, denial of service. You can get hit anywhere, anytime. So, you need to protect your business�’ critical applications and increase the security and resilience of your infrastructure. After all, you want to minimise digital intrusion that can create financial damage, loss of reputation and reduced productivity. BT knows the threats you face. As a leading IT Services company, we help our customers to develop and implement a comprehensive security policy. With over 100 years of own experience, but also with the unique expertise of Infonet, Counterpane Internet Security and International Network Services (INS), BT can offer an unrivalled set of managed security services. Ranging from secure networking, threat management, intrusion detection, application security to consultancy services. So, with BT�’s security solutions you can think bigger about the future of your business.

Does your company have the best security?

www.bt.com/globalservices

For the third successive year, CIOnet conduct-ed a survey among its member CIOs in the

Benelux. Thirty-fi ve CIOs accepted the invitation to take part in the survey, answering thirteen questions online, ranging in scope from the actual interpretation of their job to their views about IT. The fi gures do provide a valuable indica-tion of views and trends. “To be able to position the Benelux CIO in a broader context,” says Johan Conix of West Trax, who carried out the survey for CIOnet, “we compared the results with the ‘State of the CIO’ survey conducted by CIO Magazine in the United States.”

Top prioritiesAn initial important observation is that both Benelux and American CIOs believe that aligning business and IT is their absolute top priority, just as they did last year. Among Benelux CIOs, improving the satisfaction of internal end-users was ranked second. The Benelux CIOs questioned also thought it important to rate the added value of IT and then tell other people in the company about it. For their part, Americans pay more attention to the issues of business continuity and risk manage-ment. One striking thing is that both surveys indi-cate that better cost management of IT is further down the list of priorities than last year.

If we look at the top priorities in terms of tech-nology, we can also see a number of shifts. Integrating existing systems and processes stands clearly at the top of the agenda for both Benelux and American CIOs. Last year, the Belgians still saw their top priority as being data security. Business intelligence has now climbed into second position. Areas such as service-oriented architecture, document and knowledge management also gained in importance. E-com-merce fell out of the top ten for Benelux CIOs this year, while it was slightly higher with the Ameri-cans, climbing to seventh position.

Leading changeIn terms of time spent, aligning business and IT still takes up the largest slice of the Benelux CIO’s available time. Leading change processes came second, followed by implementing new systems

CIOs in the Benelux are leading their companies through the processes of change. Cost-cutting and innovation generated by IT are having the greatest impact on business.

Views about ITBenelux CIOs take the lead in change

Survey

8

PICTUREJohan Conix of West Trax interviewed a panel of Benelux CIOs: “Benelux CIOs rate the effective value of IT more highly than their American counterparts. They also talk about it more within the company.”

and architecture in third place. Alongside aligning business and IT, American CIOs spend most time developing partnerships between business and IT, as well as improving operational IT activities. “Benelux CIOs see themselves fi rst and foremost as providing leadership for the change processes in IT within the company”, states Mr Conix. “The American CIO considers himself as a strategist looking at long-term plans.” American CIOs also attach great importance to their IT expertise. Those Benelux CIOs interviewed only ranked that particular skill in eighth place. Reducing overall business costs and supporting innovation were the two areas of IT considered to have the great-est impact on the company in the opinion of Benelux CIOs.

Budgets down for one CIO in fourAs part of the survey, CIOnet also asked about any changes to the IT budget. Upwards of 34 per cent of those Benelux CIOs questioned said they had an increase in budget of 1 to 9 per cent for 2008. This compared with 42 per cent last year. Almost 29 per cent of Benelux CIOs had a budget increasing by 10 to 19 per cent. Yet there were plenty of CIOs having to make do with fewer resources than last year. 14 per cent of respon-dents had budgets falling by 1 to 9 per cent, while for almost 9 per cent, budget cuts were anything from 10 to 19 per cent. Taking all the figures together, we can see that one quarter of the CIOs on the panel had to make do with lower budgets than in 2008. For our American counterparts, that fi gure was only 13.5 per cent.

Survey

9

INFOIntegrating existing systems and processes remains the top technology priority for Benelux CIOs. On the management side, aligning IT and business processes is still their number one concern and also the strategic goal on which they spend most time. These observations were revealed from the third successive CIOnet survey among Benelux CIOs.

10

Case study

Ahospital is required to store information about patients for twenty-fi ve to thirty years.

This means that the University Hospitals of Leuven has around thirty kilometres of archives. To opti-mise the use of those records, the hospital decid-ed to digitise the active part of its archives. Taken altogether, this runs to around a hundred million pages. So the hospital appointed an outside company, which is able to scan approximately 260,000 pages per day. “We have been working electronically for a while,” says Bart Van den Bosch, CIO of UH Leuven, “in conjunction with

paper documents: personal notes from doctors, letters of referral, certificates, insurance docu-ments, you name it.” When they are scanned, all these documents go to make up a totally elec-tronic set of patient records.

“Paper is not totally a bad thing”, asserts Mr Van den Bosch. “In fact it’s quite versatile. When a doctor neglects to fi ll in a box on a paper form, he doesn’t see an error message pop up. Or a sur-geon can use a piece of paper to make a sketch of the planned procedure. Paper is also porta-ble.” Which is why the hospital needed a system with benefits that outweighed those of paper. “The doctor needs to be able to navigate easily through the scanned documents. It also needs to be straightforward to view documents on the screen, otherwise there is a risk that the doctor will print out the digital file so that he can read what it says on paper. Which, of course, is not the aim of the system.” UH Leuven opted for one of its own developments. “The integration costs for an existing package are usually higher than the actual purchase price”, continues Mr Bart Van den Bosch. “The condition for success, of course, is that you develop a workfl ow in which you can genuinely put everything into the elec-tronic fi le. That means there are no more patient records where you might be lacking a particular paper document.”

Quality and budget controlA document management system is also one of

New document management solutions are making the classic fl ow of paper a thing of the past. These solutions provide greater effi ciency and better cost con-trols. The evidential value of digital documents still remains a thorny issue, though.

Still a thorny issueDocument management at UH Leuven, VDAB and RIZIV-INAMI

PICTURENancy Vercammen, VDAB communications manager: “The document management solution is linked to a workfl ow and a credit system. That both guarantees the quality of the communication and keeps costs under control.”

>

11

12

Case study

the most recent achievements at the VDAB (Flemish Public Employment and Vocational Training Service). This organisation supports two hundred local offi ces in their communication re-quirements, part of which includes leafl ets about local training courses. “To develop these local leafl ets, we used to work with a system of fi xed templates adapted to our house-style”, says Nancy Vercammen, VDAB communications man-ager. “But these templates were not a success, because there was too little difference between each leaflet, which meant that part of the message was lost.” The result was that the local offi ces came up with an uncontrolled number of their own designs. These home-made designs were often of low quality and did not fi t in with the values that the VDAB wanted to get across in its communication.

A document management solution with a work-fl ow system – hosted by partner Xerox – provided a new approach. Using a role-based web appli-cation, local offices can now create a leaflet design that goes into the central communications department for approval via the workfl ow system.

“At he same time there is a credit system linked to it”, explains Ms Vercammen. “Each region is allocated a budget for producing leafl ets. If they want to produce more, the money has to come from their own pocket. So the new approach pro-vides a double benefit. We can be sure of the high quality of the leafl ets, plus we keep our costs under better control.”

Electronic evidential valueThe RIZIV-INAMI health fund is responsible for funding healthcare. The payments made by the organisation include disability allowances and refunds on healthcare received by members. Last year this represented almost 28 billion EUR of refunds. To be able to do this, RIZIV-INAMI needs to handle huge quantities of information on a daily basis. Each year, the organisation processes 1.2 billion pieces of information and handles more than 500,000 active fi les. RIZIV-INAMI also has 2.5 million electronic documents and is respon-sible for managing a website that runs to 10,000 pages. “In our environment, a solution for docu-ment management fi rst and foremost has to be scalable”, says Alain Grijseels, CIO of RIZIV-INAMI. “It also has to be able to provide version manage-ment, conclusive workflow and security, plus functionality in terms of reporting.”

However, one important challenge lurking in the background consists of the evidential value of the electronic documents handled. “Dematerialising paper records is no longer a problem these days. But what about their evidential value in the longer term? Will a court grant evidential value to an electronic file in ten, twenty, thirty years’ time? Will it accept that the file really is a scan of a paper document that once had a real signature, but has now disappeared?” The challenge not only lies in the fact that an organisation may still need to produce hard evidence of content over the long term, but this is also probably not an easy task technologically speaking. “Today, there are documents in all sorts of sizes and formats”, says Mr Grijseels. “Will we still be able to view them easily in thirty years’ time? The challenge facing document management in the long term – especially in the area of documents that have evi-dential value – is that today we are looking mainly at procedures, and not just at the technology.”

PICTUREAlain Grijseels, CIO RIZIV-INAMI: “What about the evidential value of digital documents? Will a court in ten, twenty, thirty years’ time grant evidential value to a scan of a paper document that has since disappeared?”

PICTURE (page 11)Bart Van den Bosch, CIO UH Leuven: “Paper is versatile. A document management system has to exceed the benefi ts of paper. Otherwise the user will just print out the electronic fi les and work with those.”

>

HP Data Center Transformation Speed business innovationConsolidatedAutomatedEnergy EfficientVirtualizedResilientAgile and Flexible

Technology for better business outcomes

Let us help you build your next-generation data center.

Data CenterTransformation

ConsolidationData centerautomation

Businesscontinuity and

availability

Energyand spaceefficiency

4AA1-8986ENW, April 2008

14

The goal of Enterprise Architecture is to pro-vide a road map for enterprise innovation and

the blueprints for the desired enterprise business, information, and technology architectures. It reduces complexity, creates adaptiveness, and improves the overall leverage of valuable IT resources. This year’s Summit focused on Enter-prise Architecture and brought together a number of CIOs, academics and topic experts.

Operating ModelsIn his keynote, David Robertson, professor at IMD International in Lausanne and co-author of the book, ‘Enterprise Architecture as a Strategy’, stressed the importance of standardisation and integration of Enterprise Architecture. Standardi-sation simplifi es operations, reduces costs and increases effi ciency. It allows measurement, com-parison and improvement, and it accelerates innovation.

According to Professor Robertson strategic align-ment and innovation are making things worse. Strategic statements are either general promises (“build a leadership position”) or short-term oper-ational directives (“enter Chinese market”). They provide little information on long-term direction of the company. IT focuses on short-term projects with little thought to long-term needs. The result-ing architecture makes the company less fl exible in the future.

Innovation ‘bombs’ with short-term urgent dead-lines violated the integrity of the architecture. The result is a reduction of Enterprise Architecture to silos and spaghetti. David stressed the impor-tance of the company Operating Models. The operating model identifi es the core activities in a company. What activities need to perform repeat-edly, flawlessly and efficiently? What activities

Reaching value from IT activities is achieved through innovation that results from adequate enterprise strategy and planning. Evolving a business without an Enterprise Architecture is like fl ying cross-country without a fl ight plan. You may reach your fi nal destination, but with considerable risk and unknowns. Georges Ataya reports from The European Summit on IT Governance, a partnership event between Unisys, CIOnet, the IT Governance Institute and PwC.

PICTUREDavid Robertson, professor at IMD International in Lausanne and co-author of the book, ‘Enterprise Architecture as a Strategy’, fi nds that IT focuses on short-term projects with little thought to long-term needs. The resulting architecture makes the company less fl exible in the future, according to Robertson.

Value CreationThe new role of Enterprise Architecture

Special feature

15

were performed yesterday, and will be performed today and tomorrow? How standardised and integrated do they need to be?

An operating model should focus on the ‘sacred transactions’ of the company and should provide a stable view of the company. When addressing the issue related to the implementation costs of an adequate Enterprise Architecture, Professor Robertson indicated that if you have good engagement, most architecture efforts get funded through the projects. The projects need to do the work anyway, so all you’re doing is asking them to do the work in an architecturally sound way. The cost of doing something right is usually no greater, and often leads to overall savings for the project.

Enterprise Architecture is the organising logic for the core of the company in terms of Business processes and IT systems. When architecture is hindering the execution of Enterprise strategy and current IT alignment and innovation practices are making the architecture worse, defi ning the operating model is the necessary first step in creating the right architecture for the business.

To be successful, one must change his approach to architecture transformation: change project goals, prioritisation, process, roles, and manage-ment. Working together allows transforming the architecture at no additional cost.

Impact on Bottom LineDavid Tetlock, Vice President Corporate Tech-nology & Chief Architect at Power Financial in Canada, provided a perspective on how Enter-prise Architecture (EA) is evolving in response to business drivers. It adds value to ensure people, information, applications and infrastructure contribute to both the IS and overall Business strategy. He illustrated a full implementation of

Enterprise Architecture in his organisation where they reduced the cost of ownership of applica-tions and freed up resources for delivering new business capabilities. That was achieved through removing unnecessary redundancy and com-plexity in the IT environment.

IT landscapes are currently typifi ed by a collec-tion of integrated applications. It’s assumed that the achievement of an environment with charac-teristics resembling a single system would be much more agile and have a lower total cost of ownership versus its business capability ratio.

David indicated that new Enterprise Architecture helps organisations to resolve current questions. It addresses maintenance cost and predictability challenges by reducing the cost of ownership of applications and by freeing up resources for delivering new business capabilities. It resolves issues that result from lack of a shared vision and/or business support by determining an appro-priate target IT architecture for a given Line of Business (LOB) that is signed off and firmly supported by senior business executives.

Information RevisitedFor Jan Dobbenie, CIO at Nuon Belgium, organi-sations today face a global revolution in govern-

Special feature

PICTUREDavid Tetlock, Vice President Corporate Technology & Chief Architect at Power Financial in Canada, indicated that new Enterprise Architecture helps organisations to resolve current questions.

>

ance that directly affects their information man-agement practices. Access to reliable information has become an indispensable component of conducting business. In a growing number of organisations, information is the business.

IT within Nuon Belgium is based on the principles of cost reduction and of business value creation. No fundamental change in the CRM/ERP envi-ronment is planned for the next 2-3 years: no replacement projects and no large interventions in Siebel or SAP. Investments in the Nuon IT land-scape will be based on supporting and enabling business projects and on immediate business benefi ts, where !1 spent should bring a return of at least !1 benefi t.

The I! program, launched mid 2008, will provide Nuon with a cohesive Service Oriented Architec-ture (SOA) that will be implemented and adopted on a project-by-project basis (so no big bang!). The program is based on the cornerstones Inte-gration & Information. An Enterprise Service Bus provides integration by replacing point-to-point interfaces with real time interfacing. A Business Rules engine will govern all the orchestration and workfl ow. At the same time Nuon invests in a new enterprise data model and a new clean data

warehouse, both providing a single version of truth for the complete organisation.

The I! program is sponsored by the CEO and the complete management team. The big challenge is to change Nuon’s culture: from a start-up com-pany to a mature organisation. This implies dramatically reducing the number of change requests and banning ‘ad hoc’ development. Key in the overall governance is the role and place of the PMO, now reporting directly to the CEO and no longer to the CIO. This ensures a project agenda with fewer projects, more focus and a strategic top-down approach. The governance in IT is driven by the fact that all IT technical deci-sions need to be validated by the IT architect, which excludes more silo development. All IT people work according to architectural guidelines with approved exceptions where needed for business priorities.

PICTUREJan Dobbenie, CIO at Nuon Belgium, a company faced with the challenge of evolving from a start-up company to a mature organisation. This implies dramatically reducing the number of change requests and banning ‘ad hoc’ development.

Special feature

16

AuthorGeorges Ataya is Vice President IT Governance Institute and professor at Solvay Business School in charge of Infor-mation Technology Management. He is also Managing Partner of ICT Control NV-SA, a Brussels based consulting fi rm.

>

FEBRUARY 24!26, CANNES

REGISTER TODAYwww.vmworld.com/europe

Don’t miss the second VMworld Europe—where

thousands of your peers, technology providers and

industry experts from around the world will gather in

Cannes, France to experience the latest and greatest in

virtualization technology and business solutions.

18

The economic value of their customers is very often driven by becoming more effi cient and

more profi table. This generally means lower indi-rect costs expressed as a percentage of turnover. In other words we, the IT managers, need to sup-port more volume with less money.

Against this background, the concept of a true (strategic) partnership between an IT supplier and an individual customer is the most overrated con-cept in our industry. Over the long run we can never be aligned with our suppliers. Our and their interests are fundamentally contradictory. There is an easy way to test the true intentions of your supplier. Next time he uses the word partnership you propose to pay him with shares of your com-pany. See what happens.

This non-alignment observation has a number of practical consequences for our sourcing policy. The only way we can be aligned with a supplier over the medium term is to let him increase his footprint or ‘share of wallet’ at the expense of other suppliers. If we spend 100 euros between A and B in year 1 and we spend 80 with A and 0 with B in year 2 then we are aligned. A grows and we spend less, which means alignment. And there is no need to be aligned with B.

CommitmentThis analysis is the basis of our sourcing policy at KPN in The Netherlands. We start with defi ning a number of distinct areas within the application landscape (ERP, CRM, Business Intelligence etc.) and then we select a software supplier and often a system integrator for all new investments in each of these areas. Some of them get 2 or more areas and overall there is a handful of software suppliers and system integrators, each in their own area. We do the same for hardware and sys-tems software. This means that we do have a sin-gle vendor policy in each of these areas, but we have multiple vendors over all the areas com-bined. We then enter into long-term framework agreements (3-5 years) with these suppliers and we then give the system integrators 3-6 month assignments under the framework agreement and we never purchase software licences before the project completes. We basically promise them that the area is theirs, undisputed. The only reason to change suppliers in a given area is non-

The cornerstone of the economic value (the stock price) of IT suppliers is growth. The market cap of the major vendors is driven by their ability to conclude new contracts. That’s why they compete fi ercely for our business. Growth is everything to them.

PICTUREJan Muchez, CIO at KPN: “The concept of a true (strategic) partnership between an IT supplier and an individual customer is the most overrated concept in our industry.”

Refl ect on your sourcing policy

Column

Traditional procurement?

19

performance. In such a case we threaten them to take away a piece of their area and give it to one of our other vendors. They in turn guarantee long-term predictable pricing. For software and hardware this is expressed as a discount from list price (nearly always unrelated to upfront volume commitments) and for system integrators this is expressed as future target rates (blended on-shore and offshore rates ) that are decreasing over time (before infl ation). We attach more im-portance to their commitment to our sourcing model (e.g. by agreeing to price predictability) than to obtaining the rock bottom unit prices. Es-pecially with system integrators we try to give them gross margins of 20% and more depending on the risk they take and provided they deliver good performance. A system integrator who knows that good performance can yield approx. 10% of EBIT will pay attention to our account and provide us with best quality people.

Benefi ts and challengesIt results in a zero RFP sourcing policy. IT pro-curement is replaced by supplier relationship management. We basically save 6 months by cutting out the selection process for each and every initiative. Our people spend much less time talking to salespeople and they go to less user conferences. We have less architectural options to evaluate and the users have less infl uence on our supplier choices. We benefi t from continuity. We never have a system integrator criticising and redoing what the previous one has realised. We also have very little interface problems within the areas. We do not have to work with penalties. In case of non-performance on one assignment we recover the defi cit on the next assignment. Taken all of this into account we may not have the low-est unit price on each item or the lowest rate on any piece of work but we do have a very low total

cost. And we are aligned over the duration of the framework agreement.

Cutting out procurementThe challenges are mostly on the inside. In most of our companies we have this dominance of pro-curement people. You have to convince the ex-ecutives in your company that after the initial se-lection you are basically cutting out the role of procurement. You also have to tell them that you want your suppliers to earn good money for good performance. You also have to explain to your IT people that it is not in their job description to con-tinuously explore all options with all suppliers which means less invitations, conferences, lunch-es etc. You have to convince your suppliers that their sales practices (we can only give you a dis-count if you order at least X before the end of this quarter) are unacceptable and that they have to commit to long-term pricing that is not volume related. This typically exceeds the power of the local sales organisation and requires approvals from headquarters who will say that it is not ac-ceptable for a million different reasons. The only way to get them to agree is to make your promise of undisputed territory credible. And once the suppliers are in place you have to manage them actively and quickly resolve borderline confl icts between the different areas.

This works for us at KPN and I do not know whether it can work for you. But whatever you do, you should reflect on your sourcing policy. You should not automatically assume that a poli-cy that favours traditional procurement, with con-tinuous case by case selection and dual vendor policies, is always the best practice. And you should defi nitely not agree with the sales practic-es that have been there forever but are simply not acceptable.

Column

20

It’s like buying a car with no brakes and then the manufacturer recommends you get the

brakes from elsewhere. Or even better: the manufacturer promises that the brakes will be included in the next model.” Bruce Schneier doesn’t mind making the odd crack about the industry, even though he is one of the world’s leading security gurus. And since BT purchased his company, Counterpane, he has been BT’s Chief Security Technology Off icer. Bruce Schneier spoke to Belgian CIOs at the annual BT CIO Lunch Forum. “Fortunately, the level of maturity in the IT industry is rising fast”, he says. “Once IT really becomes a commodity, compa-nies will very much opt for outsourcing – just as they have for their electricity and water require-ments. And when that happens, security will

come squarely under the responsibility of the out-sourcer.” Schneier also refers to the move towards consolidation to back up his statement. “IBM has bought ISS and Counterpane is now part of BT. At the end of the day, security will be embedded in the various basic components of IT, as it should.”

The psychology of IT securityThe fact that until now security has not been an intrinsic component of basic IT infrastructure has created many needless problems. “It all has to do with basic human nature”, says Bruce. “When there’s an opportunity for you to gain something, you want a guarantee. But if there’s a chance you’ll lose, you’re inclined to take the risk, hoping that nothing will happen.” It’s the sort of psychology that applies perfectly to IT security. “All too often companies think that if they invest in security, it’s money down the drain. So they keep their wallets in their pockets and assume that nothing will happen.” And when companies do spend money on security, Schneier says they are still buying the wrong products. “The technology is far too complex”, he says. “So the people who sell security products aren’t able to explain properly what they are for.” All of which means that bad products are shutting the good solutions out of the market. “Customers don’t fully understand what is going on, so they often go for the cheaper, inferior product.” But by the time IT has evolved into a real commodity, CIOs wil l no longer be taking decisions about purchasing security products. That’s a task that will fall on the shoulders of the outsourcer.

The fact that there is a separate IT security industry at all proves that there are failings within the IT industry as a whole, claims Bruce Schneier, BT’s Chief Security Technology Offi cer.

PICTUREBruce Schneier, Chief Security Technology Offi cer at BT: “The technology is far too complex. Anyone who doesn’t understand the technology is inclined to opt for the cheapest solution.”

IT security

Special feature

Responsibility moves to the outsourcer

“

NewIT: ICT-innovatie op Kanaal Z NewIT brengt innoverende ICT-toepassingen in beeld. In elke afl evering van dit nieuwe Kanaal Z-magazine presenteert Bruno De Keyser een concrete business case. Wat leveren ICT-investeringen op het terrein op? En hoe snel is alles in de praktijk terugverdiend? De eerste afl evering opent met de resultaten van een exclusieve enquête van Data News over ICT-innovatie. Daarnaast plant NewIT tot de verbeelding sprekende reportages over de digitalisering van het medisch archief van UZ Leuven. Daar worden momenteel kilometers papier gescand en op harde schijven opgeslagen. NewIT ging ook kijken hoe onze digitale identiteitskaart vervaardigd wordt en we vragen ons af hoe veilig dit identiteitsdocument is. Ook willen we alles weten over de vingerafdruktechnologie, toegepast bij pharmabedrijf Pfi zer in Puurs. In plaats van het intoetsen van codes om je handtekening te plaatsen, volstaat het in dit pilootproject om je vingerafdruk te laten lezen.

NewIT wil ICT-innovatie op een toegankelijke manier brengen met concrete inspirerende verhalen.

NewIT, vanaf 20 oktober vijf weken lang op Kanaal Z (op maandag en in de weekendlus).

OB

3785

4

NewITNewIT

In samenwerking met:

22

In recent years, with the emergence of the Internet and other new technologies, both the product and the business model put

forward by the media industry have come under heavy pressure. We are seeing two developments come out of all of this.

On the one hand, the media have been extremely willing to embrace these new technologies – just consider the many successful news-paper websites that are now up and running, as well as the experi-ments with paperless publications based on E-ink technology and the many new mobile offerings. Yet on the other hand, great attempts are being made to safeguard the market share held by the traditional media. Product revamps, process optimisation and reusing content are just some of the examples that come to mind. This is creating enormous pressure in the IT department. Any change to the process or product has an impact on the supporting computer systems. In addition, things change incredibly quickly in the mega-competitive media industry.

An additional challenge in all this is the robustness and availability required of the computer infrastructure. IT is expected to come up with new developments and systems at a hellish pace, while at the same time guaranteeing the stability and operating security of these systems 24/7. With this in mind, we have standardised to a great extent, tech-nologically speaking – three hardware vendors and 3 development environments – and we intend to stick to that format. Using virtuali-sation and clustering technology provides us with the base for scala-bility and the availability of the infrastructure. And to optimise the de-velopment process, a great deal of attention is devoted to code reusability and an SOA has been set up.

From an IT point of view, we have done as much consultation as pos-sible with end-users – both formally in steering groups, management committees and project groups, as well as informally. The IT depart-ment has built up an in-depth knowledge of the business processes involved and so is very well placed to gear the IT systems to fi t in with those processes. Short decision-making cycles mean that the IT department has to be set up in a highly fl exible way and needs to think along with the business. This means that the full IT staff has to be closely involved in what the business is doing, as well as be very ame-nable to adjustment. These are two criteria that weigh heavily during selection procedures.

The fl exibility of IT

LUC VERBISTDirector ICT Press Group

Luc Verbist passes the baton to Koen Vermeulen, IT Director Telindus, Billing & Wholesale Belgacom Group. He will give his personal views on how to deal with innovation while managing the risks associated with it.

Column

Let’s take IT to a higher level

XPLORE n.v., is Belgium's Leading Java Professional Services company. Since 1997, we are focusing on the development and implementation of advanced distributed IT systems. Xplore’s professional services team, offers you a high level of experience and knowledge to turn - together with you - your IT challenges into a success. Xplore provides : > Business Consulting & Business Process Engineering Services

> Project Development Services: Agile, Scrum, RUP > Application Architecture & Quality Assurance Services > Application Development Services based upon Java JEE

more information at www.xplore.be or call 02 702 60 90