Avoid data blindness with strategic IT portfolio management
- By Terry Milholland
- Dec 16, 2018
Managing risk is the most critical priority for government CIOs and CTOs. Government agencies operate in an ever-changing environment with increased expectations by the public and legislatures to do more with less, prevent data breaches from cyber attacks, deliver robust new functionality for citizen-facing applications, upgrade IT infrastructures for the 21st century and more, all the while ensuring the mission of the agency is accomplished. However, the reality is that most agencies are ill-prepared with the right tools, processes, and data visibility to take a strategic approach to risk management. By launching an initiative into strategic IT portfolio management tools, senior leadership in agencies will gain better visibility into their IT portfolios and how IT investments enable and ensure alignment to agency mission, processes and external stakeholders. As the former CTO and CIO for the IRS, I can share that mitigating risk was an ongoing challenge for the agency and continues to be a critical challenge for CIO and CTO leaders across government today.
Over the years of being an enterprise CIO/CTO across multiple industries and government, and now as an enterprise IT consulting advisor, I witness the daily struggle that IT leaders face within their hybrid IT environments and infrastructure. Many of these landscapes encompass massive and complex IT investments that are vulnerable and risk being compromised. Compliance risk also continues to loom on the minds of IT leaders, whether derived from legacy business systems or new IT capabilities being deployed to support the business. And then there is business risk. At the IRS, our mission relied heavily on IT to deliver business value and it was our team's responsibility to ensure delivered IT systems and resources performed as expected. Be that as it may, it wasn't uncommon that investment and sustainment decisions worth millions of dollars often required consensus among several stakeholders across the agency. While sometimes tricky, ensuring collaboration among stakeholders was essential.
What has become glaringly apparent across my career is that a key to minimizing risk is avoiding data blindness. When IT leaders only have a high-level view into their existing IT landscape and information gathering is ad hoc and time-consuming, the level of risk associated with decision-making is greatly heightened. And with IT landscapes never remaining static, risk can be further exacerbated.
So how can IT leaders avoid the risk management conundrum? My advice is to invest in a strategic IT management platform. One that has been vetted by industry analysts across enterprise architecture and IT portfolio management criteria and that allows for:
- Complete, real-time transparency into business-IT relationships. This information is essential in overcoming the challenges of tackling security, compliance and business risk with real-time insight and data-driven decision-making.
- The ability to appraise enterprise IT landscape from a myriad of objective angles. This allows agency leadership to assess costs associated with IT for Federal IT Acquisition Reform Act or technology business management, and evaluate the impact of IT across programs for effectiveness.
- Visibility of specific technology deployments across programs and applications to determine the agency's exposure to evolving security risks.
- Insight into interrelationships between IT objects and business stakeholders, which enables the assessment of the agency’s future IT needs.
- Rationalization of modernization priorities based on real data for assessing applications and systems that encompass the most potential for cloud migration.
- Clear roadmaps and strategic plans that demonstrate the alignment to an agency’s mission and business needs.
- Ready compliance risk assessments for Federal Enterprise Architecture Framework, FITARA, The Federal Risk and Authorization Management Program, Capital Planning and Investment Control, TBM and others.
Getting started with IT portfolio management can seem daunting given the number and interlocking IT assets of infrastructure and applications. And of course, risks include schedule, impact, mandates, skills, reputation and so forth, often subjective. The key is finding best in class platforms, like Alfabet by Software AG, that stand out for their flexibility and comprehensive ability to align IT with mission strategy.
Once a platform is selected, create a list of every investment, whether sustaining, upgrading or new development, and then, rank the outcome value of each investment against the others. The platform tools provide a straightforward rank order that allows senior leadership to agree on the relative value of each investment and draw a line where the funding and resources are completely allocated. This view of the portfolio allows agencies to manage risks tied to their IT investment decisions, ensuring these investments are continually optimized and aligned to support mission programs and geared at improving citizen service.
As the IRS' first-ever CTO and CIO, I was credited with heralding an "IT renaissance" of people, processes and technology at the agency. With responsibility for all aspects of the IT systems and data that operated the nation's tax infrastructure; specifically overseeing a 7,000-person IT organization and 500+ systems that supported the tax submissions and enforcement services for handling 200 million tax returns annually, I will not soon forget the challenges we were able to overcome by adopting a strategic portfolio management approach for risk mitigation during my tenure. While I know risk can never be 100 percent mitigated, I hope my messaging will help IT leaders stay ahead of their daily and long-term challenges.
Terry Milholland is the former CTO and CIO of the Internal Revenue Service and is currently senior partner at TVM Consulting, LLC.