Commentary
3/24/2004
12:11 PM
Commentary
Commentary
Commentary

SmartAdvice: Measuring Business Value Of IT Investments

It's hard to quantify the return on IT investments, but it's in IT's best interests to help in the documentation effort, The Advisory Council says. Also, control VPN access from home computers to improve security, and look at what you want from your system before deciding whether to delay server upgrades.



Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected].


Question A: What approaches are effective for measuring the business value delivered from various IT investments?

Our advice: Tying IT expenditures to the business value they provide has long been a Holy Grail for senior executives. It's an issue pursued from two distinctly different viewpoints. Especially in tight economies, CEOs and CFOs suspect they're spending too much on IT for the value they receive, and seek ways to bring spending into alignment with that perceived value.

Not surprisingly, IT executives often believe that IT is under-funded for the value it delivers. As always, reality lies somewhere between these opposing viewpoints, but finding it has proven to be very difficult. A major stumbling block is the inability to meaningfully measure IT's contribution to the prosperity of the business it supports. Conversely, costs are easy to capture, providing a convenient fallback for measuring IT performance, but bearing no relationship to the results driven by IT expenditures.

Challenge Of Assessing Benefits
While costs are easy to track, measuring tangible benefits takes considerable effort. Unlike costs, there are no standard formulas for capturing benefits. Each process has its own unique benefits, and each benefit identified is likely to require its own custom method of measurement. Unfortunately, the best and largest benefits are often the ones that are the hardest to measure. As a back-office operation in most companies, IT tends to be several layers removed from the business outcomes enabled by its services. For example, IT may implement a new customer-relationship management application to enable the company's marketing and sales organizations to better serve their customer base. Presumably, the end result is happier customers who buy more products from the company. However, there are likely to be many steps and variables between the CRM system and this end result. Moreover, when revenue increases, was the major driver the CRM system, a marketing program enabled by that system, or the newly hired vice president of sales and marketing?

Measuring The Value Chain
If the company's sales and marketing processes are carefully documented, measured, and managed by their respective organizations, the questions posed above can probably be answered, and a fair share of the benefit can be apportioned to the new CRM system.


Related Links

IT Strategy Knowledge Center


Although business-process management is rapidly gaining favor, it's likely that most corporate processes remain undocumented and unmeasured. While documenting internal business processes is ultimately the responsibility of the business areas owning and using those processes, IT has a vested interest in supporting and even assisting in the documentation effort. Ideally, a business process would be fully documented and measured before making any large IT investments in that process.

Creating an "as is" map to document the process's current state before implementing a new IT system enables the business area and IT to better predict benefits and to establish a baseline from which to measure those benefits. In the case of the example of the CRM system, the analysis may determine a per-customer value based on current purchasing trends. The goal of the CRM system and the activities it enables may be to increase that per-customer value by a given percentage. The change in this value can be measured after the system is in operation, and also can be translated into a direct revenue value for the company.

-- Ian Hayes

Question B: A growing proportion of our workforce is telecommuting, leading to increased use of our VPN from computers in employees' homes. What security measures should we be taking?

Our advice: The natural inclination when implementing a virtual private network is to focus on the security of the encrypted VPN connections themselves--what protocols to use (Internet Protocol security, Point-to-Point Tunneling Protocol, Layer Two Tunneling Protocol, proprietary); whether to use a firewall-based VPN versus VPN services on a general-purpose operating system; how to authenticate users, etc.

While it's necessary to consider all these issues, it's easy to overlook the most serious potential security exposure associated with VPNs--the remote-client systems.

Related Links

Survivor's Guide to Security



There's a subtle danger from the use of a VPN, particularly from home computers owned by employees. In addition to using firewalls to isolate the company network from the Internet, companies often take great care to "lock down" the software configuration on office computers, to prevent the inadvertent installation of "malware" (malicious software) that could compromise their networks. Once a home computer has a VPN connection to the office network, however, any malware present on the home computer has access to the company network. As home WLANS on broadband connections become more common, the risk will increase of malware spreading from another home PC (perhaps with quasi-legal peer-to-peer file sharing) to the employee's PC and then to the office network.

Employees' home PCs with VPN access therefore require the same kinds of defense-in-depth that should be applied to office networks--up-to-date operating system and application patches, software firewalls, antivirus software, least privilege, strong passwords, etc., to enforce this discipline. To reduce this exposure, VPN access should only be permitted from computers that are under the control of the company's IT staff. If VPN access from home computers is permitted, there should be strict policies regarding the software configuration and other uses (e.g., by other family members) of the home computer.

-- Peter Schay

Question C: Our servers are more than five years old. Management wants to defer investment in new servers as long as possible. How long can we delay server upgrades before it will hurt our business?

Our advice: You aren't alone. Many companies in recent years have been saving money by extending the time between hardware upgrades for both servers and desktop systems. As the cost of servers continues to plummet (a decent rack-mounted server can be had for under $5,000), and computing power continues to rise, the question of when to upgrade becomes trickier. The answer, as always, depends on your industry, hardware, and specific application software requirements.

You Can Delay Upgrades If
You can hold off another year or so if:

  • Your applications are still reasonably responsive, supported, and users aren't complaining;


  • You have no need to upgrade your operating system. Hardware that easily supported Windows NT will bog down with Windows Server 2003;


  • The hardware was originally configured with lots of memory and disk space. Over-configured hardware can easily translate into an extra year of service, more than making up for the higher original investment;


  • The hardware is relatively standard. Since five-year-old peripherals are nearing end of life, you will more than likely need to replace them soon; and


  • You have no compelling reason to add new hardware--try finding a Windows NT driver for that new USB printer!

You Should Replace If
Reasons to replace your servers include:

  • A mission-critical application requires an upgrade. Your hardware may not be able to handle the resource demands of the new software, or the software may require an operating system version that your old hardware simply won't support. New Microsoft Windows versions are notorious for their ever-growing need for disk, memory and CPU speed;


  • If you have time to get a cup of coffee while waiting for an application, then it's time to upgrade. The cost of the hardware will be quickly repaid by increased staff productivity;


  • Your hardware becomes completely unsupportable. While IDE disks are still readily available, many hardware vendors no longer carry other critical replacement parts. You might be forced to upgrade unexpectedly, and urgently, if a video card or CPU goes.

In conclusion, determine your requirements for up-time and tolerance for risk. If you configured your server environment appropriately five years ago, and you have no pressing need to upgrade your operating system or applications, then you can probably use your systems for another year or two. If your mission-critical application requires a major upgrade, then plan on buying a replacement system soon.

-- Beth Cohen


Ian Hayes, TAC Thought Leader, has extensive experience in improving the business returns generated by IT investments. He is the author of three IT books and hundreds of articles and is a popular speaker at conferences. He helps companies focus on value-creating projects and services by better-targeting IT investments, improving the effectiveness of IT execution, optimizing the sourcing of IT activities, and establishing measurement programs that tie IT performance to business value delivered.

Peter Schay, TAC executive VP and chief operating officer, has 30 years of experience as a senior IT executive in both IT vendor and research industries. He was most recently VP and chief technology officer of SiteShell Corp. Previously at Gartner, he was group VP of global research infrastructure and support, and launched coverage of client/server computing in the early 1990s.

Beth Cohen, TAC Thought Leader, has more than 20 years of experience building strong IT delivery organizations from both user and vendor perspectives. Having worked as a technologist for BBN, the company that literally invented the Internet, she not only knows where technology is today but where it's heading in the future.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service