Implementation of Application Portfolio Management

1
Implementation of Application Portfolio
Management

• Governance, Process, and Execution
• (The What and Why of APM)
• February, 2006

2
Presentation Agenda
Approximate Times (Minutes)
Topic
Slides
Perspectives and Overview of APM Concepts,
Processes, and Practices of APM Implementation of
APM in NC State Government Questions
3 -10
10
10 - 24
20
24 -36
15
15
Total Time
60
3
Portfolio Management
Portfolio Management is
A collection of items grouped together to
facilitate efficient and effective management and
optimally allocate fiscal, staffing, and other
scarce resources. The purpose is to meet
strategic business goals and objectives in the
most effective and productive manner by
appropriately considering key factors, such as
desired returns or public value, initial and life
cycle costs, architectural directions, risk
profiles, and the inter-relations among
investments. The objective is to make fact-based,
data-driven, and analytics -oriented management
decisions, using a consistent and disciplined
approach within a well-defined governance
structure.
Major Portfolio Management Tasks are

• Inventory and classify items in the portfolios.
• Perform relevant analyses identify problems
  and opportunities, develop viable options,
  determine relevant criteria, ask the right
  questions, evaluate alternatives using pertinent
  information, and make decisions.

4
Status of Implementation of Portfolio Management
Phase/Type of Portfolio Management Effort
Implementation Status and Timeframe
Completed performed in 2004 and early 2005
Topic Research and Purchase of Tool
Project (PPM)
Completed performed summer and fall 2005
In process - winter and spring 2006
Applications (APM)
Investment (IPM)
In process - initial efforts in winter and spring
2006 as part of applications endeavor more
advanced capabilities will be implemented later
as agencies are ready and need them
5
Summary of Findings of Keane/Gartner Legacy
Applications Study December 2004

• In the portfolio of approximately 900
  applications 40 are considered critical for
  department mission/strategy 17 are enterprise
  (statewide) applications and 75 of the
  applications processed by the state data center
  require 1-day return-to-service capability.
• The statewide portfolio is relatively young,
  with an average age of 7.5 years since 1997,
  from 70 to 90 new or replacement applications
  have been added each year to bring down the
  average age.
• Health status is 23 presenting functional,
  technical, or both problems 50 with some
  problems, but manageable and 27 healthy, with a
  prescription for continuing on-going operations
  and maintenance.
• Remediation timeframes are 11 require action
  immediately (within next two years), 35 require
  action in the near term (2 to 4 years), and 54
  require action in the long term (4 to 6 years).
• Although the immediate needs of the portfolio
  appear to be manageable, projections of its
  future status, if no remediation actions are
  taken, indicate an increasingly deteriorating
  condition as the applications age.

6
Framework for Managing IT Investments
I. Strategic Business and IT Planning and
Investment Selection and Budgeting - Investment
Portfolio Management (IPM) Build, Buy, and/or
Implement the Right Assets
III. Investment Operation and Maintenance, and
Renewal, Retirement, or Replacement -
Applications Portfolio Management (APM)
Maintain and Operate Assets in the Right Ways and
Retire or Replace Them at the Right Times
Life Cycle of IT Investments

• Identify investments that best
• Enable governmental initiatives or agency
  missions and strategies
• Result in financial returns revenue generation
  or cost savings
• Provide better constituent services or program
  effectiveness
• Fit technical architectures
• Satisfy budget, staffing, and other constraints
• Meet risk profiles

• Operate and maintain assets so that
• Benefits/costs are optimized over their useful
  lives through astute and timely renovations,
  consolidations, or eliminations
• Services offered meet availability, reliability,
  security, quality, and recoverability
  expectations within acceptable budgets
• Retirements and replacements are effected when
  assets are no longer cost-justified or
  risk-acceptable

II. Project Implementation - Project Portfolio
Management (PPM) Build and Implement Assets in
the Right Manner
Manage projects by

• Clarifying roles and responsibilities
• Providing appropriate oversight
• Ensuring they are well planned and thoroughly
  researched prior to starting

• Defining, tracking, and evaluating project
  progress frequently to achieve budget, schedule,
  scope, and quality expectations
• Completing them successfully so that business
  goals and objectives are realized

7
(No Transcript)
8
NC is not Alone in Implementing APM - Gartner
Prediction for 2006
Gartner predicts that 40 of large public and
private enterprises will implement application
portfolio management in the next two years. The
reason for the rapid growth in the use of APM is
other companies and government entities have
achieved successes in cost reduction, managing
the complexities of hundreds of established
assets, and improving budget process
effectiveness. Applications portfolio management
is critical to understanding and managing the 40
percent to 80 percent of IT budgets devoted to
maintaining and enhancing software. Most
organizations dont track established
applications over time to ascertain return on
investment (or to determine which should be
disposed of), and few manage application
portfolios with tools. In other words, these
organizations havent truly associated the
substantial amount of money theyre spending with
what they are spending it on.
Gartner Research Note Predicts 2006 Reacting to
Application Development Challenges With
Management and Automation dated November 15,
2005
9
Reasons for Applying APM Concepts and Disciplines
to Existing Applications

• Identify and catalogue all applications know
  what you have and what they do in order to manage
  them.
• Track and communicate technical and business
  status of applications to identify problems and
  take advantage of opportunities.
• Enhance the alignment of applications with agency
  strategies and technical architectures to improve
  support of business processes.
• Identify and eliminate or replace applications
  that are redundant, high-risk, low-performance,
  or high-cost (especially OM).
• Develop a multi-year management decision roadmap
  to optimize benefits/costs and minimize risks
  over application useful lives.

10
Primary Goals for Managing Applications

• Reduce maintenance and support costs provide a
  source of funds for new investments.
• Align IT with business better satisfy business
  priorities and evolving needs.
• Fund the right application remediation efforts
  maximize benefits/costs for dollars spent.
• Coordinate and prioritize IT investments there
  is not enough money to do everything, so do the
  right things.

11
Issues Surrounding Systems Obsolescence

• Over time, sustainability of applications becomes
  questionable due to age and technology advances,
  combined with changed business needs. They no
  longer
• a) support business goals and objectives,
• b) are cost-effective to operate or maintain,
  and/or
• c) are risk-acceptable by presenting too great a
  likelihood of failure with cataclysmic
  consequences.

• Business Issues
• Impediment to the implementation of new and more
  cost-effective service delivery models unable
  to respond to demands for new functionality,
  support business processes, or provide adequate
  and secure information access
• Becomes a constraint in meeting regulatory
  requirements
• Staffing issues - Unavailability of Skills
• Unavailability of staff skills or expertise to
  maintain
• Unavailability of third party vendors
• Dependency on individual contractors
• Technology issues
• Expired warranties, with no vendor support
• Can not handle increased usage or volumes of data
• Does not run anymore on available platforms
• Inefficient IT resource utilization
• Used beyond original intent, and cannot be
  enhanced
• Cannot meet security, privacy, or confidentiality
  requirements
• Are not easily recoverable for disaster recovery
  and business continuity
• System can fail, with untraceable error
• Inconsistent or inadequate information and data
  quality
• Not compliant with state or agency technical
  architectures

Sources of Risks
Seems to run forever, but ultimately has a finite
business, economic, and/or technical life
12
Key Concepts Analysis Perspectives
Business, technology, and financial perspectives
are combined to determine the posture of the
application, indicate the appropriate remediation
strategy, and to provide recommendations for
managing the application portfolio over time
General idea action is required when an asset
is not cost-effective or risk-acceptable (it is
worn out, no longer technically fits, or costs to
much to keep)

• Do we have the right capabilities in place?
• Are they aligned with business priorities?
• Where are potential synergies?
• Are there duplications?

Business

• How do we maximize overall value?
• Can costs be optimized across the organization?
• To what extent can innovation and new
  applications be funded by cost savings?
• Do they cost too much to operate or maintain?

Application Portfolio Analysis Perspectives
Technology
Financial

• Are applications sustainable?
• Do they fit in the desired architecture?
• What is the technical migration road-map?
• Are they risk-acceptable?
• Do they present security, privacy, or disaster
  recovery vulnerabilities?

13
Applications Portfolio Inventory and
Classification
Key Attributes for Each Application

• General ID, business owner, age, etc.
• Business processes enabled/supported
• Business value/criticality
• User information
• Functional quality
• Present business requirements
• Future business growth and new business needs
• Technical quality
• Architectural compliance
• Operations and maintenance support of or
  detriment to
• Costs
• Operations
• Maintenance and technical support
• Risk profile
• Disaster recovery/business continuity status

Attributes can be unlimited use potential for
compelling analyses (usefulness) and ability for
consistent refresh as decision criteria for the
selection of them.
14
Applications Portfolio Inventory and
Classification

• Who Knows About Particular Attributes
• Public Users (States Citizens and Businesses)
• Users From Other Government Entities
• Business Users
• Managers and Executives
• IT Managers
• Technical Architects
• Application Developers
• Application Maintainers
• IT Operations
• Help Desk
• Business and IT Security and DR/BC Staff
• Financial, Accounting, and Budgeting Personnel

Sources of information can (and maybe should) be
numerous dont overcomplicate, but ensure that
all perspectives are offered and data is
fact-based, reliable, and complete.
15
Analysis of Applications Portfolio - Basics

• Business leaders
• What are strategic business drivers?
• Which apps fit drivers (contribute to business)?
  Which do not?
• Users
• Which apps meet business needs? Which are
  lacking?
• How many users are dependent on app? What are the
  vulnerabilities and what are the impacts of
  outages.
• Business analysts
• Which apps have accessible, complete, actionable,
  accurate, and timely data? Which do not?
• Which apps enable business process reengineering?
  Which do not?
• Applications maintenance
• Which apps require the most maintenance effort
  and expense? Which are scalable and adaptable?
  Which are not? Which are most reliable and
  maintainable? Which are not?
• Help desk
• Which apps generate the most trouble tickets?

16
Analysis of Applications Portfolio - Basics

• Technical architects
• Which apps contain components that comply with
  agency and statewide technical architectures?
  Which do not?
• Which apps contain components that are beyond
  vendor support aged releases and/or removal of
  product support?
• IT managers
• Which apps have reliable and dependable vendor
  maintenance support either in-house or
  outsource? Which do not?
• Which apps do not integrate (share data) well?
  How critical are the these apps to the
  performance of other applications supporting
  critical business processes?
• Which apps have performance problems? What are
  the business and cost impacts of these? Can they
  be rectified?
• Which apps are subject to determinable vendor
  mergers or acquisitions? What are the
  consequences, and how can they be mitigated?
• Which apps have questionable risk profiles
  security DR/BCP vendor viability regulatory
  compliance HR risk from staff retirement
  privacy and confidentiality and/or information
  availability, quality, and retention?

17
Application Portfolio Management -Approach for
Assessing and Managing Applications
Data Collection, Analysis, and Decision-Making
Process
Step 2 - Analyze Portfolio
Step 3 - Manage Portfolio
Step 1 - Build and Maintain Inventory
Next Steps
Step 4 Optimize Portfolio
Determine if Remediation (Other Than Regular
Ongoing Support and Maintenance) Required and
Develop Life Span Transformation Roadmap
Incorporate Results in Business and IT Planning
and Funding Request Processes - Investment
Portfolio Management

• Assess Overall Posture of Application
• Business Status?
• Technical Status?

Continue Regular Support Mainte-nance

• Create and Maintain Inventory in UMT Portfolio
  Management Software Tool

Near-Term Action Needed?
No
Yes
Approximately 50 of UMT database updated from
data used in Keane/Gartner study
Evaluate Business Importance and Criticality of
Problems or Opportunities Prioritize, Specify
Timeframe for Action, and Determine Costs and
Benefits
18
Application Portfolio Management - Determining
the Posture of Applications
Generic criteria are defined to assess
applications from a business and technology
perspective
Good

• Meets present service delivery needs
• Meets anticipated needs for new services,
  business process reengineering initiatives, and
  information access
• Protective of individual privacy and data
  confidentiality

High

Warning Zone High Technical Risks
Safe Zone

Safe Zone
Business Perspective

• Creates inefficient and less effective service
  delivery processes
• Constraint on implementation of new services,
  expanded citizen benefits, and/or more efficient
  business processes
• Individual privacy and data confidentialityat
  risk

Warning Zone Not Making Best Use of In-Place
Technologyto Meet Business Needs
High Attention Zone Both Business and Technical
Risks
Bad
Low
High
Bad
Good
Technical Perspective

• Expensive to operate or maintain
• None or decreasing vendor support for major
  components
• Insufficient or decreasing availability of staff
  support
• Can not enhance for new business requirements
• Inefficient IT resource utilization
• Inadequate data access and quality
• Vulnerable security
• Recoverability difficult or suspect
• Not compliant with state or agency tech.
  architectures

• Cost-effective to operate and maintain
• Adequate vendor support for major components
• Adequate availability of staff support
• Can enhance for new business requirements
• Efficient IT resource utilization
• Adequate data access and quality
• Adequate security protection
• Resilient to human-induced or natural disasters
• Compliant with state and agency tech.
  Architectures
• Easily recoverable

19
Options for Life Span Transformation Roadmap

• Technical renovation/enhancement, such as
  re-host, employ Service Oriented Architecture
  (SOA) or Web services architectures to modernize,
  recode, update database management software, etc.
• Functional enhancement.
• Replace (COTS, GOTS, or custom development) and
  retire.
• Sunset/eliminate.
• Consolidate with applications performing the same
  or similar business functions.
• Consolidate with multiple diverse applications as
  part of an agency wide or state wide initiative.
• Continue maintenance.

20
Application Portfolio Management - Remediation
Approaches
High/Good

• Low Priority Technical Reengineering
• Low maintenance and support costs
• Provides value as is
• Regular support and maintenance

• Good Technical Reengineering Candidates
• High business value means quicker ROI
• Renovation will improve support and maintenance
  costs

Business Perspective

• Replace - if possible, with Commercial or
  Government Package
• If low business value, probably doesnt justify
  custom code renovation or replacement
• Consider elimination or consolidation

• No Technical Reengineering
• Re-host candidate
• Functional enhancement
• Tolerate or invest

Low/Bad
High/Good
Low/Bad
Technical Perspective
21
Application Portfolio Management - Investment
Selection and Prioritization
Prioritization and timeframe for action is driven
by overall importance as well as risks.

• At Risk/Critical are highest priority were
  level of risks drive (broader) remediation
  activities
• Limited Risk/Critical applications are second
  priority compared to critical/at risk
• At Risk/Less Critical applications are also
  second priority for remediation, especially if
  risks can be mitigated
• Limited Risk/Non Critical applications should
  be reviewed to minimize technology investments
  and look for opportunities to consolidate or
  substitute for better solutions

High
At Risk / Critical
Limited Risk / Critical
Second Priority
First Priority
Overall Importance to Organization
Selectively
Second Priority
Limited Risk / Non Critical
At Risk / Less Critical
Low
Low
High
Business/Technology Risk or Urgency

• In addition prioritization is driven by
• Specific business initiatives, programs, and/or
  funding streams available
• Overall risk issues, interrelationships between
  applications, and the general need for
  modernization of legacy systems

22
APM is an Ongoing Process Not Just a Project
Examples of How APM Information Will be Used by
Agencies

• Identify expansion budget requests for
• Long (biennial budget) session of General
  Assembly
• Short (2nd year of biennial budget) session of
  General Assembly
• Assist in preparation of BCPs
• Provide IT cost data to OSC for annual report
  submitted to General Assembly

• Identify funding needs from other sources, such
  as federal funds
• Assist in making decisions for or documenting
  changes due to
• New implementation projects
• Additions, renovations, or upgrades to technical
  infrastructure
• Renovations/modernizations to applications
• Provide answers to ad hoc questions

23
Overview of IT Portfolio Management
Agency Missions and Vision and Business Goals and
Objectives
Develop Business Drivers and Business Cases
Investment Portfolio Management
Identify Problems and Opportunities
Statewide and Agency IT Plans
Analyze Candidate Investments
Project Proposals for Applications Renovations,
Retirements, or Replacements
Select and Plan Investments
Funded New Projects
Manage Portfolio
Adjust Project Portfolio
Application Portfolio Management
Analyze Portfolio
Optimize Portfolio
Assess Value of Projects and Portfolio
Project Portfolio Management
Manage Portfolio
Implement Projects
New or Renovated Applications
Build and Maintain Inventory
24
Conclusions

• Applications swallow cost, time, and management
  bandwidth, while increasing risks unless they
  are well managed to reduce complexity and risk
  and retired or consolidated in a timely fashion,
  the entire IT budget will be operations and
  DR/BCP will be unaffordable
• Creating a portfolio view of existing
  applications does not have to be complicated
  focus on the basics and the big picture let the
  software tool highlight problem areas and offer
  improvement opportunities for management decision
  making
• Benefits of APM are clear
• Investment decisions for elimination,
  replacement, or remediation are made in a
  consistent manner considering application risks,
  value/importance to organization and its
  priorities, most effective use of personnel, and
  life span optimization of costs/benefits
• IT complexity is reduced thereby, maximizing
  business value received while minimizing IT cost
  incurred
• Planning for DR/BCP is facilitated to ensure
  continuity of operations
• Risks are managed, and stewardship for assets is
  facilitated

25
Application Portfolio Management Perspectives

• Alignment (Optimize Portfolio)
• Process Inventory, contribution, function
  association
• Core Business Drivers, priorities, process
  contribution

Level IV (Step 4)
Level III (Steps 2 and 3)
Initial Deployment Focus

• Financial (Analyze and Manage Portfolio)
• Detailed application-level costs and
  cost-effectiveness analyses

Level II (Steps 2 and 3)

• Assessment (Analyze and Manage Portfolio)
• Risk, Operational Performance, Architectural Fit

Scope of Keane-Gartner Study
Level I (Step 1)

• Inventory (Build and Maintain Inventory)
• Application identity and basic information

26
Applications Portfolio Management Process
Transition to Executive Decision Making Process
Funding Requests
Tool Assisted Decisions
Subjective Business Decisions
Step 1 Level I Collect, Validate, and Maintain
Data (Build and Maintain Inventory)
Step 3 Levels II III Determine Dispositions
and Life Span Transition Roadmap (Manage
Portfolio)
Investment Portfolio Management (IPM) Process
Step 2 Levels II III Perform Assessments
(Analyze Portfolio)
Step 4 Level IV Determine Priorities,
Timeframes, Costs, and Benefits (Optimize
Portfolio)

• One-Time Work
• Transfer data from Keane/Gartner study
• Perform initial collection and validation of
  remaining data
• Ongoing Work
• Perform data changes and validations as they
  occur
• Collect and validate data for implementation
  projects transitioning to applications assets
• Major Data Elements
• ID
• Costs
• Business criticality
• Business processes enabled or supported
• Functional quality
• Technical quality
• Risk profile

• Identify
• Business problems/issues
• Technical problems/issues
• Risk vulnerabilities, probabilities, and impacts
• Other problems/issues
• Evaluate
• Status/Health (Good, Bad, Moderate)
• Value to organization (High, Moderate, Low)
• Risk of unrecoverable failure (High, Medium, Low)

• Identify
• Dependencies on other applications and projects
• Costs/fiscal requirements
• Technical infrastructure requirements
• Benefits/value to accrue
• Alignment with state/agency priorities
• Confirm and/or Develop
• Implementation approach
• Determine Priorities and Timeframes
• Select priority for action (High, Medium, Low)
• Select timeframe for action (Immediate,
  Near-Term, Long-Term)
• Potential Benefits for Selected Actions
• Cost savings from consolidate/eliminate
  applications
• Improvements in public service, reliability,
  recoverability, and security resulting from
  functional/technical renovation or replacement

• Consider
• Cost-effectiveness
• Risk acceptability status of
• Identify
• Problems/opportunities
• Alternative approaches
• Best actions for managing application over
  expected life spans
• Mission criticality/importance to agency
• Determine Whether To
• Invest additional funds (technical or functional
  enhancement or replacement)
• Sunset/eliminate
• Consolidate
• Replace and consolidate as part of an agency wide
  or state wide initiative
• Continue maintenance

27
Comparison and Contrast of Keane/Gartner Study
with APM Implementation Project

• 1. Database attributes for applications
• K/G all data collected by agencies and input by
  K/G staff from scratch
• APM Approximately 50 of data elements
  transferred from K/G study and agency staff will
  both collect additional data and input it into
  UMT software tool
• 2. Annual maintenance and support costs
• K/G not included in data collection or analyses
• APM included in data and an important part of
  analyses
• 3. Perspectives for analyses and future actions
  for applications
• K/G Single point-in-time assessment, analogous
  to annual physical
• APM Long-term management plan, analogous to
  lifetime health/fitness plan

28
Comparison and Contrast of Keane/Gartner Study
with APM Implementation Project

• 4. Responsibilities for application assessments
  and action plans
• K/G K/G staff performed all analyses with
  agency review
• APM Agency staff responsibility for performing
  assessments and developing life-span transition
  roadmaps
• 5. Follow-up to initial assessments and updating
  of attributes, analyses, and transition plans
  over time
• K/G Not within scope of study and
  little/limited follow-up to date
• APM Frequent and regular, especially in
  response to budgeting and funding cycles and
  development of BCPs
• 6. Project planning, management, and reporting
• K/G K/G staff and State CIO project team
• APM Each agency responsible for its performance
  and the meeting of schedules and quality, while
  the State CIO project team will provide overall
  coordination, training, and assistance to agencies

29
January 2006
APM Rollout Preparation
Beta Implementation
Beta Implementation
Beta Implementation
Beta Implementation
30
February 2006
Beta Implementation
Beta Implementation
Beta Implementation
Beta Implementation
Beta Feedback Revise Configuration Training
Beta Feedback Revise Configuration Training
31
March 2006
Beta Feedback Revise Configuration Training
Wave 1
Wave 1
Wave 1
Wave 1
Wave 2
32
April 2006
Wave 1
Wave 2
Wave 2
Wave 2
Wave 3
Wave 2
Wave 3
33
May 2006
Wave 3
Wave 3
Wave 4
Wave 3
Wave 4
Wave 4
Wave 4
34
Agency To Do List Before Start of APM
Implementation We Will Help Accomplish

• Develop approach for collecting and inputting
  application attribute data
• Application independence and autonomy (minimum
  central control of data integrity or
  completeness)
• More centralized input and quality control
  (managed approach)
• Develop approach for conducting application
  analyses work, reviewing results, and making
  decisions regarding life span transformation
  roadmaps
• Determine agency personnel that will participate
  in the project, and ensure each is scheduled for
  training, has the time availability to contribute
  to the effort, and calendars are updated to
  reflect time commitments

35
Agency To Do List Before Start of APM
Implementation We Will Help Accomplish

• Develop high level project plan, with key
  responsibilities, schedule/milestones,
  organization chart, etc.
• Appropriate to size, business and IT
  complexities, number of applications, governing
  structure/relations, and culture of agency
• Include sufficient numbers of personnel and
  appropriate representation from business, IT,
  senior executive/management, and other types of
  agency staff
• Determine whether agency desires to participate
  in Level IV (step 4) implementation voluntary
  option
• Significant participation and commitment from top
  executives, business managers, and senior IT
  staff
• May introduce needs for major cultural changes
  and considerable modifications to long-standing
  business unit-to-business unit relations and
  business-to-IT interactions
• May not be appropriate/useful for all agencies,
  and must request this optional implementation
  effort through the State CIO

36
(No Transcript)
37
(No Transcript)
38
Contact Information

• Tom Runkle
• Tom.Runkle_at_its.nc.gov
• 754-6677
• Jim Tulenko
• Jim.Tulenko_at_its.nc.gov
• 754 6606
• Charles Richards
• Charles.Richards_at_its.nc.gov
• 754 - 6612
• Barbara Swartz
• Barbara.Swartz_at_its.nc.gov
• 754 - 6657