The IT Strategy Toolkit

by Musab Qureshi
Date Published May 23, 2012 - Last Updated July 7, 2020

What Is an IT Strategy?

Today’s CIOs are under far more pressure than ever before. They are expected to do more with less, without sacrificing quality, in a post-recession environment where the role of IT is rapidly changing. Globalization, fast-paced product innovation lifecycles, political turmoil, offshoring, the growth of consumer technologies, the emergence of new paradigms like cloud computing, the spiraling complexity of IT environments, legal and compliance requirements—these and other factors affect the way businesses are run. This, consequently, influences the demands on IT.

“IT strategy” is an interesting term, surrounded as it is by an aura of mystique. Most IT managers either have one or they want one. However, gather any number of IT people together and ask them to articulate their understanding of it, and you’ll be surprised how many divergent perspectives there are. And the plethora of formal definitions and approaches to IT strategic planning proposed by academicians and practitioners alike, compounded by an almost reckless use of the term, doesn’t make the task of formulating a single definition any easier.

Nonetheless, the following definition provides an effort to synthesize the different schools of thought: “An IT strategy is the raison d’être of the IT organization; it provides a focus for prioritizing and allocating resources.” In other words, the IT strategy provides a vision, a road map, and a mechanism for effective use of its resources.

Every organization has an IT strategy of some sort, however rudimentary it may be. In many cases, though, it is little more than a concept or a vision. No effort is made to have it formalized, agreed upon, or documented, and its implementations are neither managed nor measured. If this is where your organization stands, know that, unfortunately, you’re not alone. The guidance provided by this toolkit should help you take the necessary steps toward an actionable IT strategy.

How Can an IT Strategy Benefit My Organization?

Gaining support for an IT strategy can be a challenge. Below are some points that can help you build a business case:

An IT strategy answers these questions: What does IT do? Why does IT do what it does? For the business, it improves their understanding of IT and helps align the expectations of all stakeholders.
Executives are not concerned with individual project delivery or the day-to-day operations; they care more about whether IT aligns with the company’s goals, whether IT investments are prioritized wisely, and whether suitable governance structures are in place to keep things on target. An IT strategy provides the high-level view that addresses all of these concerns.
Without a strategy defining IT’s principles and goals, management has no framework to ensure that it’s focusing on the right things. A strategy provides alignment, unity, and cohesion across the organization.
Decision making in IT should be based on policies and principles. These decisions should be based on and documented in IT’s strategy.
Without a strategy, resources are assigned not on the basis of business need, importance, or strategic advantage, but as a reaction to the “need of the day” or the whims of those who shout the loudest.

The IT Strategy Creation Process

So, you’ve decided that an IT strategy is important. The next step is to begin creating your strategy. If you already have an IT strategy, this toolkit, based on Deming’s continual improvement principles, will help you identify any gaps or areas for improvement. If you need a strategy, the model described on the following pages can be used to plan, execute, measure, and improve an IT strategy.

The diagram below provides a high-level overview. Note the cyclical nature of the process, how improvement recommendations are fed back into the planning phase for subsequent strategy updates. In this article, we will focus on the planning stage. For more information about the implementation, measurement, and improvement stages, stay tuned; we will address them in the next issue of SupportWorld.

Planning

Whether this is your first attempt at developing an IT strategy or you are simply updating or improving an existing one, you will require sufficient resources and serious commitment. For a smaller organization, this can mean one staff member working with a consultant and collaborating with key stakeholders. For larger environments, this could mean a team of people supported by external help when necessary. Regardless, when choosing a consultant, it’s important that the IT staff retain strategy ownership. It’s also imperative that the CIO drives the strategy effort, and is actively engaged every step of the way. After all, this individual is accountable for any strategic commitments IT makes.

The next step is identifying the key people, their roles, and the inputs that is required. Map out the project team’s organizational structure and define the principle roles, such as project sponsor; also, ensure that they understand how much time they will need to commit to the initiative. A planning technique called stakeholder analysis can be used to identify all parties related to the strategy initiative. One common mistake is to only consider stakeholders from within IT; be sure to include representatives from related departments, like finance, business planning, support, and those who deal with contracts, risk management, etc. Finally, identify any risks early on and put together a project plan (using, for example, a Gantt chart) to describe the work involved in the delivery of the final outputs.

Once this basic information has been compiled and clarified, it is a good time to hold a kick-off meeting or workshop. The session can be used to present the IT strategy initiative and explain what will be required from each person. Make this presentation a highprofile event; invite as many stakeholders as possible, especially those who will provide input and those responsible for strategy execution. Involving them at this early stage will help secure buy-in. Use the feedback from the presentation to update the project plan and deliverables.

One of the things to consider early on is the strategic positioning of IT. This will be based on a number of factors, and it requires management direction and approval, but it is a pivotal step in your strategic planning since it establishes the foundation for most of what follows. The table below lists some examples that can help you define your strategic positioning.

Corporate Positioning	IT Positioning
Cost savings	IT considers standardization of the application and technology landscapes. Efficiency drives new models, such as virtualization, cloud computing, reuse, offshoring, or outsourcing (which helps focus resources on core business areas). All of these can help reduce IT expenditures.
Maximize time to market	In most industries, innovation is an important consideration; to outdo the competition, speed is imperative. The product development lifecycle relies on IT’s ability to deliver projects rapidly, reliably, and consistently. To meet this need, IT needs robust enterprise architectures, easily customizable technology components, and flexible processes.
Product innovation and differeniation	Enterprise architecture helps standardize the technology and applications environment so that IT has control over its resources. IT procurements address the business’s need for flexible, standardized systems. These systems are functionality-rich, extremely agile, and support easily configured customizations.
Customer focus	IT provides services and solutions that promote customer acquisition and retention, so the channels for serving customers are numerous and easy to use. Customer satisfaction data is gathered through the website and other methods. IT’s self-service solutions encourage customer autonomy. There is a direct correlation between the reliability of business services (which are supported by IT) and customer loyalty.

The planning phase of the IT strategy development process also involves an environmental analysis of the business and technical landscape. One common technique for this type of survey is the SWOT analysis (strengths, weaknesses, opportunities, and threats), which looks at both external and internal factors.

External analysis involves external stakeholders and other departments within the organization, like finance (for budgeting), HR (for workforce planning), and others. It takes into account:

The business’s mission and goals;
The business’s processes and workflows;
Customer requirements;
Market conditions;
Technology trends and changes;
Legal, regulatory, or compliance requirements; and
Budgets.

Internal analysis involves internal stakeholders, such as:

IT operational management, as they have insight into the capabilities, limitations, and risks that relate to the current technology;
IT applications, to gauge their strengths and weaknesses and determine what investments need to be made to ensure they support business innovation; and
Enterprise architects, since they possess vital information that spans applications, data, and technology, and provides a comprehensive and complete view of IT assets and their interdependencies.

After completing these activities, you are now prepared for the final step in the planning stage: answering the first of three questions that capture the essence of the strategy process:

Where are we now (i.e., IT’s current maturity status, or the “as-is” situation)?
Where would we like to be (i.e., the future state, or the “to-be” situation)?
How do we get there (in terms of strategic investments, prioritization of resources, projects, etc.)?

To complete the “as-is” assessment, answer the following questions:

Corporate Plans

What is the organization’s business strategy?
What are the organization’s business goals?
What is the vision of senior management?
How are IT’s goals aligned with the business’s goals?
Are IT’s resources aligned with its goals and objectives?

Business Processes

What are the business’s current processes and workflows?
What issues is the business facing that IT can address?
Are there any process or step redundancies that can be eliminated?

Application and Data Inventory

Which systems are currently in place?
What business function(s) are they supporting?
What are the strengths of these applications? What are their weaknesses? What problems are you facing?
What are the pros and cons of the current data architecture?
What is the application and data architecture model and does it need enhancing?
What is IT’s build-versus-buy methodology?
Can data duplication be overcome using a centralized, common database?
Are application interfaces being well managed using standardized middleware?

Infrastructure

What is the architecture of the current infrastructure (e.g., hardware, servers, interfaces, operating systems, middleware, etc.)?
Is the data center and technical environment up to date with the latest technologies?
Are there policies and standards in place for managing the technical environment in a streamlined fashion?

People

What are the organization’s people strengths?
Where can improvements be made? What are the staff’s training needs?
Is IT able to attract and retain people with a variety of talents?
Does the current organizational structure support a satisfactory division of work?
Is IT outsourcing or offshoring?

Finance

How well does the current budgeting process work?
How does project spending align with the business’s goals and drivers?
How are IT investments prioritized?

Projects

How does IT prioritize projects?
Does project delivery consistently meet agreed-upon timelines?

Customer Focus

How is IT’s customer focus directed?
How is customer satisfaction measured?
Do customers have sufficient channels for requesting follow-up information?
Does the IT staff have strong technical knowledge and overall business awareness?
Does IT adapt well to changes in the business model?

IT Services

Does IT provide reliable, available services?
Does IT support business innovation?
Is IT good at safeguarding the company’s intellectual assets?
Is IT proactive at identifying business needs and offering smart solutions?
Do IT’s current support processes enable it to meet its SLAs?

Each of these questions should be assigned a maturity score between one (nonexistent) and five (optimized). The answers can then be mapped and analyzed. This completes the planning stage and prepares IT for the implementation stage.

With all of the buzz around strategic planning, it’s understandable that today’s IT manager or CIO, however shrewd he or she may be, might feel overwhelmed by the plethora of definitions on offer. This easy-to-use toolkit provides a simple, yet effective, tried-and-true approach to building and executing an IT strategy. In Part I, we discussed the IT strategy process and focused on the activities involved in the planning phase. In Part II, we will discuss the activities involved in implementing, measuring, and improving your strategy.

As we learned in Part I, a strategy is “the raison d’être for the IT organization; it provides a focus for prioritizing and allocating resources.” In other words, the strategy provides a vision, a road map, and a mechanism for the effective use of its resources. Any strategy can be visualized as a cyclical process, as shown to the right.

Before we proceed, let’s review some of the outputs we’ve identified so far:

Stakeholder analysis, which identified all of the key parties that need to provide inputs for the strategy, or will be involved in or affected by its implementation;
The strategy creation exercise, which was planned as a project with clearly mapped-out resources, timelines, and deliverables;
IT’s strategic positioning, which was based upon the organization’s focus and what it required from IT in that regard; and
A SWOT analysis, which gathered inputs on internal strengths and weaknesses and external opportunities and threats. This information was captured by a survey that covered a wide array of domains, including corporate plans, business processes, application and data inventory, infrastructure, people, finance, projects, customer focus, and IT service domains.

Implementing

The next step is to develop IT’s vision statement, which describes an idealized desired future that inspires and drives decision making and effort, and serves as a focal point. Your organization’s vision statement should answer a basic question: What do we want to become in the near and distant future? Once you’ve developed the vision statement, the next step is the mission statement. The mission statement, in essence, describes why IT exists. It helps answer the question, what is IT doing today that will help it achieve its long-term vision?

A mission statement should include the following elements:^[1]

Customers (i.e., who are the business’s customers?);
Products or services;
Markets;
Technology;
Concern for survival, growth, or profitability;
Philosophy (i.e., what are the organization’s basic beliefs and values?);
Self-concept (i.e., what is the organization’s primary competitive advantage?);
Concern for public image (i.e., does the firm consider social, communital, and environmental concerns?); and
Concern for employees (i.e., are employees held to be a valuable asset?).

When developing your vision and mission statements, be sure to involve as many stakeholders as possible. If they cannot all attend a physical meeting, solicit their advice using electronic methods. Be sure to provide a deadline for comments, and don’t give contributors a blank slate; provide examples on which they can base their feedback. To encourage wider participation, offer a reward for the winning statement(s).

Once you have your vision and mission statements, the next step is to drill down to more specific goals and objectives. These targets guide IT’s focus and direction, but note that a goal is more broad and general, while an objective is more precise and exact. (In this toolkit, they are treated as equals for simplicity’s sake.)

Above all, objectives should be SMART: specific, measurable, attainable, realistic, and time-bound. Promising 99 percent availability for a given application is not realistic; you could, however, say that that application will have 99 percent availability between 9 a.m. and 9 p.m., excluding planned downtime. Defining your goal in this way indicates that you have the technology and historical data to ensure you can meet the target.

Objectives or goals need to be acceptable to your customers, but they shouldn’t be too easy. In some situations, they can be progressive (e.g., if you’re measuring the migration of your globally dispersed user desktops from Windows Vista to Windows 7, you might choose North American users for the first half of 2011 and the Australian end users for the second half). Consider the following diagram for developing IT goals.^[2]

On the left side are the corporate goals, business requirements for IT, and strategic positioning. They cover the business demand for IT. In light of these demands, consideration is then given to IT’s vision and mission statements, IT’s strategic positioning, and the results of the SWOT workshop. Workshop inputs can be extremely valuable, as stakeholders are often on the front line and will share with you the problems they face and their vision for how things can be improved. However, take care here: their view is limited to their own domains, and they are often unaware of the business’s priorities or the bigger picture.

The center of the diagram shows how business requirements drive IT requirements; IT’s goals are the result of systematic analysis of these inputs. However, one of the challenges you’ll face is the sheer volume of data. The recommended approach is to prioritize and reduce everything to groups of ten. So, after the SWOT workshop for example, poll user inputs and come up with the top ten strengths, the top ten weaknesses, and so on. For goals or objectives, further reduction (to five or seven) is advisable for brevity and practicality.

Your vision, mission, and goals constitute the principal components of your strategy. With a strong understanding of current capabilities (the “as-is” state) and a clear vision of the future state for IT (goals, objectives, areas to develop, new opportunities, etc.), you need to understand the gaps between them. These gaps, which can be across any of the domains, should be closed as you execute your strategy.

Vision, mission, and goals/objectives map logically, from one to the next. The final step is to map these objectives to one or more initiatives (or projects), as in the Digital Britain strategy below:

Vision	Mission	Goals	Initiatives
Supporting the Digital Brain strategy	Improving public service delivery Improving access to public services Increasing the efficiency of public service delivery	A common infrastructure	Public-sector network Government cloud (G-cloud) Data center rationalization Government Applications Storage (G-AS) Shared services Desktop services
		Common standards	Architecture and standards Open source, open standards, reuse Greening government ICT Information security and assurance
		Common capabilities	Professionalizing IT-enabled change Reliable project delivery Supply management International alignment and coordination

Source: The UK Government Digital Britain Strategy (2010)

The table below outlines a method for identifying and prioritizing the initiatives. The focus areas are taken from the domains and the questions used in the maturity assessment survey (part I).

Focus Area	Strengths	Weaknesses	Gaps	Initiatives/Projects	Priority
People-training	Support from HR on processing training requests Flexible policy on course selection	Lack of transparency on communicating why some requests are not approved	Alignment of course with employee career path	Develop career pathways for employee growth and communicate process well	Medium
Technology standardization: E-mail	Robust, reliable service offered on desktop, through a web interface and staff BlackBerrys	Currently using Lotus solution for some departments and Microsoft for others, creates compatibility problems	Lack of homogeneity	Unify e-mail system across the organization	High
Customer support requests pending (for days, sometimes weeks)	Dedicated, trained support staff	Lack of automated system to manage support request flow No customer SLA	Formalized support process and tool	Develop SLA with customer and support process to ensure SLA is met Implement via automated tool to manage flow	High

In the first pass, make the table as extensive as possible. It is an excellent learning and discovery process. But bear in mind that each initiative is, in essence, a project. It will require allocated funds from the IT budget, assigned ownership, and resources to carry out the work. Some of the factors to consider when prioritizing the initiatives include:

Cost: Do we have sufficient budget?
Urgency: How fast must we do this?
Value: What tangible and intangible benefits can be gained, short- or long-term, from this investment?
Risk: If we delay or abandon this project, how will it affect our organization?

There needs to be an IT investment framework to govern the acceptance, rejection, or prioritization of projects. An iterative run-through should help reduce the initiatives to a manageable number (a maximum of, perhaps, twenty per year), assuming these are medium- to large-scale projects and that sufficient resources are available. Once you’ve prioritized the list of projects, develop a three-year execution plan (subdivided into separate years) to close the gap between the as-is state and the to-be (desired) state. To aid in diligent execution, take advantage of the various project management methodologies on the market, such as PRINCE2 or PMI.

Measure

By now, you’ve already done most of the hard work. This phase, therefore, provides a mechanism for measuring progress against the defined goals and objectives. It involves developing a reporting framework to communicate feedback to management on the progress of the strategy execution. This framework should be split across a number of levels. At the top, include a one-page summary that concisely summarizes the entire report, preferably just graphs and a few bullet points with key observations.

Where targets were not achieved, provide a one-page table describing what happened and what will be done to address the issue. Link this table to the preceding report so stakeholders can see where progress has declined or improved (one method is to plot each month in a different color). Once you’ve got a simple, easy-to-use reporting template, start using it. Based on feedback from the field, it can be improved as you go along.

For objective performance measurement, a recommended approach is the balanced scorecard, which distributes objectives across four perspectives:^[3]

Financial: Financial objectives and their measures;
Customer/stakeholder/partner: Customer-oriented objectives and measures;
Internal processes: Objectives and measures related to internal work; and
People: Objectives and measures related to people competencies.

The figure above illustrates a sample balanced scorecard. The cream ovals are objectives. They are assigned initiatives (projects) and each of these initiatives is reported upon for delivery (using a reporting template). As Peter Drucker once said, “If you can’t measure it, you can’t manage it.” The reporting system, if well employed, provides for a critical tool for strategic management and governance. For best results, run these reports on a monthly basis (though some long-range measures will need to be tracked quarterly).

Improve

This brings us to the final stage of the strategic planning process, which is learning from the experience and seeking improvement. Without this phase, the whole process becomes repetitive and stagnates. (It’s worth noting that if you’re operating in a restricted environment where input isn’t welcomed, if a culture of candid flow of information is not present, this will act as a barrier to gaining useful information.)

Ensure that you spend time with stakeholders outside IT as well as those within IT, and always follow-up.
Gather these inputs and use the same analytical approach described in this toolkit to categorize and prioritize them.
Develop recommendations and initiatives (projects) and present them to stakeholders. Gain the necessary approvals and then update your strategy with the latest information.
Every three years (maximum), call in a strategy consultant. It is best to choose one who has specific experience in your industry. Share your challenges and allow him or her to give you some best practices and direction for improvement.
Remember, communication and awareness are the keys to success. A story often recounted in management circles is that of the NASA janitor who, when asked about his work, replied, “My job is to help us get to the moon.”
Ensure the links between the strategy and projects are understood; this is often where so many efforts fall to the wayside, when planners and operators go their separate ways to attend to the “need of the day.”
Project execution can refer to external projects that are required by the business, such as upgrading a legacy application, or it can refer to internal needs, like training application support teams on how to use new support systems. It can also refer to the implementation of certain policies, such as build versus buy or the balance of staff versus contractors.

IT strategic planning is one of the least understood areas of IT and also one of the most interesting and challenging. Best of luck in your efforts!

Musab Qureshi has fourteen years of IT experience across a number of industry verticals. He is currently the managing director at Insight Consulting. In his former position at a leading telecommunications provider, Musab played a lead role in developing a three-year strategic plan for IT. His additional responsibilities included budget planning and strategy execution. He can be reached by e-mail at [email protected] .

Tag(s): process, framework and methodologies, ITSM, IT service management, service strategy

Agile, Mobility, and the App Economy: Driving a New Approach to ITSM

Unlocking Continual Improvement in your Key Process Areas

Automation is an Essential Survival Skill for Every Modern IT Organization