The question of who runs your IT is one of the biggest facing any organisation. UKISUG Director, Alan Bowling delves further into finding the right model for you.
Who runs IT now? Just four words but a variety of meanings. In your organisation, is IT aligned to the finance team or is it part of the front-line business? Is IT run by your staff or is it run by an external supplier? If it is run by a third party, is it bespoke for you or is it part of a shared service?
Ensuring your IT provision is up to standard
When I started in the world of IT, nearly all of it was run by internal staff, and the number of degree level qualifications were sparse indeed. In the 1980s, the UK government was struggling with IT, and developed ITIL (IT Infrastructure Library), which was the beginning of a series of books setting out the standards it wanted to work to. Now ITIL is a worldwide standard – ITIL 4 Edition starts with the ITIL Foundation book, which was released on February 18th, 2019) – I often hear criticism of it not being able to fit into the latest DevOps model being passed around. My point of view is that criticism often comes from those that haven’t really passed through the ITIL education process.
The reason I mention ITIL is because it forms a benchmark through which you can judge the prowess of either your internal or external IT provider. It should provide data and information on the performance of those involved in the provision of IT. In a previous blog post I referred to a “risk appetite statement” being essential to manage the internal relationships for IT. Whether you are reporting to finance or directly to the CEO, you need to provide them with assurance that IT has the capability to deliver on business objectives. Finance will typically be more focused on costs and efficiency, while the more enlightened CEOs will have more of an eye on innovation. Understanding these drivers is important when deciding which IT delivery model to adopt.
Choosing the right model
When it comes to IT provisioning decisions, there are three directions that can be taken: totally in-house, totally outsourced, or a hybrid of the two.
The in-house question is one of cost and opportunity. It has the potential to be close to the organisation, and to be highly aligned with business needs. How well in-house IT performs depends on the discipline and capabilities of the management team, it will likely cost more but also can reduce time to market through deep understanding of the business. With active benchmarking through independent sources, in-house IT can remain focused on the task at hand. There is also however a question of scale. Is the organisation big enough to have sufficient expertise in all the areas of IT it needs? If the organisation is big enough, it can also run its own low cost location provision of service.
Then there is the totally outsourced model, which is far more complex. In a previous blog post around cloud services I posed some contracting questions. The same questions apply, and the challenge here is to get the selection of provider correct. Again I will refer to my “Risk appetite statement”. You have to know what you are prepared to live with. What level of service do you want? How does the overall organisation and IT strategy relate to the service you are buying, and what is the ability of the provider to support you on that journey?
Typically, these contracts run for three to five years. In that time span a lot of change is likely, and often I have seen unexpected changes drive a massive hole straight through the contract, especially if there hasn’t been sufficient time spent on agreeing flexibility as part of the upfront planning and selection process. As with any outsourcing contract, organisations also need to balance cost savings with value. If there is too much of a focus on cost savings it could be to the detriment of IT delivery.
One other aspect of outsourcing is IP rights. In an internally serviced company, it’s very clear as each employee has that spelt out to them. In a third party company it is less clear, especially if they are providing similar services to one of your competitors. When outsourcing, it is vital you find the people in the third-party company that are right for you – the leaders need to behave as part of your organisation. When you are winning, they should be winning as well. And when you are hurting, they should be hurting as well.
The size and scope issue often leads to organisations adopting a hybrid model. Some specialist services are sourced from third-parties, with the internal resources focused on the bread and butter of the organisation. This model often has internal procurement savvy technical staff running the contracts and embedded in the IT organisation.For organisations who are wary of losing total control over their IT or those wanting to simply augment an increasingly stretched internal IT operation, the hybrid model can be an attractive option.
So where do I sit? I’ve worked all the models. Personally, each model was right at the time for the given circumstances. But if I was pushed then I would go with the hybrid – as this model, if managed correctly, gives the best of both ends of the spectrum.