Adding value to the IT organization with the Component Business Model

Information technology (IT) has been in a perpetual state of evolution since the advent of the first computer system. The pace of this evolution has continued to accelerate, particularly in today's business environment. Factors such as globalization, the growth of dynamic business ecosystems, acceleration toward a service-based economy, and the commoditization of many traditional business activities are all contributing to a transformation of IT.

Initially, IT's primary role was to improve the efficiency of business processes by automating repetitive manual activities. At that time, many IT activities (such as performance evaluation) were inwardly focused and perceived as esoteric by other business groups. Due to this inward focus, IT organizations were technology-focused in the way they delivered services, communicated to their customers, and measured their performance. This focus persists, as evidenced by many service-level agreements (SLAs) that are loaded with technological jargon rather than concentrating on intended business results. Such a technology focus does not reflect or articulate the true value of IT services to the organization's customers.

With the advancement of technology, IT has moved beyond its role as a simple means to improve the efficiency of manual tasks to become a significant means for gaining business advantage; yet, a paradox has emerged. While IT has become integral to the success of many companies (enabling new business services through the innovative use of technology), the ability to isolate and articulate the specific value of IT to these business services has remained elusive. One possible explanation for this is that a conscious and concerted approach to managing IT from a service-oriented business perspective has been lacking.

Today, CIOs (chief information officers) are being asked to show quantifiable value from IT investments. Often a company's largest capital investment, IT is expected to generate innovative business services, improve internal collaborative capabilities, and support dynamic business systems. Many CIOs are challenged by a lack of time or resources to make the transition to the new IT focus, relying instead on tactical corrective actions that typically do not have sufficient impact to effect meaningful change.

These factors suggest that IT executives need a new agenda. They must learn to run IT as a business with a service delivery focus. No longer limited to automating business processes, IT must be viewed as a “manufacturing line” responsible for producing new technology-enabled business services. Like all business leaders, IT executives must be nimble in addressing the needs of the most important customers—external consumers of IT-enabled business services and the CEO—while maintaining strong governance and controls to ensure the quality of existing service delivery. What tools exist to assist in meeting these new challenges?

This paper presents a vision for the future state of IT and describes an IBM approach for assisting senior IT executives with the transformation. The Component Business Model* for the Business of IT (CBMBoIT) provides a new “lens” on IT that can help IT leadership make many of the key decisions integral to planning, managing, building, and operating information technology as a true service-based delivery business.

The traditional technology-centric IT perspective views many of its activities or procedures as independent internal IT services. Meaningful business-based metrics are infrequently used to determine whether customers perceive collections of these IT services to be of value. In fact, considerable confusion exists within many IT organizations as to what a service really is, primarily because the roles of service provider and service consumer are constantly changing. For example, a traditional IT organization may consider the maintenance of a critical business application to be a service. Similarly, handling operating system patches or backup and recovery activities are also often referred to as services, as are many standard IT processes, even though they all have different consumers. From this perspective, measurements of success are likewise viewed from the basis of discrete technologies, a “vertical silo” focus. Within a client-server architecture, for example, IT success might be measured by the availability of the application server, rather than by the ability of a customer to complete a business transaction.

This model of internal, technology-focused services is no longer adequate for IT customers. The IT organization can no longer take credit for internal service availability, such as that of an application server, if the customer's business requirements were not met. Consumers of IT services do not care whether their services were not available because the network was down or because a database was not accessible; they are not interested in IT problems. Like all customers, they simply expect to receive their requested service when they need it from wherever they are located.

In contrast to the technology-centric focus, IT services are now designed to focus on their benefits and provision of measurable value to the customer. They include the vertical technology-based focus in order to help diagnose failures, but they also have a horizontal “end to end” view in order to determine business value. Such a view combines the various constituent parts necessary to produce a consumable service that can be articulated to the consumer without technological jargon. The service is articulated from the customer's perspective and has identifiable value in customer terms.

Obviously it is important for IT managers to understand all of the constituent technology components necessary to deliver the service. However, the primary focus of IT must be the provision of business value. The business service must be measured and tracked by IT from the “outside in,” encompassing end-to-end constituent parts managed by IT that make up the end-user's experience, but with primary focus on the end result. We call this business customer view “IT-enabled business services,” or simply “services,” and differentiate them from internal IT services, which have a purely technological focus.

CIOs are in a pivotal position to reinvent IT as a business unto itself, containing all of the pertinent business components. Each component has a distinct purpose and is critical to the success of the business as a whole. If any component is failing, the effectiveness of the whole may be affected due to the interrelationship of the components.

Table 1 shows examples of business components that are essential to the operation of virtually any enterprise. Applying these components to the business of IT, we can make some associations to illustrate some examples of relevant business-of-IT implications mapped to generic business components.

As with any service-oriented business, IT requires each component to be aligned with the overall strategy. Even more important is the interconnection of these components, which collectively enable seamless service delivery. The challenges faced by an IT service provider are similar to those of any business. Some of the questions a CIO must address in building a customer-centric IT business include: What customer segments should I pursue? What are their wants and needs? Can I effectively meet those wants and needs at a price they are willing to pay, or, in the case of an internal organization, at a cost the business can afford? Within this component-based perspective, what components differentiate me from my competition? How much of my budget is allocated to each component, and is it the right amount? Where are my opportunities for improving efficiency? Should I consider partnering with other suppliers for some of my non-differentiating activities? The Component Business Model for the Business of IT (CBMBoIT) provides a robust analytic framework to help answer many of these questions.

The patented IBM Component Business Model (CBM) technique is a new way of assessing and designing a business. It is an evolution of traditional views of a business, such as the business unit, function, geographic area, or process view. By combining both horizontal and vertical integration, the Component Business Model methodology identifies the basic building blocks of a business. Business components are the equivalent of interchangeable manufacturing parts but are instead composed of processes, functions, activities, and services, collectively referred to as capabilities.¹ Each building block includes the resources (including human resources), activities, and technology needed to produce a service valued by another component, or by an external customer. After a comprehensive analysis of the composition of each business, the individual building blocks, or components, are mapped onto a single page.

A component map is a two-dimensional view of a business. The rows of the component map represent different event horizons and “accountability levels.” The accountability levels are the directing, controlling, and executing levels. The different levels typically require unique skills and often operate over different time scales. The columns of the component map represent competencies and define what critical capabilities an organization needs in order to be successful. Which competencies are required depends on the industry and the business strategy of the company.

The CBM technique, when applied to IT, represents a new way for CIOs to approach fundamental questions by viewing the IT function as a business unto itself. Examination of the components can help identify specific ways in which such “business” operations could be improved. The CBM technique is a framework to help the CIO determine how efficiently the IT service management (ITSM) infrastructure is operating and how well the IT service “business” is helping to support and drive business value.

By applying the same component-based methodology as is used elsewhere in the enterprise, the IT function is decomposed into a unique, yet integrated, set of components. The CBMBoIT model is made up of components that interact with one another by receiving and supplying goods and services, with some components providing valued goods and services to the external customer.

An example of this component-based perspective is the service component reference model of the Federal Enterprise Architecture, as described on the “E-Gov” Web site. “The service component reference model (SRM) is a business- and performance-driven, functional framework that classifies service components with respect to how they support business and/or performance objectives.”²

CBMBoIT³ encapsulates the entire IT function within a simple two-dimensional business framework. An evolution of traditional views of IT, it identifies the basic building blocks of an IT business.

As mentioned previously, the columns of a component map represent the map's competencies. In Figure 1, the competencies of the CBMBoIT map are grouped into three high-level life-cycle-oriented categories, easily recognized by traditional IT functions: (1) the plan-and-manage category, associated with the definition and ongoing management of the business, standards, customer relationships, services portfolio, and information; (2) the build category, associated with solution development and solution deployment; and (3) the run category, associated with service delivery and service support. The rows of the component map represent different event horizons and accountability levels.

Figure 1

A component has discrete boundaries and is defined by the services that it uses as inputs and offers as outputs. Articulation of a component includes specifying its resources, such as the people, technology, and knowledge needed to deliver valued goods or services. Some of these services represent the unique class of IT-enabled business services. From a customer perspective, the business activities of the component need not be seen or articulated. A customer is interested in the results—the services themselves—not how those services are produced.

Component models are not meant to replace other frameworks, but rather add to and enrich them. Collections of best practices such as the IT Infrastructure Library** (ITIL**),⁴ standards as set forth by the International Organization for Standardization (ISO),⁵ and measurement-based quality programs such as Lean Six Sigma**⁶ can be used in conjunction with component models. One of the key elements of a component model is the activities which it executes; as a result, all techniques which are based on process activity still apply. Consequently, the component model perspective provides context for these other types of frameworks.

In the case of CBMBoIT, the activities of the model are drawn from the IBM Process Reference Model for IT (PRM-IT). This IT reference model uses the best practices of ITIL as a base and then adds to those high-level independent process definitions the rigorously engineered workflows which are essential to service engineering. CBMBoIT and PRM-IT, like ITIL, are evolving frameworks. Whereas this paper focuses on CBMBoIT and PRM-IT Version 1, Version 2 of both are currently under development, and the authors expect this evolution to continue.

Figure 2 illustrates the place of a component (the foundational conceptual element of CBM) in the larger CBM context. IT is one component in the industry CBM map (in the lower right corner). The infrastructure technology component is expanded into the 50-component map of CBMBoIT. The infrastructure operations component of CBMBoIT is expanded to show activity workflows, resources, and so forth. The CBMBoIT workflows, detailed in Figure 2, may be used for automation in exactly the same manner that a programmer would apply when developing an application that automates any other business function. Coupled with a service-oriented architecture (SOA) programming model, CBMBoIT makes it possible to develop a set of integrated applications for the IT industry which serve the same function as other industry-oriented programming models. This represents a dramatic shift from point solutions directed at the technology being managed and single-process or single-discipline automation such as help-desk automation.

Figure 2

From an analytical point of view, the management boundaries of components can usually be separated at logical boundaries as illustrated in Figure 2, wherein the component for infrastructure operations is shown separately. Additionally, each component has attributes, such as cost, resource consumption, efficiency, effectiveness, and importance to the attainment of business goals. Services produced by one or more components that are necessary but invisible to the customer are referred to as “internal services.” Conversely, services that are visible to the customer are “external services” and would typically be defined in a service-level agreement. As mentioned previously, notions of “internal” and “external” are context-based—it is impossible to apply these qualifiers correctly without first determining who fills the role of provider and consumer. The CBM-BoIT model can help articulate the context for a given situation.

As seen in the component map (Figure 3), the competencies of CBMBoIT are: IT customer relationship management (CRM), IT business management, business resilience, information and knowledge management, service and solution development, service and solution deployment, and service delivery and support. The background colors of the components in this figure represent different component groupings, or “waves,” as discussed in the section “A new lens for CIOs.” The components with bold orange borders are discussed in the section “CBMBoIT components.” The CBMBoIT competencies are described in detail in the following subsections.

Figure 3

IT customer relationship management
The IT CRM competency is focused on the management and optimization of communication and interaction between IT service providers and their customers. The success of this relationship is critical to the success of the IT organization and to the entire enterprise.

This competency is multifaceted. It includes gathering business requirements and helping the customer to develop justifications for requested solutions. The CRM competency also arranges the initial interface with the team of architects who will design the solution and monitor the customer's satisfaction with the development, deployment, and ongoing support of the solution. The collaboration between the customer and the IT service provider is iterative, and communication occurs continually throughout the life cycle of the solution.

The following are some of the primary goals of IT CRM. The provider must understand the business communities, define the business context, and determine the customers' wants and needs. It must establish community segmentation, develop a market intelligence strategy, identify key requirement sources, and determine which segments need to be served. A market plan must be developed, including determining service classifications, capturing and assessing customer wants and needs, and establishing macro service definitions.

IT business management
Companies manage many assets, including people, money, facilities, equipment, customer relationships, and information. The technological capability to collect, store, and disseminate information is frequently the most challenging of all management issues. The needs of a business constantly change, whereas systems in place remain relatively rigid. IT implementations involve both initial and ongoing investments for outcomes that no one can precisely predict.

In the past, some businesses could succeed despite weak IT management practices. Today, however, information and the technology used to capture and manipulate it are increasingly important elements of business products and services. In many cases, information is the most valuable asset that a company owns. Generating more value from IT and the information it manages is directly dependent upon strong competency in IT business management.

The primary goals of IT business management include setting a strategic direction for the use and governance of IT (i.e., IT strategy) that is aligned with the business strategies and priorities; establishing the enterprise architecture that details the strategic direction in terms of the business process architecture, information architecture, services and applications architecture, and infrastructure architecture; maximizing the value of the IT portfolio that is strategically aligned and balanced with business priorities; and measuring, analyzing, and reporting business technology performance and value.

Business resilience
Business functions have become virtually inseparable from the IT that supports them. Daily business operations are increasingly dependent on IT. As a result, organizations must continually analyze, plan, and implement resilient IT infrastructures in order to achieve a resilient business. What was formerly known as IT disaster recovery is insufficient in today's environment of IT-enabled business services.

At the same time, compliance requirements are beginning to drive business agendas. Organizations are accountable for meeting a plethora of mandates specific to their vertical markets and to address cross-industry legislation such as the Sarbanes-Oxley Act (SOX).⁷ The breadth and complexity of these challenges are causing many organizations to approach resiliency and compliance from a more strategic and integrated perspective.

The business resilience competency enables firms to rapidly adapt and respond to any internal or external opportunity, demand, disruption, or threat and to continue operations without significant impact to the business. A holistic approach is used to analyze all layers of a resilient business, encompassing strategy, organization, processes, applications and data, technology, and facilities. Remediation solutions are then designed based on industry-specific requirements, the existing infrastructure, current and desired business models, competition, budget constraints, and various other factors. A single, integrated resiliency strategy is then developed that addresses both business and infrastructure requirements.

This competency also enables a more dynamic, strategic, and integrated approach to managing compliance obligations. The internal controls of an organization are designed to provide reasonable assurance regarding the safeguarding of resources, reliability of operating and financial information, and compliance with laws and regulations. The concept of reasonable assurance recognizes that the cost of a control should not exceed the benefit to be derived from it. It also recognizes the need for uncompromising integrity, good business judgment, and a culture of good control practices. Core infrastructure capabilities are identified that firms can then deploy to address their compliance requirements.

Some of the primary goals of business resilience include the following:

1. Building agility and protection throughout the infrastructure of the enterprise,

2. Setting the strategic direction for achieving adherence to performance baselines and consistent internal controls throughout all business groups, divisions, subsidiaries, and departments worldwide,

3. Establishing a holistic and integrated approach to IT risk management that track a variety of traditionally underappreciated technology and business-facing risks,

4. Influencing the construction of a resilient and compliant enterprise architecture and construction of infrastructure capabilities that prioritize remediation investments based on risk tolerance and benefit trade-off analysis.

Information and knowledge management
In today's economy, information—what one knows and when one knows it—is a key driver of success. Frequently, information is among a corporation's most valuable assets, and increasingly provides a source of competitive differentiation.

The discipline of information management treats information as an organizational asset which must be managed as rigorously and purposefully as any other asset. It begins by clearly identifying information that is important to the enterprise and establishes strategic objectives and priorities for information that is aligned with the business strategies and priorities. The method, source, and timeliness of collecting this information also need to be determined. The information must be organized and structured in a coherent manner. Policies and controls must be put in place for the retrieval and use of the information.

Information management also requires a governance system capable of establishing organizational roles and responsibilities for managing information and assigning “data custodianship” for specific subject-matter information collections. The information management discipline must also effect formal definition and change-control mechanisms for information and information policy and validate that information is defined, collected, and used in accordance with the intent and policies of the enterprise.

Service and solution development
The rewards associated with developing new IT services and solutions can be substantial: enabling new business processes, tapping into new markets, and gaining efficiencies which lower cost and increase productivity. New IT services are therefore crucial to gaining a competitive advantage. Just as a poorly designed production line can hobble a manufacturing company, poor performance or failure in this competency can lead to project cost overruns, solutions that are misaligned with requirements, and missed opportunities in the marketplace.

The service and solution development competency governs IT development activities throughout the enterprise. The mission for this competency goes beyond coding and database schemas to include development of the IT infrastructure as well. The result of a development effort could be a new service, a new solution, or a combination of solutions and services to enable and facilitate business processes (including IT processes). Furthermore, the idea of development is extended in this context to cover the entire solution and service life cycle, so that the competency includes the activities necessary to maintain a solution once it is placed into production and retire it once it reaches the end of its life cycle.

The typical development activities (for example, requirements analysis, solution design, development, integration, and unit and systems testing) are at the core of this competency. These activities may be done in-house or provided by another service provider. Because the IT business management competency may wish to control vendor relationships at a broad level, decisions on whether an activity should be built or purchased may be delegated to and coordinated by service and solution development teams where appropriate.

Service and solution deployment
Change in an IT environment is a healthy and nearly constant phenomenon. An infrastructure which never changes is stable, but is also one whose value quickly diminishes. However, since change is also one of the leading causes of service outages, a key competency of any IT organization is the ability to introduce change into the operational environment in a timely manner with minimum risk and disruption.

Execution of the components involved in the service and solution deployment competency should be applied to all changes which have the potential to impact successful service delivery. This commonly includes software, hardware, control mechanisms, configurations, facilities, databases, and business applications. Less commonly included, but no less important are organization and process changes, which can impact skills availability and performance.

The components associated with the service and solution deployment competency address all aspects of change and release activity, including assignments, scheduling, approval, distribution, synchronization, installation, monitoring, and activation. While change activity can be initiated from any other process, the service and solution development competency usually defines the content of the change or release to be deployed.

Service delivery and support
The service delivery and support competency is responsible for the delivery of the IT services as defined by the IT services catalog. It must meet the service requirements within budget, while producing a high degree of customer satisfaction. This competency has the flexibility (within policy guidelines) of determining what activities are performed in-house or contracted to an external service provider. Regardless of the sourcing model employed, this competency retains responsibility for the quality of services provided and attainment of all service-level objectives.

In order to deliver services and provide support, this competency must manage a broad range of disciplines, such as incident management, problem management, configuration management, license management, workload management, technology updates, performance management, inventory (asset) management, and operational document control. This competency not only manages these disciplines, but must also identify, implement, and maintain the tools and provide the staff with the necessary skills to execute these functions.

The span of control for this competency is limited to the operation of steady-state services. New services, infrastructure, and functionality must pass through the development process and be introduced to the production environment according to the deployment policy of the organization. Replacement technology may be introduced as part of a repair action without passing through the development process, but must still pass through the administrative aspects of change control. In the event of emergency situations, this may be done after a repair, but still must be completed in order to maintain the integrity of the configuration management database.

As part of service delivery, this competency is also responsible for housekeeping and maintenance activities (e.g., off-site tape management for backup and restore functions, print and paper supplies for output management, fulfillment of environmental and electrical specifications for operating environments, as well as cable diagrams and labeling for raised-floor environments.)

All of the components produce services that ultimately contribute to the successful delivery of the IT capabilities. For the purposes of illustration, we will explore a subset of the components that are crucial to a successful implementation of ITSM.

Within the service delivery and support competency are the following components: support services management, infrastructure resource management, and infrastructure operations, as shown with bold orange borders at the lower right corner in Figure 3.

Support services management
The focus of this component is the support of the day-to-day operation of the IT environment. It is characterized by the attainment of service level targets and the management of end-users' perceptions of IT services. This component provides assistance to customers in their use of IT and makes IT resources available with performance meeting the agreed-upon service levels. The functions of support services management include request management, problem management, IT-service-continuity management, end-user support, deskside support, and incident management.

Infrastructure resource management
This component is responsible for managing and maintaining the physical computing assets and networks of the organization. It manages both hardware and software. The functions of infrastructure resource management include preventive maintenance, facilities management, configuration management, and inventory (asset management).

Infrastructure operations
This component is responsible for execution of the workload and the operation of the physical assets of the organization, irrespective of their physical location. The purpose of this component is to provide and execute the requested services. The functions of infrastructure operations include operational monitoring, dynamic performance management, workload management, output management, and error recovery management.

These components describe the activities required for maintaining the environment on a daily basis. The effectiveness and efficiency of these components are contingent on the propagation of the solution-delivery and solution-support strategy and operations, infrastructure resource, and support-services planning.

There certainly is no shortage of IT analytic approaches. Most of these approaches, such as the Microsoft Infrastructure Assessment Framework,⁸ evaluate the common elements of process, organization, and technology. Many of them include variations of processes originally defined in the IBM Infrastructure Service Management Architecture (ISMA) model.⁹

COBIT,¹⁰ issued by the IT Governance Institute and now in its fourth edition, is another increasingly popular analytic framework. COBIT is an internationally applicable and accepted IT governance and control framework for aligning IT with business objectives, delivering value, and managing associated risks. It provides a reference framework for management, users, and IS (Information Systems) audit, control, and security practitioners. Its guidance enables an enterprise to implement effective governance over IT that is pervasive and intrinsic throughout the enterprise.

Likewise, CBMBoIT is also based on process activities, organization, and technology. However, it is unique in that it segments an IT organization into components. Each component can be evaluated independently or as part of the whole. The key benefit of the CBMBoIT map is that it enables consistent criteria to be applied to each component, thereby providing a mechanism for strategic planning. With components as the core construct, the CIO can determine the resources consumed and their value in attaining the IT organization's business strategy. Through component segmentation, the CIO can address issues such as the identification of the organization unit currently performing a function, the number of personnel assigned to the requisite role or roles, the cost of human resources assigned, the cost of the technology supporting a component, and the effectiveness of the services delivered by a component.

Based on the information secured from the preceding inquiries, multiple maps can be developed to characterize the current state of the IT business. Equipped with this data, the CIO can gain compelling new insights that will result in a broad spectrum of possible improvements. In addition, CIOs can use the CBM framework to help meet specific improvement objectives.

The development of the maps used to determine the current health of an IT organization is best performed in a facilitated workshop called the CBMBoIT Discovery Workshop. Through this workshop, experienced advisors introduce the process of evaluating the components within an organization for both effectiveness and importance to the enterprise. Participants vote on the effectiveness and the strategic value of each component. Using the Component Assessment Advisor (CAA) tool developed by IBM, participants add their perspectives to the evaluation. Within the workshop, each component is reviewed to consider its relative contribution to IT service value. The categories of “differentiating” and “nondifferentiating” are used to help analyze components and to allow distinctions to be made between a component that is important but nondifferentiating and a component that provides competitive differentiation. As an example, an important but nondifferentiating activity might be one that provides network availability. Such availability is essential to the success of the business but may not be sufficient to provide competitive differentiation in the eyes of customers.

The results of this exercise are immediate—participants can see maps of components which highlight areas of high and low effectiveness or high and low differentiation. The CAA tool provides for multivariant problem analysis, where multiple factors can be considered simultaneously. When this information is correlated to spending and staffing, the implications for investment decisions become clear. Areas of low effectiveness, if they are strategically differentiating, might benefit from increased staffing or spending. Components that do not deliver strategic value and do not depend on any particular in-house capability might be good candidates for alternative sourcing, especially if it is discovered that a disproportionate amount of resources are allocated to them.

What emerges is a “heat map,” which clearly illustrates components that exhibit similar characteristics, as illustrated by the background color of the components in Figure 3. Corrective actions are then defined for these components, based on their common characteristics. For example, priority can be given to all components that are identified as differentiating (critical to creating competitive advantage) but are performing at low states of effectiveness (wave-1 components). Next in priority, (wave-2 components) might be those that are nondifferentiated and ineffective, and wave-3 components could include those that are also nondifferentiated, but, in addition, consume a disproportionate part of the budget. Depending on the situation, some organizations might choose to address the wave-3 components first, in order to free budget dollars to address the other priorities.

The output of the CAA is in itself a communication tool that can be used to help convey the need for a new direction or assist with action plans to meet key objectives.

As previously described, a key factor in strategic decision making is differentiation. In the following scenario, we describe a fictitious financial services organization, the ABC Company, to illustrate the idea of differentiating components. This company is an industry leader in developing and delivering innovative financial products.

Differentiating components
When compared to its competitors, ABC Company enjoys a clear differentiation as an innovator in providing financial products to the marketplace. IT plays a key role in supporting the development of the company's products by providing the lines of business with the ability to combine and analyze information in new and unique ways. These include leveraging the customer information file (CIF) as well as other information repositories. This synergistic compilation of discrete data sources to provide valuable information produces key insights into customer buying patterns. For the ABC Company, the “service” resides with IT, which has differentiated itself as an internal enabler. Subsequently, the ABC Company is able to differentiate itself from its competitors in the marketplace. The key enabler is the innovative ability of IT to derive value out of the data repositories it manages.

From a CBMBoIT perspective, this fictitious company relies on the information and knowledge management competency of IT to differentiate itself. While this competency is clearly differentiating, and specific components within this competency provide high value to the business, not all components necessary to provide this capability to the overall enterprise are themselves differentiating. If the CIO were seeking to outsource various components of IT, it would be critical to understand which components are vital to providing differentiated IT service. The CIO of the ABC Company may endeavor to determine what resources are allocated to these components and elect to invest a larger percentage of the overall IT budget to them. To do so, CBM can assist in identifying nondifferentiating activities where savings can be secured based on lower-cost sourcing options. These savings can then be invested in the differentiating components.

Nondifferentiating components
With CBMBoIT, each component can be decomposed to reveal the roles, technology, and processes and associated costs through which it generates its services. This level of decomposition provides a unique “lens” from which to view how the business of IT operates. For the fictitious ABC Company, we identified one example of a differentiating competency. Upon inspecting other competencies and associated components, it became clear that the competencies of human resource (HR) management and daily operations were capabilities that did not differentiate the ABC Company. It is important here to note that in some environments these may well be differentiating components, depending on the IT strategy of the organization.

Using CBMBoIT, these components can be examined individually. Using the IT business management competency, the CIO can determine if the human resources component is differentiating. The purpose of this component is to provide IT-specific HR activities, including defining career paths, job roles, and job structures to maintain the proper skills balance within budget. The CIO of the ABC Company might conclude that HR functions, though critical to the success of the business of IT, are not a core competency of this particular organization. Because activities such as HR planning and budget activities do not directly differentiate the business of IT, the CIO concludes that the level of internal IT resources and associated costs are better spent elsewhere and therefore merit re-evaluation. Other options, including sourcing options, perhaps from within his or her own enterprise, may be considered.

The infrastructure operations component is responsible for running and operating the organization's workload and operating the physical assets, regardless of their physical location. The purpose of this component is to provide and execute the requested services. More specifically, it describes the processes, technology, and roles associated with operational monitoring, dynamic performance management, workload management, output management, and infrastructure recovery management.

The CIO understands that this component is crucial to service delivery and that it should be delivered in the most effective manner at the lowest possible cost. However, in this particular situation, it is not a differentiator. The CIO recognizes that many sourcing options exist to deliver the component at the same or a better level of service at a lower cost by world-class external service providers. This information leads to further investigation of sourcing options.

Using the concepts associated with the CBMBoIT framework, the CIO knows that each component has a specific set of activities, roles, information, and technology. Collectively, these components interact to provide IT-enabled business services. By using the CBMBoIT map, the CIO can identify the interconnection points between the components for which the organization wishes to retain accountability and potential alternative suppliers. These intersections can be articulated in a clear and specific way that helps determine responsibility and accountability. The differentiating nature of components emerges only when the alignment of IT service delivery and the customer of IT services is clearly understood.

Strategy is defined as the formulation and execution of an integrated set of choices that are based on a customer's needs. It identifies the essential positioning, competitive advantages, and configuration of the activities that are necessary to create sustained value (i.e., a competitive advantage) and generate financial returns in a dynamic environment.

The IT and business alignment component, therefore, addresses the alignment of IT strategy with business strategy. The lack of a documented IT strategy which is aligned with the business strategy is, in many cases, one of the major causes of issues necessitating a transformation. It is important to have at least a sense of an organization's strategic intent for IT (how it is to be employed to achieve competitive differentiation) before effective transformation activities can begin. An analogy would be the attempt to critique an archer's ability to hit a target without supplying a target. At a minimum, we would want to ensure that the archer is pointed in the right direction. Because an understanding of the strategic intent for IT is a crucial element in determining whether components are differentiating or nondifferentiating when CBMBoIT is used as an analysis framework, the CIO is faced with a choice: wait until a proper IT strategy can be developed or take advantage of a strategy proxy framework for IT strategy in the interim so that other transformational activities can begin.

The customer relationship profile¹¹ provides such a strategy proxy framework for achieving an interim understanding of alignment. After the service provider profile has been developed in concert with both IT and business executives, the customer relationship profile can serve as a proxy for the actual IT strategy until a proper IT strategy, tightly integrated with the business strategy, can be developed. This allows the analysis of the organization to proceed in parallel with an effort to develop an integrated IT strategy. Once a more rigorous strategy is available, the recommendations and initiatives that were created based on the customer relationship profile can be validated or modified to improve their alignment, but at least the initial direction for the “archer” to aim will be known.

The customer relationship profile captures how an enterprise intends to employ IT capabilities. The capabilities of the IT organization can be employed as a commodity (basic IT services at the lowest possible cost), as a utility (basic services but with an emphasis on service quality, potentially at a higher cost than a commodity), as a partner (IT services as an integral part of providing the business service), or as an enabler (the IT organization being expected to provide the foundation for competitive differentiation). Each of these options represents a potentially valid customer relationship profile. The customer relationship provides a means to begin analysis using the CBMBoIT when a proper IT strategy has not yet been defined. Table 2 shows the characteristics of various customer relationship profiles.

In most environments, there will not be a clear consensus on what the proper customer relationship profile should be. Each division within an enterprise may wish to employ IT capabilities in a different manner; some will want commodity services, some utility services, some partner services, and others enabling services. While most environments exhibit characteristics of multiple profiles, typically a predominant profile will emerge, with other profiles providing influence of various degrees. The challenge to the CIO will be how to define and deliver a set of services that satisfy the various constituencies to be supported.

The process of determining the customer relationship profile provides some insight into the relationship of IT to the remainder of the business, but its primary purpose is to reveal issues of alignment; that is, to determine if there is agreement among business and IT executives on how IT is to be employed. Insight into the existing profile can be found in the organization's structure, but most revealing are the types of services IT provides and, of equal importance, the services IT does not provide.

IBM has defined the specific process activities for each component in the CBMBoIT framework. The process activities, defined by PRM-IT,¹² are based on de facto IT process standards, including ITIL.

The focal point for all IT activities, and the executive accountable for IT value, is the CIO. Accordingly, PRM-IT views the activities within IT from this executive's perspective. It is only from this vantage point that all aspects of IT are visible. Because the PRM-IT processes are true processes in every sense, typical activity roles can be considered; that is, who defines, controls, executes, and measures each activity.

Based on its extensive IT management experience, IBM has supplemented the content of ITIL Version 2 in the PRM-IT model. While honoring the spirit and intent of the best practices defined by ITIL, the PRM-IT creates a rigorously engineered process model that identifies the set of IT management processes required to move beyond an operational focus. PRM-IT helps define a management framework which uses principled decision making that accounts for changing business and technology conditions while managing the complexity of existing systems.

By providing advanced visibility into service portfolio changes, IT management can guide its customers in making informed consumption decisions, thereby improving infrastructure demand forecasting. Increasing efficiencies in all areas, IT management can help develop operational excellence and standardization in order to enable large-scale savings from hybrid sourcing models. From centralized, dedicated staffing to seamless, on demand global sourcing, IT management can provide new options for the enterprise.

One of the key concepts behind PRM-IT is that, regardless of organization or technology employed, there is a fundamental set of processes necessary to manage any IT environment. These processes do not exist or function in isolation, but interrelate and interact with one another. There is no single correct process decomposition or any means of demonstrating that a particular treatment of IT processes is superior to any alternative treatment. Implementation-specific context will always be required for making those judgments.

To satisfy key design characteristics, the PRM-IT model, illustrated in Figure 4, was designed to be comprehensive, holistic, neutral (with regard to technologies and organizational structure), scalable, and flexible. In order to achieve alignment with the ITIL best practice materials, PRM-IT is aligned to ITIL Service Management and incorporates relevant aspects of other ITIL standards.

Figure 4

PRM-IT represents the third generation of process model within IBM. It is an evolution of the IBM IT Process Model (ITPM), which was in turn an evolution of the IBM Information Systems Management Architecture (ISMA), which was documented in the late 1970s. PRM-IT incorporates over 30 years of IBM IT management experience.

Regardless of the industry, the role and purpose of IT has continually evolved over time. Much of that evolution was rooted in technological advancements, with the goal of providing faster, more resilient, and more integrated solutions for clients. While these considerations remain germane, the current stage of evolution focuses on moving from a technology-based focus to a service-based focus. To that end, managing IT like a business, with services being the primary product produced and consumed by customers, characterizes this shift in perspective which is at the core of ITSM.

The CBMBoIT provides a powerful, flexible new perspective of IT as a means to assist with strategic decision making. It represents the value chain of service delivery by way of a discrete set of business activities with unique purposes (i.e., components). This component-based approach enables the analysis of each distinct entity whether it operates inside or outside the enterprise, as well as the relationship of the component to other components through common processes, information systems, and SLAs.

Examples provided on the analysis of a fictitious IT environment clarified concepts and touched on potential outcomes of a CBMBoIT perspective, illustrating the way in which the CBMBoIT discovery workshop can aid executives in illuminating strategic options that may be overlooked using conventional atomistic approaches.

Undoubtedly, the discipline of services engineering will evolve, as will IT management process standards such as ISO 20000. We intend to incorporate in future releases of CBMBoIT and PRM-IT both the evolving content of these disciplines and the experience of IBM in managing large and small IT installations around the world.

*Trademark, service mark, or registered trademark of the International Business Machines Corporation in the United States, other countries, or both.
**Trademark, service mark, or registered trademark of Information Systems Audit and Control Association, the United Kingdom Office of Government Commerce, or Motorola, Inc. in the United States, other countries, or both.

Accepted for publication March 10, 2007; Published online July 11, 2007.