Quantifying the value of business requests to IT

Quantifying the value of business requests to IT

(Quantitative Risk Analysis for IT Management)

“We will deliver solutions with clear, measurable business value.” 

--Paul Algreen CIO, Janus Capital Group

This quote, from our CIO, could have been from any CIO in any industry.  It makes sense, is simple to understand, and is hardly novel.  The issue many IT practitioners including myself have with it though is also simple and not so novel.  Determining the business value of an IT deliverable is not something that IT can do without a deep understanding of the processes of the functional areas that they support and the objectives and strategies of their leaders.  As a matter of fact, this should be a business deliverable to IT prior to project approval and prioritization.  Business Analysts can help in some aspects during the requirements process, but by then, the project has already been approved, hopefully with some value analysis, but all too often, without any.

The capability enabled or catastrophe avoided by an IT project, whether it be enabling a holistic view of operations (BI), a reduction in the risk associated with operations (Security, MDM), an ability to increase throughput (Storage, Network), new capabilities and efficiencies (Application Development), etc., should be accompanied by an explanation and measurement of the financial impact to the bottom line.  Mandating this deliverable however, is beyond of the control of most CIO’s.  Despite the fact that much of what does engage IT resources is strategic in nature even when not quantified, too often, some are hot button items presented by the most vocal business partners when if measured, might have been avoided.  But requiring the measurement of the potential value of an ask? Is this even possible? Isn’t this too burdensome and even obstructionist?  Impossible at worst and bureaucracy run amok at best? Not really, and I’ll show you why.  Let’s examine more closely an IT initiative that is “invisible” to the business for all practical purposes, Security.  Very little research is required to understand the impact to reputation and thus, revenue, immediate and long-term, which accompanies a breach of private customer information.  Is it a 20% hit for six months? A 10% hit for 3 years? Is that a reasonable range that encompasses the majority of scenarios?  A small investment of time in Google should be able to provide some range of possibilities based upon real events.  Even with these broad assumptions like these, we are able to quantify a reasonable expectation of loss.  

By building a simple model in MS Excel, it becomes obvious quickly why an initiative like this may trump all other initiatives at this moment.    See example below.

Figure 1: Security Project Estimate

With the previous example, I admit the value was pretty obvious to anyone who has paid attention to the news in recent years, but I like to believe that, tying numbers to the effort may have avoided the need for multiple further discussions and presentations on the topic.   

A more tactical and involved example is as follows.  In the Business Intelligence (data) world, the deliverable of complete, accurate, and accessible data can be measured by quantifying the value of making decisions with more information (less uncertainty=greater probability of desired outcome).  A Sales or Marketing manager, may be asking themselves, Am I targeting the right prospects or markets? Spending time with the right customers or markets? Building the right products? Capitalizing on favorable trends? Avoiding or minimizing potential risks? They should and probably do have some idea as to how they expect their world will be impacted by the impending BI initiative.  For example, an integration of CRM and transactional data will provide a picture of how company initiated activities (meetings, calls, emails) are related to customer initiated ones (purchase, redemptions) and will certainly cut the time needed to access, consolidate, and analyze this data prior to making a decision, and that time can be quantified quite easily.  However, labor cost savings are never enough to compensate for the project expense and much more intellectual rigor must be applied to identify true benefits from the initiative.  If the manger is tasked with thinking a little more deeply about what they may be able to accomplish, it may lead her to propose that she should be able to Increase product diversity of 5% to 10% of the single product advisors and in doing so, increase their flows by a range of 10% to 25%.  Even a heuristic and conservative assumption like this, based upon her experiences or business knowledge is reasonable and enough to quantify her expectations.  The illustration below incorporates her set of possible outcomes from her identified scenarios and quantifies an expected gain for her from this initiative.

Figure 2: Marketing Manager Estimate

 

Note that a 90% confidence used in the Security example is due to our wanting to cover a large portion of possible outcomes given our assumptions.  The manager on the other hand may want to stay on the conservative side and choose a confidence level far below 90%, she may only be comfortable with 20% confidence which would yield, $1,482,564 based upon her assumptions.  Still a robust calculation for something that was previously “unquantifiable”.

With only 1 scenario identified, this initiative is already worth over $1,000,000.  A suite of such possible scenarios that align with the business leaders’ strategy, when quantified and contrasted against the cost of delivering the capability, helps everyone to understand the initiatives value add to the business and in doing so, if push comes to shove can help the business to prioritize these efforts. 

IT would also utilize a similar methodology to quantify the cost of any proposed project.  Without requirements, a similar approach to identifying a range of hours based upon heuristics and historic data (if available) could be modeled.  See below.

Figure 3: IT Estimate Example

Without any requirements analysis being completed, we have a method to have an initial starting point for this effort.  And because we have used such a wide range for each phase, and have developed these ranges by working with your experienced IT staff, the likelihood of the effort exceeding 845 hours is minimized.  The ranges are large and the estimate may be large because at this moment, uncertainty is at its highest.  As the ask becomes clearer and the tasks become better understood, uncertainty will also decline and as one would expect, these ranges will narrow and the effort’s costs will fall.   

In conclusion, with minimal effort and an ask that our managers (IT and Business) to think more deeply about how an IT deliverable will impact the company generally and their world specifically, it is possible to deliver upon the goal of every CIO, “to deliver solutions with clear, measurable business value.”  One part of making this approach real that I have not addressed is who will build out these scenarios and develop these estimates?  I would suggest that Business Analysts along with the IT Manager be the ones tasked with gathering this data and building these models.  The Business Analyst will develop insight into the business beyond its processes and the IT Manager will better understand how data and technology are used to support the firm’s strategic initiatives as well as develop relationships that will benefit the firm overall as IT transforms from being a customer service organization into a strategic partner.