Is your IT strategy effective?

Written By Tom Hunsinger

IT Strategy Introduction - What approach do you follow?

Developing an IT strategy can be an overwhelming for leaders. Capturing and communicating your strategy can be difficult, but it’s crucial to leading and implementing change.

 This week I am starting a series on IT strategy, structuring a simple outline for developing IT strategy. The simple steps give freedom to incorporate different frameworks and standards based on your business model or organization and industry needs.

 I’ll break down key sections into more details each week. I invite collaboration and comments to improve the content and learning process. There isn’t a secret formula and there are many ways to develop strategy.

 Here is the summarized outline. Each section can become complex based on the company, but having an outline to follow is useful.

 

1. Current State Assessment

2. Target State Description

3. Gap Analysis

4. Roadmap

5. Governance

 

Current State Assessment

 The first step in developing an IT strategy is assessing the current state of things. It's essential to quickly acclimate to the organization’s rhythm, as the window for grace is short. A strong understanding of business direction, processes, existing technology, IT operations, and engaging with key staff lays the groundwork.

 This week focuses on that assessment. While the order of tasks matters, it’s not rigid—flexibility is key, and activities often run in parallel. Still, a baseline understanding of business needs is crucial before evaluating how well IT services are supporting them.

Current State Assessment Tasks

  • Business Status

  • IT Vision/Mission

  • IT Goals

  • People Analysis

  • Process Analysis

  • Technology Analysis

  • Risk Analysis

 

Is anything missing from your experience?

What tasks do you include in your assessment phase?

Business Status – For IT to truly serve the company, understanding the business isn't just helpful, it's critical. One of the most impactful ways to gain this insight is by spending time with the people who live and breathe the business every day. This initial assessment is just the beginning; continuous learning is key to becoming a true strategic partner.

·        Stakeholder Engagement: Build relationships with key leaders. Understand their goals, pain points, and how they view IT's performance.

·        Process Evaluation: Dive into business processes to identify inefficiencies and opportunities for tech-driven improvements.

·        Business Goals & Strategy: Know the documented goals and strategic direction from leadership.

·        Key Performance Indicators (KPIs): Understand how the business measures success and align IT KPIs accordingly.

·        Finances: Grasp the company's financial health and priorities to inform budgets and business cases.

·        Competitors & Industry: Become informed on the market state and headwinds, comparable competitors, and the overall industry landscape.

 Finally, use these insights to identify quick wins that build trust and strengthen the IT-business relationship.

 What elements do you include when assessing the business?

Take time this month to document these focus areas!

IT Vision/Mission – Developing an IT Vision and Mission statement is dependent upon the business needs and how IT will satisfy those needs.  With the vision statement describing the future state, it should align with the company vision.  Likewise, the IT mission statement should complement the company mission.  As a result, developing the IT vision and mission statements are typically developed in parallel with assessing the business status, but should be a prerequisite to assessing the IT ecosystem and building a strategy.  Together, the IT vision and mission statements provide a clear sense of direction, purpose, and values for the organization.

 AI/LinkedIn Version:  Developing an IT vision and mission starts with understanding the business needs and how IT can help meet them. These statements are usually created while assessing the business but should come before evaluating the IT environment or developing a strategy. Together, the IT vision and mission provide clear direction, purpose, and values for the organization.

Key Characteristics of a Vision Statement:

  • Future-oriented: Focuses on the organization's ultimate goals and impact.

  • Inspirational: Motivates employees, stakeholders, and customers.

  • Concise: Short and easy to remember.

  • Challenging: Sets ambitious goals.

  • Strategic: Provides a clear direction for long-term planning.

  • Broad: Doesn't get bogged down in specifics of how the vision will be achieved.

Key Characteristics of a Mission Statement:

  • Purpose-driven: Explains why the organization exists.

  • Customer-focused: Identifies the target audience.

  • Action-oriented: Describes the core activities or services.

  • Values-aligned: Often reflects the organization's core beliefs.

  • Specific enough: Provides clarity without being overly detailed.

  • Present-focused: Describes the current state and activities.

     

Finally, use your vision and mission as strategic anchors to guide IT decision-making, unify teams around shared goals, and demonstrate IT’s alignment with business priorities.

 

Do you utilize an IT vision or mission statement in our practice?

If not, take an action to develop these and review with your team!

IT/Business Goals - Strategy &Tactics

The business needs multi-year, board approved strategic goals providing direction and guidance for the company to follow. These translate to tactical and annual goals.

 IT Goals are essential for achieving business results. They should be meaningful and contribute toward reaching the business goals. Multi-year strategic goals are higher-level achievements and align with the business strategic goals. They show the progression and maturity of the IT services through the 3-5 year span of the strategy. The goals reflect service maturity, technological advancement, and organizational/people improvements to support the business capabilities expected in the business strategic goals.

 Tactical or annual goals are based on these strategic goals and outline the actionable steps based the business plans for the year. They will cascade to associates’ personal goals as well.

EXAMPLES:

Strategic Business Goal - Grow revenue by 10% in 3 years.

Strategic IT Goal - Modernize ERP technology in 3 years improving system performance by 35% and reducing costs by 25%.

Tactical IT Goal - Year 1: Upgrade ERP to latest version ‘x’ and collect daily business within 12 hours.

 How effective are the strategic goals for your company?

Ask your team and peers for input on the IT Goals outlined!

People Analysis – It is imperative to know the team, their abilities, skills, and gaps that contribute to the success or lapse in service. Reviewing the organizational structure based on business needs and delivery is essential. Are the positions and teams leveled across the department? How are people rewarded and compensated? What roles are employees versus outsourced to 3rd parties. Are staffing levels right and are people motivated to meet IT commitments?

 ·        Team Skills – Evaluate team and individual capabilities against current technology, tools, and processes. Identify skill gaps and determine the necessary training to close them.

·        Organizational Structure – Review whether teams are structured to meet service and company needs, with proper staffing and expertise. Ensure role alignment across groups for fair responsibilities and authority, adjusting job descriptions as needed.

·        Compensation – It is always a challenge to align salary, bonus eligibility, and market comparison, but very important. This is a joint effort with HR.

·        Outsourcing – Some IT roles may be better outsourced based on core competencies, company size, cost, and service requirements. However, a mixed-source staffing model should align with the target state strategy.

·        Team Motivation – Evaluate team morale to identify burnout and areas of high motivation, aligning strategy with team needs. A motivated workforce is essential.

 While there are many more details behind this summary analyzing the quality, competencies, mental health, and equitable compensation is essential to knowing the team.  People make the difference so take care of them!

 What additional items do you consider when analyzing your team? 

Take some time this week to consider these components and adjust as needed. 

Process Analysis – Generally, IT processes follow a methodology like ITIL, COBIT, CMMI, TOGAF, DevOps, Agile/Scrum/Lean, and PCF. Processes have varying degrees of complexity but provide the structure necessary to deliver IT services and meet IT commitments to the business. Processes should be assessed for a level of maturity based on the current design, performance, and aligned framework. Maturity models are helpful in this review. In addition, functions like Cybersecurity have compliance requirements such as PCI and SOX that must be included in the evaluation.

Key Elements:

·       Performance – IT processes must meet the needs of the business. IT Services are based on the processes performing according to design. User feedback is valuable in this analysis.

·       Design – How well are the process designed and understood by the IT team and other departments? Look of bottlenecks. Processes should be documented and communicated to everyone.

·       SLAs and KPIs – Service levels and key measures are a good indicator of process status.

·       Cost – The cost of service can be hard to calculate, but they should be acceptable and in-line with industry benchmarks?

·       Competitive – How do the process compare to competitor performance? Sometimes this is difficult to collect. Assess services on a variable vs. fixed cost basis?

·       Staffing – Staffing shortages and proper skillsets can create backlog and delivery delays.

Assessing IT process is a valuable task!  Knowing the maturity level is important to defining success.  Defining IT core competencies helps baseline processes for what is most important.

 How mature are the IT processes in your organization?  What should change?

Take time this week to include continuous improvement as an IT cultural expectation.

Technology Analysis – The technology assessment is many times a complicated process due to a lack of visibility to assets and inventory.  Depending on the size of the organization the infrastructure, systems, applications, and software may not be fully known.  The assessment should document the number of applications by function.  For example, how many payment systems are being used or CRM applications?   

Key Aspects:

1.        Complexity – Complexity compounds cost, efficiency, and stability.  Numerous vendors, applications, and systems complicate IT and business services.

2.        Technical Debt – The age of software, data center facilities, infrastructure, and end user technology require significant investment when it is very old.  Unlike wine, aging does not help!

3.        High-Level Architecture – Understanding the application and infrastructure architecture at a high level provides insight to integration points, potential performance delays, and improvement opportunities.

4.        Performance – Evaluate applications  on well they meet the SLAs and deliver business commitments?  They should be flexible and agile to respond to business changes.

5.        Cost – Cost is a driving factor for business value.  Application cost should be right-sized and financially scalable to flex with the organization. 

 The technology ecosystem is often ripe for improvements due to poor investments, bad maintenance, and lack of modernization.  M&A can have a huge impact also.  Analyzing the technology environment provides the baseline for IT strategy.

 How do your systems stack up? Is your IT strategy adding the technology value desired?

Take time this week to consider how your strategy can add the most value.

Risk Analysis – Risk exists in all areas of IT: people, process, technology, contracts, suppliers, cybersecurity, compliance, and more. Organize risks so everyone in the company understands them. Documenting the risk list, aligning it with business risks and plans, and capturing existing mitigation actions contributes to roadmap activities solving for the gaps. Business leaders must support risk management and mitigation. 

·        Risk Categorization – Create and categorize risks in a list with details like type, priority, description, business impact, etc. Use business terminology for clarity and translate internally with IT in technical terms.

·        People – Identify technical competency, skill gaps, staffing shortages, and innovations. Consider personal development, promotions, team activities, volunteerism, work hours, and motivation levels to gauge team mental health.

·        Process – Identify process risks in all IT areas like Cybersecurity, IT Operations, Data Management, and Applications. Collect existing mitigation plans.

·        Technology – Identifying technology risks are typically the most well-known area. Risks such as aging systems, complex code, software currency, end of life, limited support, failures, deficient performance, and security issues are common.

·        Cybersecurity – Cybersecurity is so critical that it should be called out . Document security risks with active mitigation plans. Include compliance and remediation plans.

·        Other – Include risks from supply chain, vendors, procurement, and budget in the list.

 IT Risk Management is ongoing. External forces, internal changes, and system maintenance are always in motion for IT governance to manage. Risks must be included in IT assessments!

 What risks are you managing?

How involved is the business in sponsoring mitigation plans?

Update your Risk List and review it with business sponsors this week!

Author: Mark Noles

CTO/CISO/VP of IT

Technology Strategist | Transformational Leader | Value Creator | Team Developer | Mentor

 

 

 

 

 

 

 

 

Tom Hunsinger
Next

Why IT and Cybersecurity Projects Fail — and How to Avoid It