IT Strategy - Making IT Fit For The Digital Transformation in Industry

Volker
Johanning
IT Strategy
Making IT Fit for the Digital Transformation
IT Strategy
Volker Johanning
IT Strategy
Making IT Fit for the Digital Transformation
Volker Johanning
Volker Johanning Management Consulting
Marl am Dümmersee, Germany
ISBN 978-3-658-38771-6 ISBN 978-3-658-38772-3 (eBook)

https://doi.org/10.1007/978-3-658-38772-3
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Fachmedien Wiesbaden
GmbH, part of Springer Nature 2022
This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether
the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse
of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and
transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or
dissimilar methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does
not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective
laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this book
are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the
editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors
or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.
Responsible Editor: Petra Steinmueller

This Springer imprint is published by the registered company Springer Fachmedien Wiesbaden GmbH, part of
Springer Nature.
The registered company address is: Abraham-Lincoln-Str. 46, 65189 Wiesbaden, Germany
Preface
Digitalization and digital transformation are buzzwords that are also fueling the discus-
sion about expanding and maintaining competitiveness at our industrial sites. One might
sometimes wonder to what extent companies can carry out the digital change so that they
are not overwhelmed by the “digitalization wave”.
In the new edition of this now established textbook, the question of the significance of
digital change for an IT strategy and the possible role of IT as a driver for digitalisation
topics will also be taken into account.
In addition, many reviews and feedback from readers have made it clear that an IT
strategy can be very different depending on the industry. An IT strategy always depends
on the company strategy and the core processes of a company. For example, a trading
company focuses on different issues than an industrial company. The process and value
creation for a trading company is based on purchasing and selling with as high margins
as possible; the focus for an IT strategy is more on purchasing and sales portals or web-
shops and platforms. According to the industry service HDE, online retailing had already
overtaken stationary retailing in 2015. In addition, within the framework of digitalisa-
tion, concepts are also being developed that are oriented towards new payment systems
or much more detailed analyses of customer data by business intelligence systems spe-
cifically for trade.
For a manufacturing industrial company, in addition to import and export, the pro-
duction and logistics processes including quality assurance, technical development and
electrical/electronics with networked systems are of great importance. Here, completely
different systems come to the fore from an IT perspective, for example an MES or a
PLM system. Topics such as rough and fine planning, MDE, BDE etc. play a major role
here and on the digitalisation level the topic of Industry 4.0.
And Industry 4.0 is something completely different from Trade 4.0.
A stronger focus on the new edition was thus the logical consequence. That this fell in
favour of the manufacturing industry was due to the fact that it equipped the author with
the corresponding specialist knowledge as his professional “home”. In addition, the book
had already set a focus on this segment in the 1st edition with the example company
“Produktio weltweit GmbH”.
v
vi Preface
When it comes to choosing the right IT organisation, a lot has changed as well.
Keywords such as “agile”, ’DevOps” and “bi-modal” IT organisations outline the con-
tents that have been added in Chap. “IT organisation”. In addition, the chapter goes into
more detail on digitalisation in the section on IT governance, in particular on the role
of IT and the CIO. Because the CIO must clearly differentiate himself from the digi-
tal responsible persons and possible Chief Digital Officers (CDO) and sharpen his role
accordingly with regard to digitalisation topics.
It is also important to understand the “why”: Here are some explanations of why and
for what purpose each of the seven steps makes sense or can make sense. Not every one
of the seven steps has to be taken. Here too, practice has shown that depending on the
starting situation of the company, some steps are very helpful and others are not neces-
sarily necessary.
Last but not least, you will now find tasks to do in each chapter. These were added at
the special request of professors and university teachers. Because in the meantime this
textbook has also developed into a standard reading material in business-related com-
puter science courses at some universities and universities.
The IT world continues to rotate rapidly and will remain dynamic. A topic like artifi-
cial intelligence will not only turn the way we operate IT today upside down, but above
all the whole human race will face the big question of “who is in charge on this planet”.
What these developments will do with the book in front of you remains to be seen and
may be reason enough for another new edition very soon.
In this sense, the question “Does IT matter?” from the first foreword is probably basi-
cally clarified: Yes! And in the future even more, because IT is now not only part of all
our lives, but will influence our lives in the near future more fundamentally than we
might like.
I wish you every success in your strategic work on IT and always a good hand in all
decisions around IT.
Marl am Dümmersee, Herzliche Grüße

Jahreswechsel, 2018/2019 Volker Johanning
Contents
Introduction and Basic Information on IT Strategy

Introduction to the Topic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
IT Strategy: Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Areas of Application, Benefits and Target Group of an IT Strategy. . . . . . . . . . . . . . 9
Strategic Planning and Management of IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Delimitation of IT Strategy to Digitalization Strategy. . . . . . . . . . . . . . . . . . . . . . . . 12
Working Questions for Chapter 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Six Good Reasons for an IT Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Organizational Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
What does IT Cost?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Project Management Skills and Better Time-to-Market. . . . . . . . . . . . . . . . . . . . . . . 24
Compliance and Risk and IT Security Management . . . . . . . . . . . . . . . . . . . . . . . . . 26
Mergers & Acquisitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
IT as an Enabler for Digitization and Industry 4.0 in the
Manufacturing Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Working questions for Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
The Approach Model for Developing the IT Strategy. . . . . . . . . . . . . . . . . . . . . . . 33
The 7 Steps to the IT Strategy at a Glance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Methodical Structure of the 7 Steps to IT Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Introduction to the Example Company. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
7 Steps to a Sustainable IT Strategy

Preparations: Setting up the Development of the IT Strategy as a Project. . . . . . 43
Goals of the IT Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
The IT Strategy as a Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Time Horizon of the IT Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
vii
viii Contents
The Economic Efficiency of an IT Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Possible Problems on the Way to the IT Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Working Questions for Setting up the IT Strategy Project. . . . . . . . . . . . . . . . . . . . . 58
Step 1: IT Status Quo Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
IT Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
IT Governance, IT Organization and IT Employees. . . . . . . . . . . . . . . . . . . . . . . . . . 68
Technology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Finances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Working Questions and Implementation Step 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Conclusion Step 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Step 2: Analysis of the Corporate Strategy and Derivation of
Challenges for IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
The Starting Situation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Internal and External Influencing Factors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Deriving Challenges for IT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
The IT Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Conclusion Step 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Step 3: The IT Applications Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Creating the Application Portfolio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
The Application Life Cycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Evaluation of Applications and Derivation of Action Options. . . . . . . . . . . . . . . . . . 138
The Application Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Conclusion Step 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Step 4: The Sourcing Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Basic Questions on Sourcing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
The Type of Sourcing: Which IT Services can be Outsourced?. . . . . . . . . . . . . . . . . 155
Sourcing Strategies at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Example: The Sourcing Strategy for the Produktio weltweit GmbH. . . . . . . . . . . . . 166
Excursus: Tender for an IT Sourcing Project in 5 Phases. . . . . . . . . . . . . . . . . . . . . . 171
Work Questions and Implementation Step 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Conclusion Step 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Step 5: IT Organization and IT Governance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
The IT Organization Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
IT Governance: Role of IT and Guidelines and Rules for IT in the Company. . . . . . 208
Developing a Personnel Strategy for the IT Organization . . . . . . . . . . . . . . . . . . . . . 220
Work Questions and Implementation Step 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Conclusion Step 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Contents ix
Step 6: Implementation—The IT Roadmap, Determination

of the IT Budget and the IT Project Portfolio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Creating an IT Roadmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Determining the Necessary IT Budget. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
The IT Project Portfolio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Conclusion Step 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Step 7: Monitoring and Control of the IT Strategy with the
IT Strategy Cockpit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Basics of the IT Strategy Cockpit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
The Structure of the IT Strategy Cockpit in 4 Phases. . . . . . . . . . . . . . . . . . . . . . . . . 285
Implementation Possibilities of an IT Strategy Cockpit. . . . . . . . . . . . . . . . . . . . . . . 295
Implementation of the Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Working Questions Step 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Conclusion and Outlook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
List of Figures
Introduction to the Topic

Fig. 1 Three levers for optimizing the performance of IT. . . . . . . . . . . . . . . . . . 4
Fig. 2 Difference efficiency (operational leadership) and
effectiveness (strategic leadership). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Fig. 3 The three levels of digitalization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Fig. 4 Digitalization strategy vs. IT strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Fig. 5 The success of M&A depends heavily on IT. . . . . . . . . . . . . . . . . . . . . . . 15
Six Good Reasons for an IT Strategy
Fig. 1 Participation in Board Meetings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Fig. 2 Typical cost structure of IT organizations. . . . . . . . . . . . . . . . . . . . . . . . . 23
Fig. 3 The ten most common barriers in change processes [9] . . . . . . . . . . . . . . 26
Fig. 4 Requirements for IT in 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Fig. 5 The success of M&A depends heavily on IT. . . . . . . . . . . . . . . . . . . . . . . 29
Fig. 6 The role of IT between IT industrialization and digitalization . . . . . . . . . 31
The Approach Model for Developing the IT Strategy. . . . . . . . . . . . . . . . . . . . . .
Fig. 1 The 7 steps at a glance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Fig. 2 Example of a worksheet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Preparations: Setting up the Development of the IT Strategy as a Project
Fig. 1 Scope of the project define (An example). . . . . . . . . . . . . . . . . . . . . . . . . 45
Fig. 2 Project organizational chart for an IT strategy project. . . . . . . . . . . . . . . . 48
Fig. 3 Define the scope of the project (an example). . . . . . . . . . . . . . . . . . . . . . . 51
Fig. 4 Budgeting of the IT strategy development. . . . . . . . . . . . . . . . . . . . . . . . . 52
Fig. 5 Stakeholder analysis (An example). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
xi
xii List of Figures
Step 2: Analysis of the Corporate Strategy and Derivation

of Challenges for IT
Fig. 1 From the UN strategy to the IT strategy . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Fig. 2 The starting situation of Produktio weltweit GmbH (Example) . . . . . . . . 102
Fig. 3 Example of a BCG matrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Fig. 4 BCG matrix with standard strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Fig. 5 BCG matrix for Produktio weltweit GmbH (example). . . . . . . . . . . . . . . 105
Fig. 6 Competitive strategy according to Porter (an example). . . . . . . . . . . . . . . 107
Fig. 7 The three pillars of IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Fig. 8 Challenges for IT at business process level (example) . . . . . . . . . . . . . . . 111
Fig. 9 Deriving the challenges for IT of Produktio weltweit
GmbH (example). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Fig. 10 IT vision, IT strategy and IT roadmap. . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Fig. 11 IT vision of Produktio weltweit GmbH (Example). . . . . . . . . . . . . . . . . . 116
Step 3: The IT Applications Strategy
Fig. 1 The application portfolio. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Fig. 2 Example of an application portfolio. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Fig. 3 Application portfolio for the Produktio weltweit GmbH (Example). . . . . 134
Fig. 4 The application life cycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Fig. 5 Application life cycle of Produktio weltweit GmbH (example) . . . . . . . . 136
Fig. 6 Application roadmap for the Produktio weltweit GmbH. . . . . . . . . . . . . . 142
Step 4: The Sourcing Strategy
Fig. 1 Make or Buy Matrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Fig. 2 IT outsourcing: SWOT analysis (an example). . . . . . . . . . . . . . . . . . . . . . 154
Fig. 3 Cost structure in IT outsourcing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Fig. 4 Sourcing model in portfolio. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Fig. 5 Offshore countries in comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Fig. 6 Organigram of a sourcing committee. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Fig. 7 Sourcing governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Fig. 8 The sourcing overview of the Produktio weltweit GmbH (Example). . . . 167
Fig. 9 SWOT analysis Outsourcing SAP to XYZ Customizing
(Example Produktio) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Fig. 10 SWOT analysis outsourcing data center to IT-Ops
(example Produktio). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Fig. 11 Project plan for an outsourcing project in five steps . . . . . . . . . . . . . . . . . 172
Step 5: IT Organization and IT Governance
Fig. 1 Overview of IT organizational forms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Fig. 2 IT organization of Produktio weltweit GmbH (Example). . . . . . . . . . . . . 196
List of Figures xiii
Fig. 3 Demand/supply organization (Demand/Supply). . . . . . . . . . . . . . . . . . . . 199

Fig. 4 Blueprint Demand-Supply Organisaton. . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Fig. 5 Variants of the organizational design of Demand IT. . . . . . . . . . . . . . . . . 202
Fig. 6 Example 1: Decentralized Demand-IT (Produktio weltweit GmbH) . . . . 206
Fig. 7 Example 2: Centralized Demand-IT (Produktio weltweit GmbH) . . . . . . 207
Fig. 8 Example 3: Demand/Supply with a CIO office
(Produktio weltweit GmbH). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Fig. 9 Roles of IT (according to Kienbaum) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Fig. 10 Line- vs. project-centered IT organization. . . . . . . . . . . . . . . . . . . . . . . . . 220
Fig. 11 Personnel strategy—Phase 1: Rating of positions. . . . . . . . . . . . . . . . . . . 222
Fig. 12 Personnel strategy—Phase 2: Classification of employees (Portfolio). . . 223
Fig. 13 Personnel strategy—Phase 2: Rating of employees. . . . . . . . . . . . . . . . . . 224
Fig. 14 Personnel strategy—Phase 3: Fit-/Gap-Analysis (Position/Employee). . . 225
Step 6: Implementation—The IT Roadmap, Determination of the
IT Budget and the IT Project Portfolio
Fig. 1 Roadmap as a timeline (example) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Fig. 2 Target state of the maturity model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Fig. 3 Roadmap (Summary of measures for Produktio weltweit GmbH). . . . . . 245
Fig. 4 Boundary project—program—portfolio . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Fig. 5 Overview of the portfolio process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Fig. 6 Overview of project states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Fig. 7 IT project portfolio: contribution to the support of the UN strategy. . . . . 263
Fig. 8 IT project portfolio: risk assessment of the projects . . . . . . . . . . . . . . . . . 265
Fig. 9 Making decisions in the IT project portfolio. . . . . . . . . . . . . . . . . . . . . . . 267
Step 7: Monitoring and Control of the IT Strategy with the
IT Strategy Cockpit
Fig. 1 What is the success of IT mainly measured by? . . . . . . . . . . . . . . . . . . . . 282
Fig. 2 Cause-and-effect principle of the balanced scorecard. . . . . . . . . . . . . . . . 283
Fig. 3 Schematic structure of the 4 perspectives of the balanced scorecard . . . . 284
Fig. 4 Procedure for setting up the IT strategy cockpit . . . . . . . . . . . . . . . . . . . . 285
Fig. 5 The change curve. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
About the Author
Volker Johanning is an expert on IT and digitalization strategies to increase the pro-

ductivity and time-to-market of manufacturing companies.
He helps medium-sized and large industrial companies in questions of the strategic
orientation of IT. Important to him are the close involvement of the departments and
the management. As a consultant, manager and CIO, Volker Johanning has many years
of experience in management, both in corporations such as BASF, ZF Friedrichshafen,
KPMG, Continental and Volkswagen/Audi, but also in medium-sized family businesses
and hidden champions such as Pöppelmann, Grimme, Rational or Wernsing.
In addition to the degrees as a Diplom Informatiker FH and Diplom Kaufmann, he
has completed numerous further education courses. Among other things, as a restruc-
turing and restructuring consultant at the IFUS Institute in 2017, as a certified coach
at Rauen/Steinhübel in 2010, as an organizational developer at Steinhübel in 2016 and
as a strategy consultant IHK in 2014. He was awarded Entrepreneur of the Year 2015
(Top 100 Entrepreneurs in Germany, Austria and Italy with the Entrepreneur Excellence
Award).
His first book “IT Strategy” was published by Springer-Verlag in November 2014.
You are holding the second edition in your hands right now. His second book “Car IT:
From the connected car to autonomous driving” was published in 2015.
The topic of IT strategy has accompanied Volker Johanning in all professional sta-
tions. The present book is a practice-oriented summary of all essential essences for the
development of an IT strategy. It is important to him that IT is not a technical sorcery
that comes incomprehensible to top management and is therefore only to be controlled
by costs. All essential levers for the construction of an IT organization can be discussed
and decided with business management tools. It is about bringing business and IT
together with the same language and on an equal footing. This was the starting point
for this book, in which the development of an IT strategy can be worked out with the
help of well-known tools, taking into account all the departments involved and the top
management.
xv
xvi About the Author
In the second edition, the focus on manufacturing companies has been added, which
now also adorns the subtitle of this book. In addition, the topics of digitization and the
distinction between an IT strategy and a digitization strategy have found their way into
the book.
Part I
Introduction and Basic Information on IT Strategy
Introduction to the Topic
Abstract
The first chapter consists of an introduction to the world of IT strategy and clarifies
basic questions: “What is an IT strategy, when and why is it needed, how does sci-
ence and practice see the subject of IT strategy? What is the relationship between cor-
porate and IT strategy? ‘Chapter 1 concludes with the topic’ Strategic Planning and
Management of IT”.
In today’s world, companies are not only partially dependent on IT—they cannot exist
at all without IT and successfully compete. IT has become a fixed component of many
company products through the ongoing digitalization. Only through IT can valuable
analyses be gained for the control of the company. IT ensures the smooth, highly auto-
mated operation of worldwide supply chains, so-called supply chains, and controls the
production lines of industry.
The management is increasingly aware that it cannot do without IT and exerts pres-
sure on it. The IT organization and above all the CIO have to reposition themselves. The
close interlocking with the business and the departments is considered the most impor-
tant support for this. Only if IT exactly understands what is required can it go the way
into the future in small steps with the help of standardization and outsourcing. Exactly
this is to be helped by the IT strategy to be created in the following chapters.
Successful IT projects that perfectly support business processes are reflected in the suc-
cess of the company as well as in the satisfied faces of all participants. But what are the
prerequisites for such successes? How can it be guaranteed that IT correctly recognizes the
© The Author(s), under exclusive license to Springer Fachmedien Wiesbaden GmbH, 3

part of Springer Nature 2022
V. Johanning, IT Strategy, https://doi.org/10.1007/978-3-658-38772-3_1
4 Introduction to the Topic
needs of the department, in other words: that the IT department exactly understands and
realizes what the company needs in order to generate competitive advantages and to be
able to act successfully on the market? And how do you still keep the costs under control?
These questions take on a new importance in entrepreneurial decision-making when it
becomes clear how important a success factor IT can be on the hotly contested markets
everywhere.
To lead the IT landscape to highest (cost) efficiency through simplification and stand-
ardization is only a first step. Thanks to the professional tools and aids that have arisen in
recent years, this is not too difficult to accomplish: from IT governance to service man-
agement, one benefits from standardization models such as COBIT and ITIL, in project
management from PMI or PMBOK. Hardly any other department can fall back on such
solid working bases and build on them.
If someone is also able to get the IT out of the penalty area of “being too expensive”
and the “incomprehensible but somehow necessary part of the company” even when
individual solutions are required, it can become a key factor for new developments and
future growth.
The aim is to find ways to bring the IT on an equal footing with the specialist depart-
ments. The IT should make its potential as a significant innovation engine of the com-
pany transparent.
Basically, three strategic options can be set for this, as shown in Fig. 1:
Goals for the

Strategic options
company
Creating innovative IT solutions for value- Generating added

1 adding processes value through IT
(e.g. production, logistics, distribution, etc.) Increase efficiency
Automation of standardizable processes Increase efficiency

2 (for e.g.Fiance, HR etc.) Reduce costs
Optimization of commodities
Increase efficiency
3 (e.g. IT infrastructure, operation, support/helpdesk,
Reduce costs
procurement/installation of hardware and software)
Fig. 1  Three levers for optimizing the performance of IT

Introduction to the Topic 5
1. Providing innovative and competitive IT solutions for value-added processes

in departments such as production, supply chain or in other areas that directly
increase value creation through decisive customer benefits. Here, IT support plays a
competitive role and, in contrast to the following two options, is a core task of entre-
preneurial decision-making and action → Goal: Generate value for the company’s
end customer through innovative IT solutions
2. Improved support for company processes through the strongest possible automation
of standardized business processes (for example, in specialist areas such as personnel,
finance) → “Bread-and-butter business” → Goal: Save costs and increase efficiency
3. Last but not least is the well-known challenge of IT: simplifying and standardizing
technology → optimizing commodities (hardware, operations, infrastructure, etc.)
and streamlining internal IT processes and governance structures → Goal: Save costs
and increase efficiency
This book goes one step further: IT should not only support specialist areas processes
optimally—as is usually the case—but also play a decisive role directly at the interface
with the end customer in future. This also means that the IT organization will no longer
only focus on what the specialist area requires for process support (typical ERP solu-
tions for standardizing personnel and finance processes). The IT organization must work
together with the specialist area at the customer’s premises—ideally on site—to identify
and understand what the bottlenecks and problems of the company’s customers are and
how they can be eliminated by tailor-made IT solutions.
In recent years, a lot of money has been invested in optimizing ERP systems. As a
result, most large companies and corporations now have a well-functioning ERP land-
scape. The administrative and management processes based on this are highly automated
and standardized, and may even have been outsourced as part of BPO (Business Process
Outsourcing). The processes optimized in this way—mainly in the areas of finance or
personnel—are, however, the administrative and management processes that are of rel-
atively minor importance to most companies in the market context and that should be
mapped as efficiently and sparingly as possible.
For example, while industrial companies can primarily reduce costs through stand-
ardized administrative processes, the value-added processes are of much greater overall
strategic importance. These value-adding processes are, for example, research and devel-
opment, production processes, the supply chain or sales. On the IT side, applications
include business intelligence, innovative production and logistics systems, but also, for
example, CRM systems. These must be distinguished from the system solutions of the
competition primarily in that they map the company’s strategy and specialization one-
to-one in the IT application. Ideally, they even innovate through a company-specific IT
solution to create a competitive advantage.
Since the specialist departments are often more progressive in these customer-ori-
ented disciplines than IT, catching up is necessary here. Salesforce.com is a good exam-
ple of an innovative and customer-oriented application that is mostly purchased directly
by the specialist departments, here mainly marketing and sales. The IT organization is
often not involved at all in such easily procurable applications from the cloud, and the
infamous “shadow IT” arises. This is just one example of how important it is for IT to
take the step from the technical corner and the easily standardized world of processes
into the really value-adding and market-differentiating world. Because it is precisely here
that IT can give the company an enormous innovation and competitive advantage with
the great technical expertise and comprehensive process knowledge of its employees.
And this is precisely where the approach of this book and the motivation of the author
lie: By closer interlinking of IT with the specialist departments and also by direct con-
tact with the end customers of the company, the value-adding processes in the company
can be optimally supported by innovative IT solutions. If IT then manages, together with
the specialist departments, to provide exactly the right information in the right place for
the right recipient, then IT will become a competitive factor and an important, business-
strategic instrument.
In order to achieve this goal, IT needs a strategy. This is to be explained in detail and
absolutely practice-oriented in seven easy-to-understand steps.
IT Strategy: Definitions
Before the strategic work begins, the term IT strategy should be considered and defined
in more detail: What is an IT strategy and what are its characteristics?
Various quotations from leading market researchers in the IT business illuminate the
term very helpfully. So the IT analyst and market researcher Gartner refines: “IT strat-
egy is about how IT will help the enterprise win. This breaks down into IT guiding the
business strategy, and IT delivering on the business strategy. Although some or all tasks
involved in creating the IT strategy may be separate, and there are normally separate
documents, IT strategy it is an integral part of the business strategy” [20].
Gartner emphasizes the close interlocking of the IT strategy with the corporate strat-
egy in his definition. The IT strategy should be part of the corporate strategy, which
explains exactly how the company should “win” through IT. This definition underlines
Gartner’s conviction that IT is an extremely innovative and competitively relevant factor
for companies.
The second major market researcher in the IT sector, Forrester, goes even further:
“[…] that there should be no IT strategy, just business strategy with a technology com-
ponent […]” [16]. Forrester calls for the IT strategy not to be seen as a detached compo-
nent. In his opinion, there is no explicit IT strategy. There is only a corporate strategy,
which includes a technological—i.e. IT—component.
Here the IT strategy is a part strategy that is very closely interlocked with the cor-
porate strategy, but which includes specific IT components that do not have to be
included in the corporate strategy (for example, the IT governance/organization or the
IT Strategy: Definitions 7
IT infrastructure strategy as elements of the IT strategy, but not the direct corporate
strategy).
No IT Strategy Without Existing Corporate Strategy

Both definitions have in common the direct “connection” or even the complete integra-
tion of the IT strategy into the corporate strategy. In other words: an IT strategy cannot
be developed without a corporate strategy according to Gartner as well as Forrester.
However, the reality in companies unfortunately shows that about 92% of them do not
have a fixed strategy in writing [27]. In almost every article or book about IT strategy,
however, the derivation of the IT strategy from the corporate strategy is postulated. Against
the background of the fact that only about 5% of all companies have a documented strat-
egy in writing, the derivation theory cannot be the only measure for developing an IT
strategy. Only the knowledge in the heads of the employees and the management is not
enough. Only strategy and process documents fixed in writing testify that really work has
been done on these topics; because only with the written composition of such documents
do questions arise that our reason does not get asked at all and therefore cannot answer.
If it is not quite clear where the company will be in 5–7 years and what the business
model will look like then, an IT strategy lacks a essential basic. Only with clear speci-
fications from the business can a stable and matching IT system landscape arise and be
operated for so long that it pays off. Because the introduction of ERP systems, for exam-
ple, takes at least 2 years, usually longer. In order to generate these immense introduction
costs again, such a system must run stably for at least five years without major changes.
But if every two or three years a completely different business model comes into play, the
IT strategy can be as promising as it is, it will not pay off and instead of a closer shoul-
der-to-shoulder between business and IT, it will only lead to frustration in management.
The development and implementation of an IT strategy is a learning and development
process, not only for the CIO and the IT organization, but for the entire company. The IT
strategy as part of the corporate strategy is the fertilizer for further growth of a company.
In the end, it is not only about the analysis of the technical feasibility in IT, but above all
about the examination of the economic viability: How can IT products support strategic
decisions positively and open up strategic advantages?
Changes Through an IT Strategy

Strategic decision means deciding; that is, it sometimes also means a divorce or separation
from the perhaps familiar or traditional, whereby on the other hand, something else, new,
usually arises. This sometimes comprehensive, cross-departmental and far-reaching change
describes the business-related interpretation of the term change or change management.
Changes in the IT sector are usually equated with budget cuts, after all, the prevailing
tenor of all corporate leaders is: “IT costs are much too high!” This may be true at first
glance, but should not be an excuse for hasty budget decisions. The question should rather
be: “Which are the right investments in IT that lead to a higher return on investment for
the entire company and which investments in IT are rather to be neglected?”
In order to answer this crucial question about the economic viability of IT, only an IT
strategy helps. Because in the IT strategy these questions are answered exactly:
• How can the actual needs of the company and the departments be linked with the
right IT support?
• How can classical make-or-buy decisions be used to determine which IT services can
be economically provided by third parties and which can be provided internally?
• How can a project portfolio create transparency for all IT projects and show which
projects are economically viable and which are not?
• Last, but not least: How does a modified balanced scorecard ensure that the goals of
IT can be controlled and reported transparently in the form of a cockpit?
Sustainability of an IT Strategy
The IT strategy must be sustainable enough to withstand the constantly changing require-
ments of the departments.
How Can this be Successfully Realized?
Many CIOs hesitate at this point and hesitate to start the IT strategy project because,
from their point of view, it is already outdated after completion and therefore needs to
be revised. The question of constantly changing requirements should therefore be turned
into a question of IT to the business: “How do I implement new business processes or
innovative IT concepts to solve customer problems with my users?”
In order to establish a sustainable IT strategy, it is of great importance that IT takes
on a new role in the company as a shaping force on an equal footing with the business
or departments. Therefore, the topic of IT governance in the form of roles and responsi-
bilities (see step 5) is also shown as an integral part of the IT strategy in the procedure
described here, as well as the development of an IT strategy cockpit (see step 7) for the
continuous control and adaptation of the IT strategy to the changing company goals.
The strategy development method presented here deliberately sets itself the goal of
not developing a technically mature IT landscape down to the last detail. The questions
to be answered are:
• How should IT look in five to seven years? → Vision, application strategy, IT organi-
zation and governance
• What is needed for this? → Resources in terms of finances, employees, innovations
• How is the way there traversed and controlled? → Roadmap and IT strategy cockpit
Areas of Application, Benefits and Target Group of an IT Strategy 9
Most Common Reasons Why IT Strategies Fail

When defining an IT strategy, it is always helpful to investigate beforehand what could
cause it to fail. This can eliminate possible stumbling blocks in advance. Here is a com-
pilation of possible reasons for the failure of an IT strategy from the personal practice of
the IT specialist:
• Not everywhere where “IT strategy” is written on it is also IT strategy inside: Often,
those responsible do not understand an IT strategy to mean that, for example, one
focuses on Microsoft or SAP products. Other areas, such as sourcing, the necessary
investments or the necessary IT infrastructure, are completely neglected or ignored.
This is not an IT strategy, but one of many management decisions and only a fraction
of an IT strategy that cannot withstand the demands of sustainable orientation.
• There is no written corporate strategy that the IT strategy can orient itself to. Assump
tions have to be included that are often not detailed by management or validated.
• The implementation does not take place; the IT strategy has arisen as a theoretical
construct and remains in the drawer.
• The IT strategy is “overtaken” by new requirements of the department at an ever-
increasing pace and is no longer implementable after a short time.
• What starts out as an IT strategy project quickly becomes a blueprint, an IT planning
or even just an analysis of the situation. This does not allow for sustainable control and
strategic leadership. Therefore, this approach does not deserve the name IT strategy.
• There are generally different views on the content, structure and purpose of an IT strategy.
Areas of Application, Benefits and Target Group of an IT Strategy
In addition to a closer look at the benefits and purpose of an IT strategy, the factors will
also be examined more closely, which are decisive for its success or failure. The result-
ing guidelines for the development of a successful IT strategy work across industries and
companies.
An IT strategy is particularly relevant in these company phases:
• Before or after company purchases or acquisitions (Mergers & Acquistion)

• When the company and the IT organization are growing very rapidly or have grown
very rapidly
• After a re-organization or restructuring in the company
• When the complexity of processes and technology is too great
• When the IT landscape is outdated and no longer meets today’s requirements
The Benefits of an IT Strategy

What are the concrete benefits of an IT strategy? The following list makes the primary
benefits of an IT strategy clear:
• Ensuring that IT sustainably supports the corporate strategy

• Improving the performance of IT
• Clear decision-making basis and guidelines for new IT investments
• Transparency of IT resource use with maximum efficiency for the company
• Clear roadmap/implementation planning, prioritized project plans
• Cost reduction through optimized enterprise architectures
• Better communication between IT and the business units (optimized business-IT
alignment)
• Optimal support of business unit goals
• Focus and better support of important, value-adding business processes
• Increased transparency of IT activities and projects to business units and corporate
management
• Medium and large IT projects can be successfully carried out, saving time (time-to-
market) and costs
• IT-side integration of acquisitions and new subsidiaries is significantly easier and
faster
• New requirements for new products or product changes can be implemented much
faster and more cost-effectively
• Cooperation between sister and subsidiary companies is significantly more efficient
through a uniform IT. This results in time and cost advantages in the coordination and
joint work for the business units and the customers.
Target Group of an IT Strategy

For whom an IT strategy is developed and against which background:
• The management/executive management/board: For the optimal linking of IT objec-

tives with corporate objectives
• The supervisory board
• The departmental head: For the close coordination of the medium and long-term IT
support of all departmental processes
• IT manager/CIO: For the control of the goals derived from the IT strategy for the IT
organization
Strategic Planning and Management of IT
In order to “keep an IT strategy alive”, it requires the leadership of all IT responsible

persons based on this strategy: The strategic leadership. This is now an important suc-
cess factor not only in large companies, but also in medium-sized and small companies.
Strategic leadership ensures that the actions of all managers are oriented towards long-
term goals and that the scattering of forces in everyday business is minimized.
Delimitation of IT Strategy to Digitalization Strategy 11
Effectiveness Efficiency
Doing the right things! Doing things right!
What do we do? How do we do it?
Measure of economic
Degree of target achievement
efficiency
(effectiveness)
(cost/benefit ratio)
Fig. 2  Difference efficiency (operational leadership) and effectiveness (strategic leadership)
As shown in Fig. 2, strategic leadership means “doing the right things” (effective-
ness) in contrast to operational leadership, where the postulate is: “Doing things right!”
(efficiency). Good strategic leadership ensures that managers work on the right problem
areas and thus guarantee a long-term, successful positioning of the company.
These strategic leadership principles also apply to leading an IT organization. The
CIO or IT responsible person is obliged within his scope of duties to generate added
value through IT for the entire company and therefore also required in terms of planning
to decide and act with foresight. This can only succeed on the basis of a sustainable IT
strategy, which one orientates oneself to continuously.
Due to the rapidly developing technologies in the IT sector, it is tempting to jump on
new hypes. But it endangers the concentrated work on the basis of an IT strategy because
of the great danger of getting bogged down in new technologies again and again. A long-
term oriented and thus strategic leadership of the IT area is one of the decisive principles
for its successful work in the sense of the company.
 In order to counter the danger of operational management based on new technologies
and hypes, a sustainable IT strategy must exist that sets long-term goals, which the IT
management orientates itself to. Strategic leadership in IT means doing the “right things”
and is based on the long-term goals from the IT strategy.
Delimitation of IT Strategy to Digitalization Strategy
In the context of the introduction to the topic and the basic definition of IT strategy, the
question arises in times of digitalization to what extent the IT strategy is delimited from
a digitalization strategy and what possible similarities there may be.
In the management of companies, especially in manufacturing companies, the topic
of digitalization has been on everyone’s lips since the introduction of the term “Industry
4.0”. The big question is: “Do we need a new strategy for this, so to speak, a kind of dig-
italization strategy? Or is digitalization part of the existing corporate strategy and only an
extension of the business model with digital elements?”
In this context, IT quickly comes into focus. What role does IT play for manufactur-
ing companies in digitalization?
Before a decision can be made in which strategy corner digitalization belongs, a defi-
nition of the term digitalization should take place. In this case specifically for the manu-
facturing industry.
The author’s view is that digitization in manufacturing companies does not only refer
to Industry 4.0, but takes a significant step further.
Industry 4.0 in a wider sense refers to pure process improvements and the raising of
efficiencies in the production or manufacturing process. (see Level 1: “Process optimiza-
tion through digitization“) (Fig. 3). This is done by automating the manufacturing pro-
cesses as well as by further supporting, for example, more mature robot technologies
or optimized machine or operational data and the better analysis of these data resulting
from newer MES systems. This also includes the topic of “predictive maintenance”, i.e.
the automatic prediction of when certain parts in production need to be serviced based
on automated data analysis. From the author’s point of view, this is a great development,
but in a narrower sense not a revolution in the form of a new business model for the cus-
tomer with greater value. Rather, it is more of a continuous improvement process of the
production lines and production.
The real, disruptive function of digitization in manufacturing companies lies on
another level: it lies in the extension or complete renewal of physically manufactured
products by networking with each other, by product-related services and in the long
term also by the use of artificial intelligence for these products. The resulting extended
benefit for the customer fundamentally challenges the business model of manufacturing
companies.
What does this mean for the understanding of digitization with regard to manufactur-
ing companies?
Both are important: Industry 4.0 for increased process efficiency and the establish-
ment of innovations in the form of new, intelligent products including services to
increase customer benefits. However, a real revolution only takes place through the so-
called disruptive innovation, which leads to a complete restructuring or break-up of an
existing business model.
Delimitation of IT Strategy to Digitalization Strategy 13
Level 1 Level 2 Level 3

Process optimization Digital products Digital
through digitization business models
Objectives: Objectives: Objectives:

Reduction of costs The introduction Conquer new
or increase of of new, digital markets and / or
productivity through products to secure target groups,
automation and and expand sales strategic
process and increase realignment
optimization customer based on digital
satisfaction technologies
Examples: Examples: Examples:

Industry 4.0 / Apps new sales models
digital factory Service Portals such as "Pay-per-
Digital travel Use" or "...As- a-
expense accounting Service".
Predictive Introduce platform
maintenance or marketplace
business models
Fig. 3  The three levels of digitalization
An example of a real product innovation through digitalization is the transition from

the vinyl record to the CD to the purchase and storage of audio files from online provid-
ers. The disruptive effect of digitalization is also clearly visible in the money traffic—
from the cash register to the online payment system.
In this context, one also speaks of Product-as-a-Service (PaaS).
Once it is clear what digitalization means for manufacturing companies, the question
of the IT vs. digitalization strategy can be answered.
On the level of process optimization as part of Industry 4.0, for example, IT plays
a significant role in the introduction or optimization of MES systems. Almost all tech-
nologies within the framework of Industry 4.0 have an interface to IT or are IT sys-
tems. Therefore, the IT strategy must refer to this. But who is the driver of such process
optimizations? From the author’s point of view, this can only be done in cooperation
between departments—here production/logistics or supply chain management—together
with IT. In the end, all optimization projects must be included in the IT strategy and fit
in with the existing IT architecture. Therefore, IT is rather an enabler than a driver in this
case.
Within the framework of product innovations (see level 2: “Digital Products”) (Fig. 3)
IT plays an important role. Especially when it comes to digital additional services in the
form of apps or service portals on the web for a product. These must be provided by
IT, as they often have interfaces to core systems such as ERP or PLM and thus have to
fit into the existing system landscape and IT architecture. By way of example, an app
and a portal may be mentioned which, for an electrically manufactured and sold battery,
provides additional information, for example the current consumption, the still available
charge, the previous use, necessary repairs, etc. It is important with such product innova-
tions that IT is always involved from the beginning in all decisions in order to avoid that
the additional services such as the app do not fit the current IT system landscape after-
wards and that interfaces are only very difficult or not available at all.
On the third level, with regard to new digital business models, IT is sometimes even
considered one of the essential core processes and the heart of a new business model.
This is because new IT technologies can give rise to new business models. For example,
new services can be offered to existing customers based on complex data analysis that
provides additional value and can be priced accordingly. The role of IT has become inex-
tricably important, because without IT competence this business model is inconceivable.
In the first edition of the book, the principle still applied that the IT strategy must be
derived from the corporate strategy, the so-called “business-driven IT strategy”. In the
now available second edition, this principle has changed due to digitalization. A kind of
reciprocal relationship has arisen: it is still the case that the specialist departments and
the management set the strategy for IT, but through the technical innovations of digi-
talization, IT also drives the specialist departments and management forward. So it goes:
“Business drives IT drives Business”!
It is precisely in this interface that, from the author’s point of view, digitalization
strategy has its place.
It is part of the corporate strategy on the one hand, and part of the IT strategy on the
other. The diagram in Fig. 4 shows this interaction very clearly.
Corporate strategy
Digitization strategy
IT strategy
Fig. 4  Digitalization strategy vs. IT strategy

Working Questions for Chapter 1 15
Worksheet 1.1: Basics of IT strategy
◾ What are the three levers for optimizing IT performance?
◾ What are three of the most common reasons why an IT strategy fails?
◾ When and in which situations (company phases) is an IT strategy particularly needed?
◾ In your opinion, what are the three main benefits of an IT strategy?
◾ What is the difference between effectivity and efficiency?
◾ What is the difference or distinction between an IT strategy and a digitization strategy?
Fig. 5  The success of M&A depends heavily on IT
It should be noted that the IT strategy does not replace the digitalization strategy and
does not integrate it completely. The IT strategy contains core elements that are impor-
tant influencing factors for the digitalization strategy.
Working Questions for Chapter 1
(See Fig. 5)
Six Good Reasons for an IT Strategy
Abstract
In this chapter, the current and burning questions of IT organisations that can be
answered with the help of IT strategies are elaborated.
Organizational Challenges
The Role of IT in the Company
IT is usually considered as a service provider in most companies. Traditional tasks

include providing services such as e-mail, telephony, network and printer services, as
well as ensuring uninterrupted availability. Top management usually only comes into
contact with IT when budget planning is due or—which unfortunately happens more
than once a year—when the above-mentioned services or devices do not work. The
image of IT organizations is therefore rather poor with many board members and CEOs
and many do not see IT as having much strategic relevance.
When large system implementations are due, IT is back in the spotlight. Most of the
time, such a project is not even entrusted to its own IT department, so that external ser-
vice providers are commissioned. And here too it becomes apparent that most of these
projects do not go ahead without problems and that top management receives more nega-
tive news in the form of delays or budget overruns.
These scenarios characterize the traditional role of IT, as it was still known a few
years ago and as it still exists in many small and medium-sized companies today. Of
course, there are also companies that are already at the forefront of today. For them, IT is
no longer just a corporate domain that has the primary goal of mastering technical com-
plexity. Instead, it is becoming more and more a strategic innovation engine.

18 Six Good Reasons for an IT Strategy
The IT organization is thus transformed from a “commodity” despised department to

an organization recognized by the department heads and the management, which is abso-
lutely necessary in this rapidly rotating business world. Because the business processes
of yesterday and today are already different tomorrow and that is why a flexible IT is so
important today.
Of course, this increases the demands on IT and thus moves it organisationally even
more into the business. This is made clear by the increasingly practiced demand / supply
IT organization, which receives a greater business focus through the “demand branch”.
The Role of the CIO in the Company
The role of the CIO is changing as a result of the aforementioned changes to IT organi-
zation in the direction of business. In the past, CIOs were mostly technologically ori-
ented, but today managers are needed who understand the business well and are able
to precisely assess where the value lever for IT is in the company. This goes so far that
CIOs take on the role of process responsible on the methodological level. This is then
referred to as a split of the CIO job into three directions:
• CTO as technical responsible on the supply side as well as

• CIO as overall responsible for IT, especially the demand branch as well as
• CPO as process responsible, who is mostly not on the demand level, but in the busi-
ness again
It is interesting to see how IT responsible see themselves. For this purpose, Gartner has
written a study that is based on the question of what IT responsible consider important in
2013 [16]. Tab. 1 shows these considered important priorities differentiated by business
and technology.
Of course, at the top of the business priorities list is: increase company growth. This
very clearly shows the value that strategic measures have for IT and the new role of the
CIO in the company. In first place on the technology side are not the old commodities
like optimization of the data center, but is quite clearly the outsourcing variant of cloud
computing as well as—following Carr’s predictions from 2003—the “information side”
of IT, namely the topic of “big data”, that is: how do I get the most important key figures
for controlling the company out of all the available data and information.
Important are—also for the enforceability of an IT strategy and the new role—the
hierarchical position of the CIO in the company as well as the integration into the man-
agement board. In order to optimally support the most important changes or innovations
in all business or specialist areas through IT, it is of great importance that the CIO is at
least a regular member of management bodies that meet regularly. In order to be able
to participate in the relevant decision-making processes, the CIO should have access to
all protocols. Of course, it must be taken for granted that, as part of corporate strategic
Organizational Challenges 19
Tab. 1  What IT responsible consider important (in 2013) [19]

Business Priorities Technology Priorities
1 Increase company growth Analytics and Business Intelligence (key-
word “Big Data”)
2 Contribute to better operational results Mobile Computing
3 Reduce costs in the company Cloud Computing (Software, Infrastructure
and Platform as a Service (Saas, IaaS,
PaaS))
4 Attract and retain new customers Collaboration Techniques (Workflow)
5 Improve IT applications and infrastructure Legacy Modernization
6 Create new products and services IT Management
(innovation)
7 Improve efficiency CRM applications
8 Inspire and retain employees Virtualization
9 Implement analytics and big data Security
10 Expand into new markets and regions ERP applications
analysis, the support potential of IT is always taken into account and its essential func-
tion for the implementation of the strategy is seen.
The “IT Trend Report 2013” by Capgemini [11] unfortunately shows very clearly
in Fig. 1 that only just under a third of all German CIOs and IT managers are regular
members of management boards. At least around 25% are “sometimes” invited to board
meetings. However, this shows the general problem mentioned above that the CIO or IT
manager is often not even in a position to participate directly in the relevant discussions
and decisions.
On the other hand, the role of the CIO continues to develop: a path is emerging from
the “technical implementer” to the demand and information manager, who is seen as a
partner of the business. This also changes the role of the CIO in the overall context of the
company. Tab. 2 shows, based on Brenner [4], this change in the role of the CIO.
Business-IT Alignment and Improvement of Customer Benefits
The role of IT in the company changes with regard to cooperation with the specialist
departments as a result of the transformation of the CIO and IT roles described in the last
chapter. IT is getting closer to the business. This is called business-IT alignment.
However, optimal business-IT alignment will only be sustainable if not only IT devel-
ops and drives business partnering, but also new roles or functions are created in the
specialist department itself as a counterpart to IT. In addition to the process responsible/-
owner (process owner), these include, for example, the roles of a process or business
Participation in Management Board meetings

Does the CIO or IT director in your company attend management board
meetings?
35.1%
Always
36.5%
24.7%
Sometimes
28.7%
22.1%
Rarely
18.0%
13.0%
Never
12.0%
5.2% Survey 2012

No Data
4.8% Survey 2013
Basis: All respondents (n = 167); in percent

© Capgemini 2013
Fig. 1  Participation in Board Meetings
Tab. 2  Change in the role of Old role New role

the CIO (Brenner et al. [4])
Technology-oriented Business process-oriented
IT as content IT as a means to an end
Technology-qualified Leadership-qualified
Specialist Generalist
Thinks in terms of costs Thinks in terms of results
Internally oriented Externally oriented
Knows technology Knows technology and business
expert. It is important here that the (organizational) focus is on complete business pro-
cesses (“end to end”) and not on IT-internal criteria and the primary focus on partial pro-
cesses, such as modules or sub-processes, to which many ERP systems (such as SAP)
are still oriented today.
Furthermore, it is important that the IT responsible persons subject themselves to a
merciless Ist analysis with regard to the perception of IT in the overall organization of
Organizational Challenges 21
the company. What do marketing specialists or production or logistics departments actu-

ally think about the “IT people”? Self-image of IT and image of other organizational
units sometimes diverge widely. Only if IT management openly faces the issue of self-/
foreign image and analyzes exactly why this is so and, above all, what can be done to
align self- and foreign image, then business-IT alignment can work.
It’s not really about the technological background of IT, but about people and their
need for communication, “being understood” and appreciation for the problems that arise
for IT in the form of requirements. The programmer who only comes to the office at
noon, stacks pizza boxes and cola cans around him and sits in front of his monitor alone
until late at night, fearing contact with other people, is now only rarely seen. IT experts
live from the constant communication with the departments and with the external sup-
pliers and must be up to date in the area of the often quoted “soft skills”. The logistics
specialist with his shipping problems or the marketing specialist who urgently needs a
new website should be able to be understood by the IT experts with his needs and prob-
lems. Possible solutions should not be explained in incomprehensible IT jargon—in the
end directly at code level—but should be recorded and answered as far as possible in the
language of the department. Then customer orientation is given and self-image and for-
eign image will align. But this also shows the long and sometimes difficult way from the
technically oriented IT to the modern IT service provider.
The new generation of IT will be different from that of the 1980s and 1990s. It
grows up with social media tools like Facebook and Twitter and has a completely dif-
ferent understanding of communication. The teaching at universities and universities is
no longer only oriented towards highly specialized areas of knowledge, but also offers
subjects such as project or demand management and includes exercises in leadership and
communication.
Dealing with Globalization
Not only large companies, but above all many specialized medium-sized companies have
been internationally successful for years. Locations not only in Europe, but also over-
seas, often in unfamiliar cultures, are now part of the everyday life of the export nation
Germany. This also requires a globally oriented IT organization with the question: “How
should IT be coordinated on site overseas and which IT services are needed there?”
A worldwide consolidation and standardization of applications, infrastructure and
processes must be the goal in order to be able to guarantee coordination at all. But this is
followed by questions: What are the central tasks of IT in the corporate headquarters and
which IT tasks and processes have to be carried out on site? Do we need regional and
local IT organization units and who do they report to? Who coordinates the flow of infor-
mation and communication and checks compliance with standards? All of this calls for a
globally oriented IT governance structure that must be introduced step by step.
The topics and questions mentioned are all part of the IT strategy and are discussed
in detail in Step 5 with regard to the construction of a sustainable IT organization/IT
governance.
Sourcing Problems: Management of the Supplier Portfolio
Many IT services are purchased from external suppliers today. IT outsourcing and its
optimal management therefore play a major role in the management of IT. In large com-
panies there are sometimes several hundred suppliers or external service providers. From
procurement to support in the respective departments, the management of the suppliers
has become extremely complex, time-consuming and therefore costly.
Modern technologies and especially the topic of cloud computing are leading to more
and more IT services from third parties. If you want to keep an overview, you need a
medium to long-term strategy – with derived goals for controlling all suppliers. This is
what the sourcing strategy is for, which is part of step 4 of the IT strategy and an impor-
tant, because cost-relevant, topic here.
What does IT Cost?
IT costs often represent one of the larger, if not the largest, cost items in many com-
panies. For IT decision-makers, managing IT costs is therefore one of the most impor-
tant tasks, especially in times of economic difficulty. In addition, IT costs are often the
only lever for management when decisions have to be made with regard to IT. The actual
technology and everything that lies behind it often appears too complex to discuss in
management committees. Therefore, the only thing that usually remains is the control of
IT via the costs and here especially via cost-cutting measures.
But where can IT management start to optimize IT costs so that a smooth business
process and the most efficient support or automation of the most important business pro-
cesses can be achieved? What are the key cost drivers of an IT organization? How can
the IT responsible person explain in a understandable way where which IT investments
make sense and where not?
First of all, it should be noted that the across-the-board reduction of all IT costs by
a certain percentage, which is often applied in times of crisis, is not sensible. This so-
called “lawn mower method” does not achieve the same results in the IT organization
as perhaps in other areas, as the structure of IT costs is very different, as can be seen in
Fig. 2.
The division shows the IT costs in the three blocks PLAN, BUILD and RUN. The
PLAN area is still strongly underrepresented in many companies with only 10%; here
is the IT management with planning, control, architecture, strategy and controlling. The
BUILD area is application development and in the RUN area is the operation of IT (data
What does IT Cost? 23
Fig. 2  Typical cost structure

10%
of IT organizations
30%
60% Plan
Build
Run
center, infrastructure, telecommunications). The largest cost block with 60% are still the
operating costs / RUN, which despite the increased demand for cloud computing and
infrastructure as a service (IaaS) have already been very standardized and outsourced to
specialized service providers. A pure “further reduction” of the operating costs does not
appear to be sensible against the background of possible consequences, such as the dete-
rioration of performance or the emergence of security gaps.
The question therefore arises more as to where in the IT organization the cost drivers
are located. In a study [21], Gartner identified the most important cost drivers and esti-
mated possible short- and long-term cost reduction potentials. According to Gartner, the
best levers for reducing IT costs with the least possible risks are the virtualization of the
IT landscape with 10% long-term and approx. 3% short-term cost reduction potential.
Almost 10% savings on a long-term basis are also possible through the consolidation of
IT and the reduction of operating costs. However, the two measures entail greater risks:
first in the form of organizational uncertainties and payback when optimizing operating
costs, and second through the high investment costs when consolidating.
Almost without risks and with approx. 3% savings potential on a short-term and 5%
on a long-term basis, negotiations and improvements in contracts with external service
providers are possible.
In addition, an adjustment and optimization of the project portfolio can be considered
as a measure to reduce IT costs. The IT project portfolio is part of the following IT strat-
egy development and will be explained in detail in Step 6 of the sustainable IT strategy
later and put into practice.
If a well-managed license management already exists, an optimization of the used
software licenses and the resulting cost reduction is an easy to achieve quick win.
These measures are first approaches and possibilities for managing IT costs and can
be first indicators that help to get the IT costs under control. In order to set up a sustain-
able IT cost management and not to have the same cost discussions every year, it should
be the goal of IT management to make the cost structures sustainable and transparent in
the long term and understandable.
Sustainability in this context means: a steering instrument is needed. For this purpose,
the author would like to recommend the IT strategy cockpit, which is presented in Step
7, to everyone. With this tool, derived from the Balanced Scorecard, it is possible to rec-
ognize early on which decisions will cause which costs.
Furthermore, the transparency mentioned is essential. If costs are discussed, it must
also be clear what consequences possible cost increases or reductions can have. For this
it is important to understand that the specialist departments and business areas of the
company have a direct influence on the IT costs. If service-oriented architectures are not
yet being used, any changes to business processes can lead to enormous IT costs. This
must be made clear to the specialist departments. On the other hand, IT responsible per-
sons must also contribute themselves that the architecture is built flexibly on the basis of
services, so that new or changed processes do not lead to major reconstruction work in
the application landscape immediately.
In addition to the flexibility of the IT application landscape, which will be dealt with
in detail in Strategy Step 3, scalability is also an important criterion for IT cost man-
agement. This is given if the proportion of variable costs in the total budget is as high
as possible and fixed costs are kept as low as possible. This must be given both down-
wards and upwards. Only then can IT costs “breathe” with the economy: If sales rise,
suddenly necessary applications or infrastructure can be set up quickly and easily; in bad
economic times, for example, outsourcing costs can be reduced flexibly by variable con-
tracts with external suppliers.
In general, it can be said that it will always be a challenge for IT responsible per-
sons to justify IT budgets using traditional benchmarking data from outside. To end these
tedious discussions, the IT management must get involved in the process of developing
strategy for the entire company and, as part of a subsequent IT strategy, make it clear
how and with which means the company is supported by IT. Only when this is transpar-
ent and comprehensible to the management of the company will the IT budget discus-
sions really take place constructively. Then IT and management can discuss budgets on
an equal footing, because both sides understand what the money is used for and what it
is “worth” to the company.
Project Management Skills and Better Time-to-Market
When you ask corporate leaders, IT projects in large companies in Germany are often
little or not crowned with success. The University of Oxford comes to a similar result: In
a large-scale study 1500 worldwide projects were examined which aimed to renew the
IT systems. The result is alarming: Every sixth project had exceeded the budget by more
than 200% [38].
In comparison to common risk management models, IT projects went out of control
20 times more often than expected. Inadequate risk calculation, software compatibil-
ity problems, lack of knowledge when implementing new technology were, according
Project Management Skills and Better Time-to-Market 25
to the study, the most common reasons for the additional expenses. The risk of failure
increased proportionally to the scope and the growing complexity of the projects.
The responsible head of this study of the University of Oxford, Professor Bent
Flyvbjerg, says about this: “We were shocked when the data came in and we learned that
large IT projects are 20 times more likely than normal projects to spin out of control. IT
projects are now so big and touch so many aspects of business, government and citizens’
lives that this poses a singular new challenge for top managers” [38].
Why is that so? There are many approaches, methods, tools and essays as well as
books on this topic. However, there is one approach that stands out again and again:
Change Management.
In this context, Change Management means from the perspective of the author that,
due to the high technical complexity and the resulting misunderstandings or ambiguities,
new requirements or scope changes are always necessary. Actually, one should translate
Scope Management from time to time with “Expectation Management”. Because the
problem is that departments have special expectations of the future IT system, but it is
very difficult to make these expectations tangible in prose or by means of means such
as UML, GUI design etc. in endless specifications and duties. In addition, there is the
dynamics of the constantly changing requirements; today one thinks that one solved it
best, tomorrow one is another step further and knows that one has to do many things dif-
ferently. Therefore, “trial and error” is screwed around until the result corresponds to the
ideas to a certain extent. Through this process, a serious project planning and a reliable
project management are also very difficult with even the most professionally standard-
ized project management processes and the best project managers.
Fig. 3 – from a wide-ranging study by the management consultancy C4 Consulting
[9] – very clearly shows where the challenges lie in change management: top manage-
ment must be involved and communication must flow.
This is exactly what IT projects need to be successful: strong engagement and
involvement of top managers and departmental heads – not only in steering committees,
but also in the everyday decision-making of large IT projects as Fig. 3 shows.
Another reason for the failure of change projects is that the department has to play
“blind man’s buff” in order to specify the requirements of the end customer and then
make them understandable to IT again. Here IT has to go to the customer together with
the department and understand the problem and the bottleneck on site. Only then will
innovative IT solutions and clear requirements be achievable.
The problem of the unclear and constantly changing requirements process is also in
contradiction to the demand for a faster “time-to-market” from the departments. If IT
projects are too slow, the product or service is too late on the market, which is at the
expense of competitiveness. Fig. 4 very clearly shows that, alongside the apparently still
current ongoing cost reduction potential, above all efficiency gains in IT are still the top
issue.
In general, the problem of “time-to-market” or efficiency improvement is not only in
IT. Here, the topic of “business-IT alignment” gains importance for closer cooperation
Little trust in communication between employees and

managers
Insufficient human resources
Neglecting of psychological factors in project planning
Insufficient opportunities to manage employee fears and

resistance.
Incomplete or delayed information to employees
Lack of support from line management
Disunity at the highest levels of management
Lack of experience of managers in dealing with the uncertainty

of affected employees
Unclear goals and visions of the change processes
Insufficient commitment from upper management levels
0% 10% 20% 30% 40% 50% 60% 70%
Fig. 3  The ten most common barriers in change processes [9]
and a better understanding of technical possibilities on both sides: Not only IT has to
open up to departments, but also departments have to become more technology-savvy,
better understand what is technically possible and how it can be used for the company’s
purpose best.
How can an IT strategy help improve project management skills and time-to-market?
By sustainably promoting the process of close cooperation with the business!
This begins with the joint development of the strategy in 7 steps and forms the future
basis for joint work. When developing the IT strategy, it is decided together with the
department by means of application portfolios and joint roadmaps which support the IT
should provide for the business in the next 5 years. This makes the IT strategy the basis
for joint work in the next 5 years.
Compliance and Risk and IT Security Management
The requirements for compliance with legal and regulatory requirements on IT are con-
stantly increasing. For managing directors or boards of stock corporations, high fines
threaten if these requirements are not met. The compliance requirements in IT mainly
include the following topics:
• Information security,
• Availability,
• Data storage and
• Data protection
Compliance and Risk and IT Security Management 27
Requirements for IT 2014

What will be the three most important demands on IT in your company in the
coming year?
Increase IT efficiency 44.0%
Improve business processes 41.8%
Reduce IT costs 38.3%
Provision of constantly stable IT services 34.8%
Support for the company/authority with the 25.5%

change
Development of new innovative 21.3%
IT products and services
Faster delivery of IT services 19.1%
Improvement of the lnformatlons evaluation

14.9%
and use
Improvement of the interaction with customers/
14.2%
citizens and partners of the company/authority.
Increase data security 10.6%
Promoting the growth of the company's 10.1%

turnover
Business-IT alignment 9.2%
Fulfillment of the
9.2%
Compllance requirements
Control of the operational IT Risks 2.8%
Basis: All respondents (n = 141)
© Capgemini 2014
Fig. 4  Requirements for IT in 2013
In addition to national rules such as the Telecommunications Act, the Federal Data
Protection Act (BDSG) or the principles for data access and the verifiability of digital
documents (GDPdU), many European and international rules and guidelines are now in
use (by way of example, BASEL II/III or the Sarbanes Oxley Act (SOX) if the company
is listed on the American stock exchange).
How can all of these regulations, rules and guidelines be complied with? Who takes
care of it? And how can a CIO or management ensure that there are no gaps in compli-
ance with all compliance rules?
The internationally recognized framework “Control Objectives for Information and
related Technology” (COBIT) of the “IT Governance Institute” (ITGI) offers profes-
sional assistance here. In addition, it makes sense to also take a closer look at the topic of
IT security in order to ensure the IT compliance processes at the same time.
The goal should be a strategy for securing all risks that is coordinated with manage-
ment and that guarantees IT security and compliance with all compliance regulations on
a professional basis using COBIT. This must ensure the comprehensive and permanent
compliance with all requirements of the legislature and the company.
Areas affected by IT compliance are, for example:
• GDPdU-compliant archiving of banking data

• E-mail archive
• Document management system
• License management
• Process History Management
The core task is the documentation and corresponding adaptation of the IT resources as
well as the analysis and evaluation of the corresponding problem or risk potentials (also:
risk analysis). The resources include hardware, software, IT infrastructure (buildings,
networks), services (e.g. web services) and the roles and rights of the software users. It is
important to note that the implementation of compliance is seen as a continuous process
and not as a short-term and one-time measure.
Using the example of license management, it becomes clear that IT compliance is a
constant companion and therefore the IT compliance processes must be set up according
to COBIT so that they are continuously applied by all persons affected by them. Typical
questions in the field of license management are:
• Have all commercially used software products been acquired?

• Are the respective licenses of GPL observed with OpenSource?
• Are there old licenses that can be used for updates?
The Federal Office for Information Security (BSI) offers a comprehensive set of instruc-
tions with the Basic Protection Catalogues, many books on this topic are available on the
market and help.
Mergers & Acquisitions
A functioning IT plays an important role in today’s world of mergers or acquisitions of

companies or parts of companies. Not only economic and corporate strategic aspects
are important in the consideration of a purchase or acquisition, but increasingly also the
question of how the existing IT can be taken over or integrated.
Fig. 5 from the McKinsey Quarterly [31] shows very clearly that IT often accounts
for more than half of the synergies in a merger.
This shows the great importance of IT in merger & acquisition processes. Therefore,
the analysis and examination of IT is not only a weighty factor in the post-merger
Mergers & Acquisitions 29
Synergy distribution by industry, % Examples of synergies:
10 Lower IT infrastructure costs

IT alone 15
25 Reduced IT head count
Increased volume discounts for IT procurement
Related
to IT
35 40
IT enabled Integrating functional systems reduces
finance and HR costs
35 Integrating customer data offers better
cross-selling revenue
Unrelated Fewer plants, distribution centers and headquarters

to IT 50 50 reduce facility costs
40 Lower financing costs
Vendor consolidation lowers procurement costs
Health Industrial Financial

Care Services
Fig. 5  The success of M&A depends heavily on IT
integration, but already in the due diligence. Here, in particular, the internal actual analy-
sis of IT shown in step 1 can be a valuable contribution to the examination and assess-
ment of the integration effort before the purchase or takeover.
In a representation of the consulting firm A.T. Kearney, IT plays a decisive role in an
M&A process not only in the due diligence phase, but throughout the process in four
steps: (based on [1])
• Due Diligence (“Reduce Risks”):

– Identification of IT risks and “deal-breakers”
– Estimation of costs for IT integration and costs
• Merger Planning (“Create a vision of the future”):
– Building an IT Integration Framework
– Development of a first idea for the new arrangement or integration of IT
– Migration and integration of the most important data streams and systems
– Establishment of clear service transition rules
– Calculate integration budget
• Post-Merger Integration (“Execute Plans”):
– Implementation of future IT services
– Review and compliance with service transition rules
– Migration of all data
– Execute Retention and Severance Plans
– Shift to business as usual
• Synergy Realization („Reap Benefits“):

– Execute decommissioning plans
– Track synergies
– Implement long-term IT-transformation programs
When a company is planning an acquisition or will be merging in the foreseeable future,

an IT strategy is the best foundation for all IT M&A decisions: It paints a clear picture
of what the IT looks like and how it should look in a few years. This clearly structured
starting situation can be ideally used to compare the incoming IT. For due diligence,
the internal IT status analysis presented in step 1 can be used and compared with the
application strategy from step 3. In post-merger integration, the IT can be integrated into
its own IT in terms of organization, governance and sourcing according to steps 4 and
5. The IT strategy cockpit helps to control and optimize IT integration by taking up its
goals and making them controllable.
IT as an Enabler for Digitization and Industry 4.0 in the

Manufacturing Industry
As already shown in the definition of the IT strategy and its delimitation to the digitiza-
tion strategy, IT plays a significant role in the digital transformation of manufacturing
companies.
Why is IT only an enabler and not a driver of digitalization? To get back to the defi-
nition question, which is answered by Gartner as follows: “[…] Because digitalization
requires companies to question business models and think about transformation; thus a
highly complex evolutionary step of their own organization […]”. [1]
The Gartner quotation shows very well that digitalization not only brings the already
described process optimization with it, but also business models and completely new
products. The focus on business models and product innovation used to be the responsi-
bility of corporate strategy. However, due to the IT-related technologies of digitalization,
IT and corporate strategy are now growing closer and closer together.
This also means that the role of IT and the CIO must change more and more.
“Business drives IT drives Business” means for IT management to focus more on busi-
ness model issues. However, the author currently sees IT in the production environment
only on the level of optimization and industrialization of IT. The diagram in Fig. 6 shows
this very clearly.
IT is on its way to becoming not only an enabler, but a driver of digitalization for
manufacturing companies. However, this also requires a change in the IT organization,
which cannot be realized overnight. However, the vision and above all the IT strategy
must already show the way.
However, IT is currently very well utilized in the role of enabler for digitalization
in most companies. Enabler in this context means that IT has not only understood the
IT as an Enabler for Digitization and Industry 4.0 … 31
Future
Driver
role of
IT ?
Future
role of
Today's IT ?
Enabler
role of
IT
IT industrialization Digitization
Fig. 6  The role of IT between IT industrialization and digitalization
technologies required for process optimization in the sense of Industry 4.0, but can also
make them available to the specialist departments for application. The IT organization is
therefore still a kind of service provider for the specialist departments for the implemen-
tation of Industry 4.0 projects.
The next evolutionary step would then be the transformation from service provider
to driver of digitalization projects in the company. Often this is not clearly delineated,
because in many projects the IT is already driving and in other digitalization topics per-
haps not yet as far as the department. Therefore, both for the IT and for the departments,
a specialization and expert position in the company makes sense. For example, the IT
can be the driver for topics such as predictive maintenance, for a topic such as aug-
mented reality only a service provider. This must be newly determined for each topic and
expertise as well as knowledge of the employees.
However, if it comes to the disruptive part of product innovation or business model
renewal, today’s IT organization is often still in an advisory role in terms of technol-
ogy. A leading role is still rare, but must be taken into account in the IT strategy for the
future.
Working questions for Chapter 2
Worksheet 2.1: Introduction and basic information on IT strategy
◾ Give three reasons why IT strategy is important to you and your business:
1.
2.
3.
• What role does your IT currently play and what role should it play in the future?
Drivers
Enabler
IT industrialization Digitization
Reference
1. Gartner: „Taming the Digital Dragon: The CIO Agenda“, abgerufen am 03.01.2019; https://
www.gartner.com/imagesrv/cio/pdf/cio_agenda_execsum2014.pdf
The Approach Model for Developing
the IT Strategy
Abstract
This chapter is intended to prepare and understand the model for the development
of the IT strategy. It presents the 7 steps with their respective contents. Finally, the
example company is presented with its most important data, which in each step serves
as a practical example to illustrate the building blocks on the way to the IT strategy.
The 7 Steps to the IT Strategy at a Glance
The principles presented for strategic management, IT strategy and current challenges
of IT organizations serve as an introduction to the topic. They form the basis for the
development of an individual IT strategy, which takes place in 7 steps, which in turn are
divided into three core components, as shown in Fig. 1:
1. The location determination

2. The design of the strategy
3. The implementation of the strategy
Preparations: Developing the IT Strategy as a Project
Before starting with the actual analysis of IT in step 1, a chapter is put in front of it—so
to speak as step 0. Because the development of an IT strategy requires a framework and
a structure in order to be successfully carried out. This is done with the help of a project
structure, as is known from IT projects.

34 The Approach Model for Developing the IT Strategy
det
tio
me gy
Loc inatio
nta
ple te
erm
im Stra
atio
IT
n
strategy
n
Draft
strategy
1- Location determination 2- Draft strategy 3- Strategy implementation
Step 1: Ist-Analysis Step 3: Application strategy Step 6: Implementation

IT processes Application portfolio Project portfolio
IT Organization Application life cycle IT roadmap
Technology Budget strategy
Finance Step 4: Sourcing strategy
Design sourcing Step 7: Cockpit
Step 2: Challenges strategy
IT Strategy Cockpit
Analysis of the corporate Communication
strategy
Step 5: IT organization Change Management
IT Challenges Demand/Supply
Creating an IT vision IT Governance
Fig. 1  The 7 steps at a glance
This includes, as a first step, the clear definition of the goal of the IT strategy, i.e.
why the IT strategy is being developed. This is recorded as the project goal, to which the
delimitation of the project is attached, i.e.: Clear definition of what the content (scope) of
the IT strategy is and what it is not (out-of-scope). This is followed by the creation of a
project plan in the form of a Gantt chart or—in a simple way—in the form of a roadmap
or milestone plan. Then, on this basis, the work packages for the development of the IT
strategy are broken down in detail. A first estimate of effort and budget is made and then
an organizational chart is created. Here it is important that it is exactly specified who
is involved in the project in which role. Finally, a stakeholder analysis is carried out in
order to better understand where and with whom in the company support for IT can be
expected and where possible conflicts are dormant.
Step 1: Status Analysis
Now the actual project work starts with a general location determination of the IT in
the form of a status analysis. With the help of a questionnaire, the maturity of the IT
The 7 Steps to the IT Strategy at a Glance 35
processes is ascertained on the basis of the following four areas and visualized in a net-
work diagram:
• IT processes
• IT governance, IT organization and employees
• Technology
• Finances
The results from the questionnaires are transferred to a network diagram, in which it
quickly becomes clear where the first weaknesses are. This makes it possible to derive
first action options in the form of challenges for IT optimization in the first step.
Step 2: Analysis of the Company Strategy and Derivation

of Challenges for IT
After the internal consideration of IT, the analysis of the company strategy follows in
step 2 in relation to IT. As already learned when defining the IT strategy, an IT strategy
cannot be created on the “green meadow”, but is ideally an integral part of the company
strategy or at least closely linked to it.
First, the classics of corporate strategy such as the Boston Consulting Portfolio and
the Porter competitive analysis are introduced and filled with life using the example
company. Then it’s about the challenges in the departments and the business processes
of the company, which are put under the microscope. With these board means, the chal-
lenges for IT are then derived. This second step is rounded off with a first draft of an IT
vision, which can be formulated on the basis of the identified challenges at this point and
thus forms a kind of framework for the further development of the IT strategy.
Step 3: The Application Strategy
Now the actual strategy process begins with the design of the application strategy in step
3. Based on the already known BCG matrix, an actual application portfolio is created.
The life cycle theory is added, with which it can be analyzed more precisely in which
life cycle or stage the current applications are.
On the basis of this application portfolio and the application life cycle, all current
applications are evaluated. From this, action options can be derived for each application
(for example: keep, phase out, modernize, etc.). These action options lead to an applica-
tion roadmap, which—clearly and ordered by time and priority—shows the necessary
projects for the modernization of the application landscape.
The result of this step is an application portfolio aligned with the results of the loca-
tion determination (steps 1 and 2), with a roadmap of how the future application land-
scape should look.
In step 4, a sourcing strategy is developed that shows whether IT services are to be oper-
ated or created in-house or by external partners. It starts with basic questions about
sourcing, such as the motives for outsourcing, the opportunities and risks, make-or-buy
scenarios and the crux of the economic calculation.
Then it is about the basic classification, which types of sourcing exist and about the
actual sourcing strategy. Here, a distinction is made between the depth of production
(degree of outsourcing), the number of involved providers (multi- or single-sourcing or
mixed models) and the optimal location of the service (offshore, nearshore, etc.).
A sourcing governance is introduced, which is intended to show how sourcing pro-
jects and existing or ongoing sourcing projects can be optimally staffed with roles and
responsibilities. Step 4 is concluded with a practical excursion, which shows in 5 phases
how an invitation to tender should ideally be set up (including checklist).
Step 5: The IT Organization and IT Governance
Step 5 consists of three essential components:
• Optimizing the IT organizational structure with the demand/supply concept presented

here
• Checking and setting up IT governance structures in the form of new or adapted roles
and responsibilities
• Conducting a gap analysis to create a personnel strategy for the IT organization
First, typical IT organizational structures are presented and the special features in the
form of PLAN-BUILD-RUN models or the increasingly common construct of the
demand/supply model are shown. This demand/supply model is then discussed in detail
and all functions and goals of the demand and supply branches are discussed in detail
and practically presented using the example company.
Then, a part of IT governance is examined more closely. The role of IT in the com-
pany is checked and adapted to the new findings from the location determination in steps
1 and 2. The role of the CIO is clarified and typical committees for IT are presented and
examined. Typical problems such as the conflict between line and project or the question
of process responsibility for IT as well as the question of which tasks the IT is carried
out locally or centrally determine this second part in step 5.
The 7 Steps to the IT Strategy at a Glance 37
The personnel strategy is based on the so-called gap analysis and checks whether
the right employees are in the right positions or what needs to be done to achieve this
optimum.
Step 6: Implementation—The IT Roadmap, Determination of the IT

Budget and the IT Project Portfolio
In step 6, the implementation of the IT strategy begins. The starting point is the creation
of a roadmap that answers the question of which measures and projects arise from the
previous 5 steps for the IT organization in the next 3-5 years. For this purpose, measures
are derived explicitly from each step and then clustered in time in a clear roadmap.
After that, it is about the question of what the implementation of the roadmap costs.
Now it gets exciting, because so far all measures could be shown ideally, but whether all
measures are realistic and affordable is now checked and examined. For this purpose,
the budgets for each measure are roughly calculated. Afterwards it is shown why which
measure makes sense and which saving potential is possible for each measure (quantifi-
able in € or at least argumentatively).
Finally, the portfolio theory is used again when it comes to the evaluation and pri-
oritization of projects. All measures that are still remaining are now put to the test as
projects. Only those that offer a strategic advantage to the company and have a reason-
able probability of implementation will have a chance of survival in the evaluation by top
management.
Step 7: The IT Strategy Cockpit
Step 7 ensures that the IT strategy does not disappear into the drawer, but is constantly
checked, updated and adapted. This is done with the help of an IT strategy cockpit,
which—based on the concept of a flight cockpit—provides all the essential information
for the management and control of IT. The IT strategy cockpit is based on the concept of
the Balanced Scorecard. All measures and projects from Step 6 are repeatedly checked
here using key figures.
 It is important to mention that these seven steps do not have to be carried out rig-
idly one after the other. Many companies and IT organizations, for example, have a
detailed application strategy and only want to discuss how they can optimize their
sourcing or how they can best implement an existing IT strategy using the roadmap
technique, portfolio theory or by using the IT strategy cockpit. Then only the rel-
evant steps have to be picked out and processed, because the individual steps are
based on each other, but can also be processed independently.
 In general, the question always arises when developing an IT strategy: “How

detailed do the individual sections have to be so that nothing is forgotten on the
one hand, but on the other hand too much effort is not expended that does not pay
off in achieving the IT strategy goal?” This book deliberately pushes technical
approaches into the background and instead focuses on the optimal alignment of
IT with the business. Only after an IT strategy has been created is it necessary to
dive deeper into the technology. There is very good, technically oriented literature
available to support the strategy building blocks technically.
Methodical Structure of the 7 Steps to IT Strategy
Theoretical Part with Practical Examples
In the context of the introduction to the topic, basic knowledge of the tasks of each step
is created. These can be, for example, explanations of the origin, function and applica-
tion of corporate strategies such as the BCG matrix or Porter’s competitive model in step
2. These theoretical basics are explained in such a way that they form the basis for their
own application in the task part.
The theoretical part is underpinned in all chapters with a practical example, the ficti-
tious company “Produktio weltweit GmbH”, which is presented in more detail below.
Working Questions and Implementation
Now it’s time to put what you’ve read into practice. The working questions themselves
form the “fillet” of the application of knowledge to your own company. Through struc-
tured questions and fillable matrices, roadmaps or checklists, the respective step is car-
ried out for the IT organization and the company. Fig. 2 shows how such a worksheet
typically looks like.
Conclusion
At the end of each step, there is the opportunity to reflect on the procedure and the
results. This allows the respective thoughts to be recorded and a first conclusion to be
drawn for the IT organization. Perhaps new connections will also be recognized and
new challenges can be mastered better as a result. Because the goal is not only the docu-
mentation of an IT strategy that is then forgotten in a folder or shown to management
once via PowerPoint and then forgotten. The goal is to learn on the way and to gain new
insights into how and where levers are that help to set up the IT optimally.
Introduction to the Example Company 39
Worksheet 3.1 Preparations: Project objective and scope of the project
What is the project goal? Think about breaking down the goal (specific, measurable,
realistic, accepted and timed).
Clarification and definition of the scope (What is in-scope and out-of-scope?)
The project objective:

Target rule Fulfilled?
Specific
Measurable
Accepted
Sub-targets or sub-objectives (if any)

Realistic
Terminated
Fig. 2  Example of a worksheet
Introduction to the Example Company
In order to make the development of the IT strategy as practical as possible and to make
it easier to imitate and recognize situations and derive possible options for action, this
book uses a fictitious example company.
Example Company: Produktio Weltweit GmbH It is a company from the upper mid-
dle class with approx. 800 employees. The company produces very special and modern
vehicle parts that bring information technology into the car. These include, for exam-
ple, so-called “Head-Up Displays” for displaying important information on the wind-
shield or the integration of apps into the car’s multimedia environment. The company
headquarters is in Germany and there are 2 production sites and smaller sales locations
worldwide. The IT organization is centrally organized with approx. 40 employees at the
company headquarters.
A detailed development plan for IT was recently approved, which describes in detail
how the application landscape is to develop in the coming years. However, it has been
found that the organization, the governance structures and the current situation with the
suppliers are not optimal. Therefore, they would like to develop a holistic IT strategy that
is based on a neutral current state analysis of the IT organization, the governance and the
sourcing situation. An IT vision is to be created that will bind and inspire all employees
so that the planned development plan can be implemented. In addition, all suppliers and
contracts are to be checked and optimized and—if necessary—put out to tender for cer-
tain areas. Afterwards, a project portfolio is to be set up so that the IT remains control-
lable. A roadmap is to be created for the structured implementation of the development
plan.
It should be noted that all assumptions made below about this fictitious company are
of a fictitious nature, in particular the calculations made in steps 6 and 7 regarding the
IT budget, savings and the key figures for the IT strategy cockpit. All numbers are for
illustration only and are intended to help make the development of the IT strategy more
concrete using a practical example.
Part II
7 Steps to a Sustainable IT Strategy
Preparations: Setting up the
Development of the IT Strategy as a
Project
Abstract
Before starting the IT strategy project, some questions naturally arise: “How do I
develop the IT strategy best: alone or as a team? How long does it take and how much
effort does it mean for me and/or my team? How long will it take me to develop and
implement the IT strategy? Or is this an ongoing development process that constantly
accompanies me?”
Goals of the IT Strategy
Before development of the IT strategy begins, it should be clear to everyone what the
goals are. Chapter 1 has already made it clear that the IT strategy is a sub-area of the cor-
porate strategy and is derived from this. However, in order to first get a general overview
of what the goals of an IT strategy are, the following list will present some basic motives
and starting points that can be examples of a project goal or sub-goal:
• Better cooperation and more effective requirements management between business

and department (called Business-IT-Alignment)
• Faster time to market, i.e. more efficient provision of new IT services
• Restructuring of the IT organization and making it “fit” for the future
• Better positioning of IT in the management of the company (possibly new role of
CIO, new role of IT in the company)
• Expansion of IT responsibilities in the direction of demand or process organization
• Cost-optimized outsourcing of so-called IT commodities (IT operations, infrastruc-
ture) and thus more focus on value-added applications
• Adaptation or reorientation of IT in the context of post-merger integration

44 Preparations: Setting up the Development of the IT Strategy …
Tab. 1  SMART rule for determining project objectives

Letter Meaning Description
S Specific A clear definition of the goal (as precise as possible)
M Measurable The goal must be measurable (criteria for calculation)
A Accepted The goal must be accepted and recognized by all parties involved
R Realistic The goal must be achievable and possible
T terminated The goal must have a deadline by which it is realized
When formulating objectives for your IT organization, you should orient yourself to the
“SMART” rule as shown in Tab. 1.
As part of the project profile for the development of the IT strategy, the goals must be
defined to which this project is to lead, that is, which results are expected.
The IT Strategy as a Project
Depending on the size of an overall company and its IT organization, an IT strategy can
be developed in a small team or require a large project organization.
The general principle applies: Never alone!
Because at the latest in step 2, during the joint analysis of the corporate strategy,
the departments and the management board are required for discussions and approvals.
This book places particular emphasis on the close cooperation of IT with the business.
Therefore, a joint development of the IT strategy together with the department heads and
the management board is indispensable.
Scope and Scope (Scope) of the IT Strategy Project
In this context, the question arises as to how large the scope and scope of the IT strategy
project should be. In other words, whether an IT strategy should be created for the entire
company or whether the company is so large as a group that only certain divisions or
business areas are initially included. For companies operating internationally, the ques-
tion also arises as to whether all foreign subsidiaries or regions are to be included or
whether the IT strategy is to be created initially only for the headquarters.
In general, the concept presented here is designed to lead to an IT strategy develop-
ment that is binding for the entire company. In large companies or groups with many
international locations, it often makes sense to develop not just one, but several IT strate-
gies. In addition to a global IT strategy, there can also be strategies that are developed for
a region or a business area.
It is only important that the global IT strategy sets the direction and that the regional
or business-specific strategies are oriented towards it and that these “corporate” IT
The IT Strategy as a Project 45
strategies are subordinate. Which of the steps towards the global IT strategy presented
below belong and which step is defined regionally or for a business area differently,
depends on the corporate structure and the requirements of the regions or business areas.
If these requirements are very heterogeneous, it can make sense to allow a separate IT
strategy for certain regions or business areas, which is oriented towards the global or
“corporate” IT strategy.
By way of example, it may be mentioned that, as part of the application strategy (step
3), each business area has different requirements. This would mean, for example, that
there is a company-wide ERP strategy, but the applications specific to each business area
follow their own strategy, which, however, follows the global strategy in the sense of eas-
ily adjustable interfaces to global standards.
When it comes to sourcing concepts, it may make sense to drive a common IT strat-
egy if the selected provider is global and thus the same IT services can be obtained
worldwide.
Fig. 1 shows an example for the definition of the scope of a strategy project. The start-
ing situation of the example company Produktio weltweit GmbH has been taken into
account for the scope definition. Thus, it is desired within the IT strategy (In-Scope) that
the topic Cloud is considered with regard to possible areas of application in the com-
pany (step 4). Furthermore, the IT organization and the IT governance structure are to
be checked and adapted (step 5). It should also be checked within the sourcing strategy
whether the outsourcing of the “workplace IT” can be implemented with a positive busi-
ness case. Out-of-Scope and therefore not relevant for the IT strategy is the current ERP
system (SAP), but a new application strategy is to be developed nevertheless, but based
In-scope Out-of-scope
Checking whether the topic is cloud The application landscape is to be

relevant and how and where it can reviewed as part of the application strategy,
be implemented but the ERP system is not to be touched
Review IT organization and derive according to the development plan.
possible changes IT strategy only for the Group and
Review and adapt IT governance Germany (the foreign locations are not
structures to be considered for the time being).
Examine outsourcing of workplace IT
and implement them if the business
case is positive
Fig. 1  Scope of the project define (An example)

on the current ERP. The foreign sites are also not in scope, which should not be taken
into account at this time.
Size of the Strategy Project Team
The development of an IT strategy is work ON the IT organization and not IN the IT

organization. This is a big difference, because whoever still sees themselves as a respon-
sible IT manager, IT architect or department head always moves within a role that moves
within the system and its constraints. It is important to consciously step out of this role
and look at the IT organization and the company from a different perspective. And that
from a position that is outside the system. This is often difficult and therefore it is always
helpful in strategy processes to involve external, neutral persons who have this view from
outside the system. This view from the outside allows to think beyond otherwise limited
horizons and to consider how IT can help the company to become better. And it provides
answers to the question of how value can be created through IT and how it can build a
new standing in the company.
Table 2 provides a starting point for the size of a suitable project team that is based on
the size of the company as a starting point.
As you can see, an IT strategy project can be quite extensive. It is important to keep
in mind that, of course, many colleagues will be consulted or involved in the strategy
process. In addition, external experts will be brought in at many stages not only because
of the neutral, open perspective, but also because of their corresponding expertise, which
is not available in-house. The number of people mentioned above is therefore a guideline
Tab. 2  Size of the IT strategy project team

Company size/size of IT organization Size of the IT strategy project team
Up to approx. 100 employees in the company and up to 2–3 people
approx. 10 employees in the IT organization
Up to 500 employees in the company and up to approx. 4–5 people
20–30 employees in the IT organization
Up to 1000 employees in the company and up to 50 employ- 6–7 people
ees in the IT organization (one central company location)
Up to 1000 employees in the company and up to 50 employ- at least 7–8 people
ees in the IT organization (several company locations and
branches abroad)
More than 1000 employees in the company and IT is a approx. 8–10 people
central part between 100 and 500 employees
IT organization has more than 500 employees and is interna- approx. 10 people
tionally active
for the core team for strategy development, i.e. the people who actually play a role in the
project and are given time specifically for the strategy project.
Responsibility and Leadership of the IT Strategy Project
The question of responsibilities and leadership of the IT strategy project is crucial for the
results and success of the strategy implementation. Therefore, this question should be
carefully considered and decided. In practice, four different people are usually involved:
• The IT manager or CIO

• The superior of the IT manager/CIO
• An internal IT strategy expert, IT controller or referent IT governance
• An external, neutral consultant
The advantages and disadvantages of these positions are shown in Tab. 3.
Tab. 3  Advantages and disadvantages of appointing the project manager for IT strategy

development
Person responsible Advantages Disadvantages
IT Manager/CIO Knows the IT and the current status May be “politically” trapped in
very well some problems that he therefore
Knows where the weaknesses and does not want to touch
problems are
Supervisor of the Can very well represent from the Often does not know the actual
IT Manager/CIO perspective of the entire company what problems of the IT because too far
the goals for the IT must be away and/or too little expertise
Internal IT strategy Knows the internal IT very well Is operationally blind in many
expert, IT control- Has the expertise to support the process things
ler or IT govern- in developing the IT strategy Can not bring in external expertise
ance officer and best practices
Often does not have the standing
in the company to lead such a
process at the highest level
External, neutral Can act neutrally and has no political Does not know the internals of the
consultant ties in the company IT as well as the IT manager or
Knows from other companies the prob- the internal IT strategy expert
lems in IT strategy processes and can
confidently lead through the process
Can bring in external solutions and best
practices and has no “blind spot”
Can, with appropriate seniority, lead
such a process at the top management
level confidently and neutrally
The Project Organizational Chart
After it has been decided who will assume responsibility for the IT strategy project, it
needs to be clarified who will participate in the project and how tasks and roles will be
assigned.
Fig. 2 shows an exemplary organizational chart for an IT strategy project. The follow-
ing overview, which also provides a detailed description of the functions of the commit-
tees listed in the organizational chart, serves to explain these:
Control Body: Project Steering Committee There should be a control body for all IT
strategy projects. This body is often referred to as the “Project Steering Committee” or
“Steering Committee”.
Tasks of this body are the steering and control of the goals and progress of the IT
strategy project. It also serves as an escalation instance in case of disagreements about
decisions or results in the 7 steps to IT strategy.
Members of this body should be the company management, with the CEO or board
chairman being the most suitable as chairman of the body, who is the superior of the
CIO in the company. If the CIO is himself a member of the executive management/
board of directors, the chairman of the executive management or even a member of the
supervisory board can take over the chairmanship of the body. Furthermore, at least one
head of a department should be involved in larger projects for which IT is an important
Project Steering Committee

Chairman(s)
Name
Name
Project Management
Project Manager
Head of IT Architecture
IT architecture
Team: Name, …
Department 1 Department 2 Department n

Name Name Name
Name Name Name
... … …
Fig. 2  Project organizational chart for an IT strategy project

competitive factor. The project manager is also a member of this body, as he has the task
of reporting neutrally from the project (reporting instance). If the project manager is not
identical with the CIO or IT manager, he is of course also a member of the control body.
The body should meet at regular intervals, for example every two weeks or monthly
for about 2-3 hours, if necessary even longer.
The Project Management The project manager should actually be the IT manager or
CIO himself because of the impacts on the entire IT organization that are valid for the IT
strategy. However, this is often not optimal for political reasons, as it is naturally more
difficult and not recognized to take a neutral position as an IT responsible person com-
pared to other organizations. In such cases, it makes sense to appoint an external pro-
ject manager. In most cases, this is a company consultant specialized in IT strategy. The
advantage of an external solution lies in the moderation of the entire strategy process
by the 7 steps, which is neutral towards IT and the department compared to IT and the
department.
Task of the project manager is in particular the just mentioned moderation by the
strategy process. The project manager is responsible for resource management and the
professional leadership of all project employees. His task is to keep an overview of the
entire strategy process and to bring about a joint solution finding between IT and the
business. Furthermore, he has the task to report the project status to the control commit-
tee and to de-escalate possible conflicts quickly.
Project Employees from the IT Organization The “IT architecture” area or a related
area within IT should participate as a permanent instance in the IT strategy project. This
area can also be called IT controlling, IT strategy, IT governance, or IT organization. It
is important that the persons concerned are familiar with the interface between business
and IT and that they understand and link both the process and the IT side very well. In
demand/supply organizations, the demand side of the respective specialist departments
or business areas should also be part of the project.
Depending on the size of the company, a total of no more than 5 project employees
from the IT organization should be sent (in smaller companies 1-2 people are enough).
The task of this instance in the project is to support the linking of the business and IT
perspectives, which are of particular importance in steps 1-3. In addition, the IT project
employees take over the specialist tasks in connection with the IT architecture or the tar-
get application portfolio. They also support budgeting, sourcing strategy and above all all
technical questions.
Project Employees from the Departments/Business Units of the Company Last but
not least, the departments or business units are of immense importance for the success of
the project. Because only together can a valid and sustainable IT strategy be developed
for the entire company. Depending on the size of the company, up to 5 colleagues from
the departments should be won for the project.
Who all belongs to the departments? The term “departments” is used as a synonym
for all organizational units of a company. This means that all areas and departments are
meant: Administrative areas such as finance/controlling and human resources/HR, stra-
tegic business units, independent subsidiaries for which IT is responsible, areas such
as logistics and production as well as branches and locations abroad. It is a great chal-
lenge on the one hand not to overlook anyone, on the other hand not to “overload” the
IT strategy project. In many departments and often in distant overseas subsidiaries, there
is the notorious “shadow IT”. In particular, by working together on an IT strategy, a lot
of understanding can be gained for future cooperation. In the end, it is up to the supervi-
sory board together with the project manager to decide who should be involved and who
should not.
The tasks of the department start with step 2 with the joint derivation of challenges
for IT from the corporate strategy or from the departmental strategies. It is particularly
important to assess the current application portfolio in step 3 and to create a target appli-
cation portfolio, taking into account today’s problems and future requirements of the
departments. When creating and constantly checking the roadmap as a project portfolio
in step 6 as well as implementing the IT strategy in the form of the strategy cockpit, the
department is always a fixed component of all meetings.
Definition of Work Packages Including Cost Estimation

and Scheduling for an IT Strategy Project
After the project organization is in place, it must be planned in detail which work pack-
ages are to be processed and how they are to be planned in detail. The following 7 steps
to the IT strategy each form 7 work packages. The following example applies to the
structure of a work package (Fig. 3).:
• Head of the work package (name of the work package, responsible person, start and
end date, effort and version)
• Description of the work package
• Delimitation/scope
• Contents or activities of the work package
• Results
• Requirements
• Involved employees
The time schedule shown here is only an exemplary corset.

This approach can also be designed somewhat more agile on the basis of Scrum.
For example, the “Step 4: Sourcing Strategy” shown in Fig. 4 can take place in several
sprints in order to parallelize tasks.
Activity Package Description

Date: 30.10.2014 Project IT strategy
Mission: IT strategy development
Work Package: Step 2: deriving challenges for IT@
Activity Package Number: AP 2 Person in charge: Mr. Johanning
Start date phase: 01.06.2014 End date phase: 15.07.2014
Effort: 12 Version: 1.0
Description
Step 2 is used to derive IT challenges in the context of developing the IT strategy. The following tasks shall
be performed:
- Analysis of the company strategy and questioning of the company management and executives about the
UN strategy with the help of structured interviews.
- Business Process Analysis
- Filtering out requirements from the specialist areas
- Derivation of challenges for IT from the three points mentioned (UN strategy, process analysis and
business requirements)
Delimitation Optional extension

Only the processes and requirements from None
the headquarters are considered. The foreign
locations are currently out of scope.
Activities
- Structured interviews UN leadership
- BCG.Portfolio Analysis
- Competitive analysis according to Porter
- Requirement analysis departments
- Process analysis of the essential core processes at headquarters
Result/result types
- Process analysis
- BCG portfolio and competitive analysis
- Requirements overview of the departments
- Challenges for IT
- Decision-making
- Project presentation
Requirements and necessary supplies
- Official release of the project plan with corresponding resource and budget allocation
Involved employees
Project Manager IT Strategy with Team
Heads of department and process experts
Speakers UN Strategy
Fig. 3  Define the scope of the project (an example)
Costs and Budget for an IT Strategy
Before the start of the IT strategy project, the cost and investment planning for the imple-
mentation of the IT strategy cannot yet be carried out, as no or only very rudimentary
information is available on what needs to be changed, adapted or introduced.
Expenditure
Task Description task package Result documents
(PT)
Detailed as-is analysis of IT with regard

Network diagram for overview of
Step 1: As-is to IT processes, IT governance,
technology and finance 6 the Analysis results
analysis of the IT Preparation as presentation
Structured interviews with IT management
Structured interviews with company

Step 2 (1):
management, departmental superiors Challenges for IT
Deriving and selected customers 6 Preparation as presentation
challenges Derivation of challenges for IT slides
for IT Documentation
Workshop with IT executives and specialist

Step 2 (2):
departments IT vision agreed with all
Development of 4
Preparation and follow-up of the workshop stakeholders
an IT vision
Documentation and review of the results
Audit of current suppliers and the contractual

situation Structured presentation of current
Step 4: risks and potentials
Identification of fields of action
Sourcing 15 Description of essential sourcing
Risk and potential analysis as well as SWOT
strategy fields of action
support in the planning of a call for tender Preparation as presentation
31
Fig. 4  Budgeting of the IT strategy development
The only planning basis for the project before the start is the calculation of any exter-
nal support that may be required. Strategy consultants, workshop moderators or experts
in IT architecture, sourcing or IT governance topics may need to be purchased externally.
For this purpose, offers from consulting firms must be obtained and the then required
effort must be included in the project budget planning.
For example, it can be helpful to outsource the moderation of the workshops and the
project management to create neutrality in decision-making, especially with regard to the
management or the supervisory board. The procedure for describing the tasks including
an estimation of the effort and the results per task package, as shown in Fig. 4, can be
helpful in this regard.
This example in Fig. 4 shows the support of external consultants in steps 1, 2 and 4.
The point 3 (application strategy) is deliberately left out, as a new development plan has
just been approved here. The focus is clearly on supporting the current analysis to cre-
ate clear neutrality as well as on moderating workshops and conducting structured inter-
views with stakeholders such as the management, department heads or IT colleagues. In
total, 31 person days are required for external support.
Stakeholder Analysis for the IT Strategy
Stakeholders are groups of people with interests that are directly or indirectly affected by
the implementation of a project or initiative. They sometimes have specific expectations,
but can also have concerns or even fears, which can lead them to oppose or support the
project or initiative, and thus have a direct impact on its success.
In order to control the influence of these groups of people in the interests of the pro-
ject, the stakeholder analysis helps to find solutions in a very early stage—even before
there are large conflicts or the failure of projects or initiatives. It therefore serves as a
constant control and risk prevention, which helps the project manager to react faster and
more efficiently to emerging problems.
Fig. 5 shows an example of a stakeholder analysis including the evaluation in a stake-
holder portfolio. This makes it very easy to see who is in favor of the project. The Excel
list also includes columns for the treatment of stakeholders with ToDo’s.
Commitment/
Influence of the Setting the Proposal
No. Name Function/Role Interest in the To Do by whom? Until when?
stakeholders stakeholders Evaluation
project
1=very low 1=very low 1=very positive

2=low 2=low 2=positive
3=medium 3=medium 3=neutral
4=coarse 4=coarse 4=negative
5=very rough 5=very rough 5=very sceptical
1 Name 1 1 5 4 Keep informed
1 Name 2 4 4 2 Key player
2 Name 3 4 2 5 Keep satisfied
4 Name 4 5 1 2 Keep satisfied
5 Name 5 5 5 5 Key player
5 Name 1 Name 5
4 Name 2
Interest in the project
2 Name 3
1 Name 4
0
0 1 2 3 4 5 6
Influence of the stakehoders
Fig. 5  Stakeholder analysis (An example)

Procedure for Creating a Stakeholder analysis

Before starting the stakeholder analysis, you should first consider whether to do it alone
or in a group. Every project participant in the IT project organization should be involved.
This has the advantage that several opinions and views or perspectives on the stakehold-
ers are possible, and that the result can be more valid. The advantage of doing it alone
would be that you consider all stakeholders (including those who belong to the project
organization and therefore cannot be neutral).
You should plan for about one to two hours to complete the stakeholder analysis.
Phase 1: Identification of All Relevant Stakeholders

The basis and starting point of a stakeholder analysis is always the identification of all
those involved in a project or initiative. To identify all stakeholders, it helps in this first
phase to ask questions such as:
• Who started the project/initiative and with what intention?

• Who benefits from this project?
• Who is afraid of this project or its effects?
• Who supports the idea of the project?
• Is there anyone who is bothered by the project?
• Who is responsible for the budget?
• Who can bask in success and who can be harmed by it?
• Which persons from the department or other organizations are involved and how do
they stand towards the project?
• Which suppliers or service providers are necessary or involved and what is their
intention?
Phase 2.1: Evaluation of the Influence

After you can assess more accurately what goals the stakeholders pursue, it is now time
to consider which stakeholder has which influence on the project or venture.
The question here is: “What is the influence of the stakeholder on my project/
venture?”
Here it is recommended to present the influence quite simply on the basis of, for
example, five criteria:
• very low: The stakeholder cannot help you at all and has absolutely no influence on
the success of the project
• low: The stakeholder has little to no influence
• medium: The influence is rather low, but if the stakeholder wanted, he could possibly
support.
• large: The stakeholder has influence on the project and can be a great help
• very large influence: A stakeholder who can contribute a lot to the success/failure of
the project (possibly there is even a dependence on the success of the project)
Phase 2.2: Evaluation of Interest

Now it’s about determining the stakeholder’s interest in the project, that is, what contri-
bution can the stakeholder make to the project’s success?
The guiding question is: “How great is the stakeholder’s interest in the success of the
project or in achieving the project goals?”
The evaluation scale could look like this:
• very low: The stakeholder has no interest whatsoever in the success of your project
• low: The stakeholder has little to no interest
• medium: The interest is limited and his contribution to achieving the project goals
will be manageable
• high: The stakeholder has a great interest in the project goals being achieved and will
do a lot to make it happen
• very high influence: A stakeholder who has a very strong interest in the success of the
project and from whom a very strong commitment is expected.
Phase 2.3: Evaluation of the Setting

In this phase, the expectations, fears and attitudes of the stakeholders towards the project
idea or the project are discussed.
Partly it will be assumptions, partly there are well-founded indications for an
assessment.
The goal of this phase is to find out how the stakeholder feels about the project.
The central question is: “How is the stakeholder’s attitude towards the project/
project?”
Criteria for the attitude towards the project/project can, for example, be the following:
• very positive: The stakeholder has a great interest in the success of the project and
will support it fully
• positive: The stakeholder finds the project/project good and will be more positive.
• neutral: The stakeholder has little or no interest in the project and pursues no specific
goal in relation to the project
• skeptical: The stakeholder had doubts and does not necessarily believe in the success
of the project/project
• very skeptical: A stakeholder who does not believe in the project/project at all or con-
siders it harmful and would like to sabotage it.
Phase 3: Derivation of Measures

Based on the detailed evaluation and assessment of the stakeholders that took place in
phase 2, specific measures can now be taken for each stakeholder.
The following points have proven to be effective:
• Type of involvement of the stakeholder

• Information
• Responsibility in the project or steering committee
Measure: Specific measure for each stakeholder. This can be, for example, the following
measures:
• Control
• Close involvement through information
• Close involvement through conversation
• Please ask the superior for mediation or influence
• No involvement necessary
• Observe and ask every 2 weeks
In addition, it is important to define for each measure who will carry it out and by when,
in order to ensure constant monitoring of the measures by the project manager
Time Horizon of the IT Strategy
No area in the company is more dynamic than information technology. New hypes, new
technologies and thus quickly outdated systems and infrastructure lead to ever shorter
investment or re-procurement cycles in the IT sector. Systems that have been imple-
mented and rolled out with great effort are already outdated from a technology platform
perspective at the start and theoretically one could start all over again. But how can a
medium to long-term orientation be achieved if one does not even know today what new
technologies will be on the market in 5 years?
The answer could be: Actually, it doesn’t matter at all and maybe you can plan
roughly on a 2- or 3-year horizon, but you can’t do that beyond that.
This can be decisively contradicted by proceeding correctly with the planning.
Even if nobody can look into the future and even visualization tools such as the
Gartner Quadrant can only provide a presumed view of things in the coming years:
Strategic leadership means first and foremost having a plan for the coming years, but it
does not mean that everything will happen exactly as planned. On the way there, things
can happen that are unpredictable and that one will then have to deal with.
This is just like planning a vacation: You won’t set off for a vacation destination with-
out first planning how to get there and what you need for the journey and at the destina-
tion for the coming days or weeks.
The same is true for leading the IT department. Goals have been set by corporate
management or departmental managers that need to be implemented; now it is time to
The Economic Efficiency of an IT Strategy 57
plan how to get there and above all what is needed for this—analogous to a vacation trip.
The basis for this is the IT strategy. It shows a concrete plan of how to achieve goals and
what is needed on the way there. The IT strategy cockpit as a kind of navigation system
for the IT organization helps to make necessary adjustments again and again and to see if
one is still on the right track.
This strategy cockpit enables you to check the IT strategy on a recurring basis. The
associated IT strategy reviews give the opportunity to check, adjust and possibly add new
goals that have been set.
In general, it must be noted that the development of an IT strategy is not a one-time
event during which a document is created that contains all the guidelines for the next 5 or
8 years. It is just as clear that today’s decisions and strategy documents may be obsolete
tomorrow. Therefore, the IT strategy development presented here is designed so that the 7
steps can be carried out all at once or individually, depending on the appropriate situation.
The IT strategy with all 7 steps should be valid for about 3-5 years, but should be con-
stantly questioned and checked using the aforementioned strategy cockpit. The following
subdivision can be helpful in this:
• Development of the IT strategy based on the 7 steps—time horizon: 3-5 years

• Derived from this: the planning and control of an IT project portfolio—time horizon:
approx. 1 year
• Creating an IT roadmap with a long-term horizon that maps the targeted goals of the
IT strategy as projects onto a timeline. In addition, the roadmap also contains the
medium-term aspects derived from the project portfolio.
• Regular control of the company’s internal budget and planning processes as well as
other events (for example, acquisitions or organizational changes) using the IT strat-
egy cockpit—time horizon: regular control and adjustment of the IT strategy
The Economic Efficiency of an IT Strategy
In the introduction, the topic of IT costs has already been addressed in the sense that
the prevailing tenor of all corporate leaders is: “IT costs are much too high!” This atti-
tude may appear to be justified at first glance, but a more appropriate question would be:
“Which are the right investments in IT in order to achieve a higher return on investment
for the company as a whole and which investments in IT are rather to be neglected?”
In order to answer the crucial question of the economic efficiency of IT, only an IT
strategy can help. Because in the IT strategy these questions are answered exactly:
• It is shown how the actual needs of the company and the departments receive the right
IT support.
• With the help of classical make-or-buy decisions, it is considered which IT services
can be economically provided by third parties and which internally.
• A project portfolio creates transparency about all IT projects and clearly shows which
projects are economically viable and which are not.
• Last but not least, an adapted balanced scorecard ensures that, with the help of a cock-
pit, the goals of IT can be controlled and reported in a transparent manner.
Possible Problems on the Way to the IT Strategy
This chapter deals with the question of “How do I deal with certain expectations with
regard to the IT strategy?” In the stakeholder analysis, many answers have already been
given, but the possible problems on the way to the IT strategy should be summarized
again. This was very well shown by professors Ward and Peppard from Great Britain in
their book “Strategic Planning for Information Systems” [39].
The following are excerpts from these possible problem situations from Ward/Peppard
that can help you to get through the IT strategy process as smoothly as possible:
• Problems with the support of the top management (the involvement of the top man-
agement is crucial)
• Not having the freedom to communicate and implement change processes in the
company
• Ignoring the company’s goals
• Problems with understanding or translating the company’s goals into IT goals
• Problems with the integration of all necessary stakeholders including key users into
the IT strategy process
• Only listen to the “wish list” of the user in the application strategy and not look for
requirements left and right of the way
• Ignoring the actual weaknesses of one’s own IT organization in order to be able to
carry out such an IT strategy process “alone and internally”
• Not to think that only one proposal for an IT strategy is up for decision, but several
alternatives that are presented to the top management
Working Questions for Setting up the IT Strategy Project
Now all the basics have been created for your own work on the IT strategy. As part of
the preparations, the following worksheets will be developed to set up the “IT strategy”
project.
Participants in this so-called “0. Step” are the IT manager/CIO, his superior for exam-
ination and, if necessary, an external consultant who can help to set up the process cor-
rectly from the outset.
Working Questions for Setting up the IT Strategy Project 59
Define project goal
Worksheet 3.1 Preparations: Project Goal and Scope of the Project
What is the project goal? Think about breaking down the goal (specific, measurable,
realistic, accepted and scheduled)
Clarification and definition of the scope (What is in-scope and out-of-scope?)
Project Objective:
Target rule Fulfilled?
Specific
Measurable
Accepted
Sub- or sub-objectives (if any) Realistic
Terminated
Determine project scope
Worksheet 3.2 Define the scope of the IT strategy project
Clarification and definition of the scope

What is "in-scope", i.e. what absolutely has to be examined within the framework of
the IT strategy?
What is "out-of-scope", i.e. which things should not be examined more closely within
the framework of the IT strategy?
In-Scope Out-of-Scope
Working Questions for Setting up the IT Strategy Project 61
Create roadmap or milestone planning
Worksheet 3.3 Define the roadmap of the IT strategy project
What are the essential milestones of the project (possibly analogous to the 7 steps)? (Note: Not all
7 steps have to be necessary processed, but only the necessary ones).
Please enter the timeline below and then the milestones of the IT strategy project.
Detailed definition of work packages
Worksheet 3.4 Define work packages
Activity Package Description

Date: Project: IT strategy
Mission:
Work Package:
Activity Package Number: Person in charge:
Start Date Phase: End Date Phase:
Effort: Version:
Description
Delimitation Optional extension
Activities
Result/result types
Prerequisites and necessary supplies
Employees involved
Determine budget and cost estimates
Worksheet 3.5 Budget and effort estimation
On the basis of the work packages just created in worksheet 3.4, you can now present
the effort as well as the result documents once again in a clear manner (for example as
a decision template for the management)
Work Expenditure
Description Work package Result documents
package (PT)
Set up the project organizational chart
Worksheet 3.6 Drawing up a project organisation chart
Who all has to be involved in the project (IT, departments, management, etc.)
Who is responsible for the project?
Appoint participants of the steering committee
Define escalation paths
Project Steering Committee
Project management
IT architecture
Department 1 Department 2 Department n

Carry out stakeholder analysis
Worksheet 3.7 Stakeholder Analysis
Identify and register all stakeholders

Transfer of the dimensions influence and commitment into the portfolio
Commitment /
Influence of Attitude of the
No. Name Function / Role Interest in the
Stakeholder stakeholder
project
1 = very low 1 = very low 1 = very positive
2 = low 2 = low 2 = positive
3 = medium 3 = medium 3 = neutral
4 = large 4 = large 4 = negative
5 = very large 5 = very large 5 = very sceptical
4
Interest in the project
0
0 1 2 3 4 5 6
Stakeholder input
Step 1: IT Status Quo Analysis
Abstract
If you want to improve something, you have to know the starting point. This is step 1,
an internal analysis of IT processes, organization, technology maturity and financial
situation. The result of the first step shows the current state of all areas of IT in a clear
network diagram and provides first indications of possible areas of action in the devel-
opment of the IT strategy.
IT Processes
As already shown, the development of strategy does not 1:1 align with the requirements
of CMM(I) or other process and maturity models. Instead, IT processes that are useful
for the current analysis and for further optimization are extracted from all models—in
the sense of better IT-business alignment. These are the five IT processes described in the
following list, which are evaluated neutrally in this first step.
• Project management: Within the scope of project management, it is checked how well
projects are carried out in the respective IT organization and to what extent standards
and experience for the professional implementation of IT projects are available.
• Demand Management: Within the scope of demand management, it is about the
aspects of a smooth cooperation between IT and department as well as about how this
is organizationally underpinned and lived. If no explicit demand management is inte-
grated into the IT organization, but for example the IT is functionally divided, then
the questions can still be answered. The interface business/IT always exists, no matter
what it is called.

68 Step 1: IT Status Quo Analysis
• Supply Management: Supply management reflects the technical core of the IT organi-
zation. It is analyzed to what extent an IT operation is professionally set up and how
the interfaces between demand/supply and department are structured.
• Service Management: The focus is on the mapping of the most important ITIL pro-
cesses in the area of IT operations. It is checked to what extent the most important
ITIL processes are mature in the IT organization.
• Quality Assurance and Quality Management: This area deals with the quality assur-
ance of IT processes. Are there clear quality definitions as well as methodological
basics for the constant improvement of IT processes? Has a reporting been installed
over several control levels and is there a monitoring of IT processes?
IT Governance, IT Organization and IT Employees
This area includes a review of the IT organization. The focus is on IT governance struc-
tures as well as on IT organization and IT HR facts. For this purpose, the following five
framework areas are examined and evaluated:
• IT Governance Structures: Within the framework of IT governance structures, it is

checked to what extent the IT organization works according to established IT gov-
ernance standards and how the interaction between corporate and IT governance is
regulated.
• Sourcing Strategy: The sourcing strategy is a key value driver for an IT organiza-
tion and is therefore examined in more detail in this step to what extent it is possible
to work with external suppliers and what degree of standardization or professional-
ization has already been achieved in the area of controlling and managing external
suppliers.
• Roles and Responsibilities: There is an analysis of to what extent clear role respon-
sibilities exist in the IT organization, how the distinction between line and project
is organized and whether and how well the role descriptions are defined in the IT
organization.
• Business-IT Alignment: The cooperation between the departments and the IT is
checked: How well is the IT aligned with the business, how and with which methods
is regular exchange ensured.
• Employee Development: In IT in particular, knowledge becomes outdated very
quickly due to the rapid technological development. It is therefore of great importance
that a structural and continuous further qualification of the IT employees is strived for.
In addition, not only the professional know-how has to be further developed, but in
many cases so-called soft skills have to be trained. These mentioned points are part of
the examination and analysis in the area of employee development.
Finances 69
Technology
The following five topics are examined and evaluated in the “Technology” area of
investigation:
• Architecture management: The IT architecture of a company is a key planning factor

for future-proofing and investment security. Therefore, this area of investigation looks
at how much architecture management or town planning for the application landscape
takes place within the IT organization.
• IT security and disaster recovery management: IT security has become one of the most
important fields of IT. This is especially true since, with Internet and cloud technologies,
IT no longer takes place solely within the confines of one’s own four walls, but rather
nearly all data must be globally available and accessible at any time. Disaster recovery
plays a big role in this context, in order to ensure that this data is always available.
• IT infrastructure and operations: IT infrastructure and IT operations are two essential
components of an IT organization, which are often outsourced to an external service
provider nowadays. Nevertheless, it must be clarified how well the IT infrastructure
works and how smooth operations can be guaranteed.
• Master data management: The scope of master data management is the investigation
of how well organized the master data is within the company and which standard pro-
cesses exist for maintenance. Master data management has become an important part
due to the complex and often heterogeneous IT landscapes. Duplicates in different
systems and differently maintained or used master data can have fatal consequences.
• Software development: Not every IT organization still develops software itself. But
even with standard products, for example in the ERP area, individual solutions must
be adapted via “customizing”. Here the question is how well these IT processes are
already mapped, how the source codes of core applications are handled, and how well
the documentation and concepts for the various applications are.
Finances
An as-is analysis without consideration of the financial or budgetary situation makes no

sense, because in the end every application introduction or change, as well as the operation
of IT, costs money. Therefore, it is important to find out exactly how professionally the IT
organization is set up financially. The following three areas will be examined in more detail:
• Optimal cost structures: The precise knowledge of the cost structures of the IT organi-
zation is the basis for any new investment and the basis for the decisions of the man-
agement. Therefore, the cost structures of the IT will be examined in more detail here.
• IT controlling: Reporting, key figures or key performance indicators (KPIs) are the
basis for the transparent control and management of an IT organization. Therefore, it
is important to know where the company stands in this area and where there is poten-
tial for improvement.
• Compliance: The topic of compliance is not only relevant for many IT responsible
persons, but often—for liability reasons—also for the management or the board of
directors. In this area, it is examined whether there are still gaps that need to be closed
or whether the company is already compliant with the valid compliance rules.
Working Questions and Implementation Step 1
An important note at the beginning: It is very important for the further development of
the IT strategy that work is always done in writing. Only if all answers, information or
results have been fixed in writing can they be revised, further developed and integrated
into the IT strategy together.
What is Required for Step 1
Useful documents for the current analysis:
• Process manuals or documentation of IT processes, IT project management standards,

requirements management
• IT organizational chart(s)
• Concepts for IT governance structures
• Sourcing concepts
• IT architectural sketches/development plans
• IT infrastructure
• Network structure representation
• Concepts for IT security
• Email archiving
• Policy documents
• Emergency plan/disaster recovery or business continuity plans
• Training materials or system or operating manuals for applications
• Concepts, protocols and project documentation from projects
• Functional specifications, job descriptions or technical concepts from IT projects or
system implementations
Working Questions and Implementation Step 1 71
Involved Step 1
Then the question arises as to who should answer the questions for the current analysis?
In general, this should be answered under the direction of the ideally already named
project manager. In smaller projects, this is the CIO or IT manager himself, in larger
companies and correspondingly larger projects, this can be a neutral third party (spe-
cializing in IT strategy consultant). It is important that the questions be asked as part of
structured interviews and research, and that, after the analysis, a comparison with the
supervisor of the IT manager/CIO from management or with the board of directors must
take place.
Notes on Evaluating the Results
The first worksheet shows an example questionnaire, which is explained in more detail
below. For each question, a cross must be placed in one of the three answer fields. The
number of points is always shown in square brackets and corresponds to answer 1 with
[0] points, answer 2 with [5] points and answer 3 with [10] points.
After each questionnaire (worksheet), the number of points achieved is summed up in
the last line and, according to the following legend, a value is assigned to the entire ques-
tionnaire (worksheet):
• 0–10 points = 1
• 11–20 points = 2
• 21–30 points = 3
• 31–40 points = 4
• 41–50 points = 5
This value of 1 to 5 is then transferred to the spider diagram at the end so that there
is a quick overview for each area of how well or badly the IT organization is set up.
This evaluation therefore already shows in step 1 the first areas of action within the IT
strategy.
Examples for Step 1
To illustrate the status quo analysis, we choose the example company Produktio weltweit
GmbH. This company has some problems in the area of sourcing as well as governance/
organization. We will not go through the entire status quo analysis, but show by way of
example how the questionnaire and its evaluation work and then show the spider diagram
with the complete evaluation.
The status quo analysis starts with the evaluation of the IT processes and the first
questionnaire on project management (here worksheet 2.1). The correct answer is docu-
mented in the respective cell in bold font.
Worksheet 4.1 EXAMPLE 1: Questionnaire IT Processes - Project Management
1 How often have IT projects failed (in terms of More than 50% Max. 10% [5] Not at all [10]
budget or schedule overruns) in the past [0]
five years?
2 Is there a dedicated project management No [0] Yes, but not yet Yes, fully
office? Is there continuous training for all established [5]. functional and
employees on project management topics? provides good
support [10].
3 Is there a project plan that can be viewed by No [0] Yes, in part [5] Yeah.
everyone involved in the project, that is Proven [10]
comprehensible and structured according
to standardised rules?
4 Does the monitoring follow clearly regulated No [0] Yes, rules and Yes, rules and
procedures and known and functioning escalation escalation paths
escalation paths? pathways are are clearly
partially defined [10].
functional[5].
5 There is a clear commitment of the top No [0] Yes, in part [5] Yes, very
management to the projects and a proven professional [10]
change and scope management.
Total points 0 20 0
Total sum of all points 20
Total score for the network diagram according 2

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
The rating for the “Project Management” point under “IT Processes” therefore did not
turn out to be so good and is “2”, which reflects the governance and organizational prob-
lems indicated in this company.
The next worksheet 2.2 shows by way of example the answer to the “Demand
Management” area under “IT Processes”. Unfortunately, the evaluation only results in a
“1”, which is due to the fact that Produktio weltweit GmbH has not yet introduced any
demand management. It works according to the old “Plan-Build-Run” concept and the
software developers talk directly to the departments; therefore, there is indeed contact
with the department, corresponding business know-how and an input channel for require-
ments, which is not standardized, but at least known in the department through long-term
cooperation. However, demand management is not yet set up, which leads to this poor
rating.
Worksheet 4.2 EXAMPLE 2: Questionnaire IT Processes - Demand Management
1 Develop the Demand Management with Supply No [0] Yes, in part [5] Yes, available
Management solution ? [10]
2 Does the Demand Manager exist as a No [0] Yes, but not yet Yes, established
standalone role? established [5]. role and
accepted in
business [10].
3 Are the interfaces between business and IT No [0] Yes, in part [5] Yes [10]
standardized?
4 Does the demand management team provide No [0] Yes, in part [5] Yes [10]
proactive advice and demonstrate a high level
of business know-how?
5 Do the departments have a clear and well No [0] Yes, in part [5] Yes, very
communicated input channel for professional [10]
requirements?
Total points 0 10 0
Total sum of all points 10
Total score for the network diagram according 1

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
It should suffice as an example to only show the first two questionnaires from the “IT
Processes” area here; all other questionnaires are filled out identically. Afterwards, as can
be seen in Worksheet 2.3, the ratings of the individual areas are either transferred to a
table or, for those who prefer graphical representations, also to a network diagram, as in
Worksheet 2.4. The results for the questionnaires IT governance, technology and finance
are assumed for the example company Produktio weltweit GmbH.
Arbeitsblatt 4.3 EXAMPLE: Overall evaluation of the as-is analysis
Please transfer now the achieved points per questionnaire into the following table to get a
total overview of the points per survey item
Phase / object of investigation Points
IT processes
Project Management 2
Demand management 1
Supply management 3
Service management 2
Quality Management 4
IT governance, IT organization and employees
IT Governance Structures 2
Sourcing strategy 1
Roles & Responsibilities 2
Business IT Alignment 3
Employee development 3
Technology
Architecture Management 4
IT Security and Business Continuity Management 3
IT infrastructure and operations 3
Master data management 3
Software development 4
Finance
Optimal cost structures 3
IT controlling 2
Compliancea 2
Worksheet 4 shows how the result can look in a network diagram by way of example.
Worksheet 4.4 EXAMPLE: Overall evaluation as a network diagram
Project Management
5
Compliance Demand management
IT controlling 4 Supply management
3
Optimal cost structures Service management
2
Quality Assurance and

Management
0
Master data management IT Governance Structures
IT infrastructure and operations Sourcing strategy
IIT Security & Business Continuity

Roles & Responsibilities
Management
Architecture Management Business / IT Alignment
Talent management
It is very quickly recognizable in the network diagram where the “rabbit in the pepper”
is. All areas of the actual analysis, which have only received a “1” as a rating, must be
looked at very closely and should be newly worked out in detail as part of the next six
steps. The areas rated with a “2” also count as the fields of action which are exemplarily
represented in the following worksheet 2.5 in order to create a better overview.
Worksheet 4.5 EXAMPLE: Deriving the fields of action from the as-is analysis
This worksheet is used to identify the fields of action from the as-is analysis:
Fields of action are all areas from the questionnaires that scored worse than 2.
have
Field of action Description of the field of action
Demand management Here, particularly, the missing role of the demand or

manager's requirement, the associated interface to the
department, which is not yet optimally structured and not
define from the tasks and roles.
Service management So far, only in the context of outsourced data center services
from the provider best-practice processes according to ITIL;
urgent need for professionalization in service management.
In particular, the service desk with
Hotline and ticket system must be improved
IT governance structures These are still missing to a large extent (part of the
organisational problem of Produktio weltweit GmbH).
Sourcing strategy Within the Scope of Sourcings, there are problems to identify
with current Providers that need to be viewed within the
Scope of Sourcing-Strategy.
Roles & Responsibilities Roles and responsibilities must be clearly defined and
delineated
IT controlling There must be an IT controlling incl. efficient cost- and

Performance accounting can be set up
Compliance All compliance issues must be fundamentally built
Project Management Standards and training courses are still missing here, which
must be established at Produktio weltweit GmbH in order to
successfully carry out projects according to clear standards.
can.
It becomes very clear in this first step of the actual analysis that some fields have to be
looked at more closely and improved at Produktio weltweit GmbH. It is also clear that
the scope definition of the project made in the preparations must be extended by the
eight fields of action shown in worksheet 5.
But enough of the example: The questionnaires follow in the form of worksheets for
your very individual actual analysis.
IT Processes Questionnaire
IT Process 1: As-Is Analysis for Project Management
Worksheet 4.6 Questionnaire IT Processes - Project Management
1 How often have IT projects failed (in terms of More than 50% Max. 10% [5] Not at all [10]
budget or schedule overruns) in the past five [0]
years?
2 Is there a dedicated project management No [0] Yes, but not yet Yes, fully
office? Do all employees receive ongoing established [5]. unctional and
training on project management topics? provides good
support [10].
3 Is there a project plan that can be viewed by No [0] Yes, in part [5] Yeah.
everyone involved in the project, that is Proven [10]
comprehensible and structured according
to standardised rules?
4 Does the monitoring follow clearly regulated No [0] Yes, rules and Yes, rules and
procedures and known and functioning escalation pathways escalation paths
escalation paths? are partially are clearly
functional[5]. defined [10].
5 Is there a clear commitment of the top No [0] Yes, in part [5] Yes, very
management to the projects and a proven professional [10]
change and scope management?
Total points
Total sum of all points
Total score for the network diagram according

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
IT Process 2: As-Is Analysis for Demand Management
Worksheet 4.7 Questionnaire IT Processes - Demand Management
1 Does Demand Management work out solutions No [0] Yes, in part [5] Yes, available
with Supply Management at an early stage? [10]
2 Does the Demand Manager exist as a No [0] Yes, but not yet Yes, established
standalone role? established [5]. role and
accepted in
business [10].
3 Is the interface between the department No [0] Yes, in part [5] Yes [10]
and IT standardized?
4 Does the demand management team provide No [0] Yes, in part [5] Yes [10]
proactive advice and demonstrate a high level
of business know-how?
5 Do the departments have a clear and well No [0] Yes, in part [5] Yes, very
communicated input channel for requirements? professional
[10]
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
IT Process 3: As-Is Analysis for Supply Management
Worksheet 4.8 Questionnaire IT Processes - Supply Management
1 Does the supply management provide No [0] Yes, in part [5] Yes, completely
requested resources flexibly and quickly? established [10]
2 Are IT solutions standardized, modular and No [0] Yes, in part [5] Yes, all IT
sourcable? solutions are
standardized,
modular and
sourced [10].
3 Is there a separation between application No [0] Yes, in part [5] Yes,

deployment and operations? professionally
established [10]
4 Does Supply Management offer services as No [0] Yes, in part [5] Yes, it is done
services? on the basis of
professional
services [10].
5 Are the transition and interface between No [0] Yes, in part [5] Yes, very
demand and supply organization transparent professional
for all and clearly defined in one document? [10]
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
IT Process 4: As-Is Analysis for Service Management
Worksheet 4.9 Questionnaire IT Processes - Service Management
1 Are the service management processes No [0] Yes, some of Yes, completely
according to ITIL standardized? them are the according to ITIL
service standardized
Management or to the own
Processes needs completely
established, ITIL oriented
but not yet [10]
universal
Everywhere [5]
2 Are IT operations based on standardized No [0] Yes, in part [5] Yes, already
Service Design Processes (Availability entirely after
(service availability), Continuity (restoration ITIL
of services in emergency) and Capacity standardized
Management (planning/monitoring of the [10]
essential resources))?
3 Has a professional Service desk with hotline No [0] Yes, in part, but Yes, fully
and ticket installed? there are still established and
Improvement- in business
potential [5] Accepted [10]
4 Do you work on the basis of clearly agreed No [0] Yes, in part [5] Yes, fully
service level agreements with suppliers established and
and internally with customers? in business
Accepted [10]
5 Are standardized service operations processes No [0] Yes, in part [5] Yes, very
(incident, problem, change and release professional on
management) used? the basis of
ITIL [10].
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
IT Process 5: As-Is Analysis for Quality Management
Worksheet 4.10 Questionnaire IT Processes - Quality Management
1 Is there an IT quality and security administrator No [0] Yes, but not a Yes, the role is
in the company? stand-alone role 100% established
or only involved (as an FTE) and
in it to a certain recognized [10].
percentage [5].
2 Is documentation on IT processes and No [0] Yes, but not a Yes, available

software development specifications available? stand-alone role and are subject
or only involved to regular review
in it to a certain by the IT
percentage [5]. management [10]
3 Is the source code created for essential No [0] Yes, in part [5] Yes, is constantly
applications complete and reviewed so that verified [10]
third parties can make changes and
enhancements?
4 Are IT projects subject to clear quality criteria No [0] Yes, in part [5] Yes [10]
and are these monitored and checked?
5 Are there quality standards for IT performance No [0] Yes, in part [5] Yes, very
and services vis-à-vis the department? professional
and accepted
in the field [10].
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
Questionnaire “IT Governance, IT Organization and IT Employees“
As-is Analysis of IT Governance Structures
Worksheet 4.11 Questionnaire IT Governance - Governance Structures
1 Is the IT governance structures for COBIT- No [0] Yes, in part, Yes, COBIT is
framework installed or are clear individual but it's still full
standards in use? not complete implemented
[5] or Yes, there are
clear standards
in the area of IT
governance are
in place [10].
2 Are IT governance processes aligned with No [0] Yes, in part [5] Yes, completely
overall corporate governance? coordinated with
each other [10]
3 Do IT governance processes ensure that the No [0] Yes, in part [5] Yes, very
risks posed by IT in the company are comprehensive
minimized?
[10]
4 Does an IT portfolio management exist and No [0] It is being worked Yes, fully
is it established? on [5] established and
will also
regular
verified [10]
5 Does IT innovation management identify and No [0] Not regularly and Yes, very
evaluate business and technology trends? only on certain professional [10]
occasions [5].
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
As-is Analysis of Sourcing Strategy
Worksheet 4.12 Questionnaire IT Governance - Sourcing Strategy
1 Is a fully formulated sourcing strategy No [0] Is in progress or Yes, a

available? not anymore Sourcing-
current [5] Strategy is in
place and
is also lived
[10]
2 Is the management of external suppliers based No [0] Yes, in part [5] Yes, very
on standardized processes? professional [10]
3 Do the contractually defined pricing models No [0] Depending on Yes, applies

with suppliers correspond to actual usage and supplier and to all suppliers
they are variable (for example, via "pay-per contract [5] and contracts [10].
-use")?
4 Is there an overview of whether services have No [0] Yes, partly Yes [10]
been purchased in line with benchmarks? (depending on the
supplier or
service) [5].
5 Exit clauses are included in the contracts with No [0] Depending on Yes, for all major
suppliers to allow flexible switching to another supplier and suppliers/vendors
supplier at no extra cost. contract [5] available
[10]
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
As-is Analysis of Roles and Responsibilities
Worksheet 4.13 Questionnaire IT Governance - Roles & Responsibilities
1 Are there role descriptions for all employees No [0] Yes, in part [5] Yes, available
in your IT organization? and up to
date [10].
2 Are reconciliations between line and No [0] Partial Yes, established

Project organization clearly regulated? (Documents Sync and
are partly in corrections by
Work or just Rafael
restricted documents are
present) [5] present [10]
3 Are there clear role descriptions for project No [0] Yes, in part [5] Yes, role
organizations? descriptions are
for Projects
compulsory
and present[10]
4 Is the role of the CIO/IT manager in the No [0] Yes, but Yes, clearly
Management and the 2. partly not defined,
management level are clearly defined and are communicates delimited and
Delimitations to other roles from the or in process known on FB
Department defined? or not quite and accepted
clearly defined [10]
and not known
in the department
[5].
5 Is the role of IT clearly defined in the form of No [0] Yes, in part [5] Yes, very
an IT vision or through marketing/newsletters professional [10]
in the company?
Total points

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
As-is Analysis of Business-IT Alignment
Worksheet 4.14 Questionnaire IT Governance - Business-IT Alignment
1 Are there regular meetings with agendas No [0] Yes, in part [5] Yes, present
and follow-up on open issues between without
departments and IT? significant
exception [10]
2 Are the soft factors (e.g. mutual trust, No [0] Yes, to some Yes, very well
understanding and respect) present between extent, but not pronounced [10]
IT and department ? yet established
[5].
3 Is there job rotation between departments No [0] Yes, but only Yes, that will
and IT in the company? in very small through IT and
scale [5] Department
intensive
promoted and
used [10]
4 Are common training courses held for No [0] Yes, but relatively Yes, many
departments and IT? rarely and only issues are being
too completely shared
special brought forward
Topics [5] and trained
[10]
5 If the business processes of the No [0] Yes, in part, but Yes, there is a
business department and IT are jointly only very constant
created/modelled and constantly on the irregular Exchange and
kept up to date? and only after a panel for
Solicitation [5] Processes
and/or roles,
that the daily
live [10]
Total points
Overall rating for the network diagram according

to the legend (0–10=1; 11–20= 2; 21–30=3; 31–
40=4; 41–50=5)
As-is Analysis of Employee Development
Worksheet 4.15 Questionnaire IT Governance - Employee Development
1 Is there a strategy or a No [0] Is in progress or it Yes, a strategy and

human resources development gives ideas and first Documents with
concept for IT staff Concepts [5] Milestones and
ToDo's for the
Personnel development
are available [10]
2 Are advanced training courses No, there's no Yes, there will be Yes, professional
in the technical area offered for such thing as training in the training has
all IT- Employees offered? none specialist area a high importance
Further training offered, but and it it is tried
in the technical not for all or to get all associates
Range [0] only for selected thereon share [10]
Employees[5]
3 Do further trainings also take place No [0] Yes, in part [5] Yes, that's encouraged
on the level of soft skills (for and there are further
example in the area of training in other fields
communication skills)? [10].
4 Are there transparent career No [0] Yes, in part [5] Yes, there is leadership
development stages with training and career
associated leadership training? planning [10].
5 Does appraisal and objective No [0] Yes, but not for Yes, very professional
agreement takes place regularly all employees or and regular
with all the employees? the targets have implementation, and
no direct Testing with
Impact [5] Consequences [10]
Total points
Total score for the network diagram

according to the legend (0–
10=1; 11–20= 2; 21–30=3; 31–40=4;
41–50=5)
Technology Questionnaire
As-is Analysis of Architecture Management
Worksheet 4.16 Technology Questionnaire - Architecture Management
1 Is the role of the "IT architect" No [0] There is no direct IT architect Yes, the role of the
established in the company? with a clear role description "IT architect" has been
for architecture management, described, filled and
but other roles take on these established [10].
tasks as well [5].
2 Is IT architecture management No [0] Yes, but not yet established Yes, more established
a constantly recurring and [5] Process [10]
established process of the IT
organization?
3 Is an overview of Cloud IT systems No [0] Yes, in part, shadow systems Yes, the shadow
( created without official IT support are known, but there is no systems are largely
or purchased IT-Systems in the clear plan to Replacement known...
department) available and is or only partial [5] and there's a
working in intergration with this replacement plan
Cloud-systems frame of the [10]
IT-Architec
4 Is the replacement of existing No [0] Yes, legacy systems are Yes, legacy systems
legacy systems integrated into known for the most part, are well known, and
the IT architecture planning and but a replacement strategy they are already being
is there a clear plan by when is not yet established or used with a clear
these are detached? only in progress [5] strategy on
of replacement
worked [10]
5 Is the technical and professional No [0] There is an overview of all Yes, all IT systems
"State of health" of all IT systems and also a are regularly
systems are sufficiently known Assessment of the reviewed and it
and is this regularly checked? "state of health," but measures are taken
this is not a regular derived or the
Process involving impacts Development plan
or changes to the adapted in case of
development plan [5]. problems[10]
Total points
Overall ranking for the

Network diagram according to
legend
As-is Analysis of IT Security and Disaster Recovery Management
Worksheet 4.17 Questionnaire Technology - IT Security & Disaster Recovery
1 Is there a detailed IT Security No [0] Yes, in part [5] Yes, available and will
concept in the company and is regularly checked and
the implementation of IT Measures or
Management checked and consequences of this
enforced? derived [10]
2 Is there an IT security officer? No [0] The role is not explicitly Yes, role is described,
so named, but the tasks defined, filled and
are performed by established in the company
Employees [10]
Perceived [5]
3 Are there binding targets for the No [0] There are Yes, they are binding targets
IT security, which is supported by Catalogues of measures defines for IT security, which
the management supported and concepts, but a known to the UN leadership
and regularly reviewed clear definition and and supported by her and
become? Strategy adopted by the be verified [10]
UN leadership supports
does not exist [5]
4 Is there an emergency plan/ No [0] There are documents on An emergency plan as well
disaster recovery process in this and staff who could as the process with
place that is tested regularly? work through an instructions on what to do in
emergency plan, but no case of an emergency is
Tests and clear known. There is a
Binding responsible persons and a
Instructions [5] Emergency is regularly
tested/practiced. [10]
5 Are the processes in the area of No [0] Employees take care of it, Yes, the processes are
Availability Management (ensuring but a clear standardization standardized, documented
and optimizing service availability) with responsibilities and and a responsible person
and the Continuity Management clear instructions does not explicitly takes care of them.
(restoring the most necessary exist [5] [10]
services in the event of a disaster)
standardized?
Total points
Overall ranking
As-is Analysis of IT Infrastructure and IT Operations
Worksheet 4.18 Questionnaire Technology - Infrastructure & IT Operations
1 Are all IT infrastructure end devices No [0] Yes, there are standards, Yes, clear standardization
in the company, such as but they have not been in place with no significant
notebook/desktop, monitor, met everywhere [5]. exception [10].
mouse, keyboard, etc., available?
standardized?
2 Is there monitoring with clear No [0] Monitoring takes place Yes, monitoring is in place
warning and testing mechanisms by staff, but there is no with clearly defined
for the data center so that errors monitoring software or processes to monitor the
can be detected and corrected automated processes for data center and provide
at an early stage? monitoring [5]. early alerts.
[10]
3 Are the servers virtualized No [0] Partly there are virtualized Yes, there is a clear strategy
where possible? servers, but there is no as to when servers will be
strategy [5]. virtualized and this is already
implemented or in progress
with a
Action Plan [10]
4 Are functional backups available No [0] There are data backups, Yes, there is a defined data
for all the servers and is this but they are done backup concept with
safety mechanism constantly manually by employees automated safety
audited and maintained? and not automated [5]. mechanisms that are
checked and tested.
5 Is the load on the servers No [0] Known to a large extent, Yes, the load is always
consistently analysed, are load but no clear strategy to tracked and has warning
peaks known and avoided avoid load peaks [5]. mechanisms on an
as far as possible? automated basis. This
process is tested regularly
and load peaks can mostly
be avoided be [10]
Total points
Overall ranking
As-is Analysis of Master Data Management
Worksheet 4.19 Technology Questionnaire - Master Data Management
1 Are there master data managers No [0] There are employees in Yes, the role of the master
in the company? IT and/or in the business data manager is regulated
department who take care and clearly defined for all
of this "on the side" [5]. data region. The responsible
persons have a committee
for exchange and have clear
role descriptions of their
tasks.
2 Are there uniform rules for data No [0] In part [5] Yes, the regulation and
management? handling of data is defined
and documented
[10]
3 Are there clear rules and master No [0] Only in part [5] Yes, the regulations are
data processes per IT application defined, documented and
that determine which employee established per application
can access which data and when? [10].
...on?
4 Are there key figures and No [0] Only very irregularly and Yes, key figures and
checking rules that are used to not according to clear, checking rules are available,
check the data quality in the recurring rules [5]. documented and regularly
systems at recurring intervals? applied to check data quality.
From this
Measures derived. [10]
5 If applications are used that Is in progress and Yes, professionally set up

automatically check master applications are being [10]
data management (MDM), tested but not yet in
automatically check data use [5].
quality (data profiling) and
eliminate errors in master
data according to predefined
rules (Data
Cleansing)?
Total points
Overall ranking
As-is Analysis of Software Development
Worksheet 4.20 Questionnaire Technology - Software Development
1 Questionnaire Technology - No [0] Yes, in part [5] Yes, are available and
Software Development established [10]
2 Are detailed requirement and No [0] Yes, but not yet Yes, specifications are
functional specifications used consistently everywhere obligatory according to
in all IT software projects as and not at the desired clear standards and are
the basis for the maturity [5]. subject to testing and
Programming requested? acceptance.
[10]
3 Are the development environment No [0] Partially yes (depends Yes, there are clear
and software technologies used on applications or regulations and standards
up to date? staff) [5]. [10].
Booth?
4 If the source code has been No [0] Not for all applications, Yes, for all applications the
deposited with a third party but partly yes [5]. source code is available in
so that in the event of an case of emergency [10].
emergency or insolvency of
the supplier, a Further
development is possible?
5 Is the documentation of the No [0] Only partly (depending on Yes, clear rules and
software also included in the Application) [5] standards for source
source code so that third parties code documentation and
can continue to work on it? review and measures [10]
Total points
Overall ranking
Worksheet 4.21 Questionnaire Finance - Optimal Cost Structures
1 Is the cost management of IT No [0] Yes, but is still partly a Yes, clear standards in cost
subject to clear rules according work in progress or accounting are in place [10].
to cost centres, types of cost immature [5].
and carriers?
2 If budgeting uses a No [0] Yes, but not yet 100% Yes, clear regulations that
breakdown that differentiates mature [5]. present clear delineations
IT areas transparently (e.g. of costs and allow for
according to projects, operations, comparisons [10].
Personnel, licenses, etc.)?
3 Are regular TCO analyses No [0] Yes, but not for all Yes, TCO analyses are
carried out and are the Areas [5] mandatory and subject to
benchmark-appropriate price clear regulations [10].
and /Cost structures of the IT
Resources known?
4 WHave the cost drivers in No [0] Cost drivers are known to Yes, cost drivers are also
IT been identified, are they management, but a cost known in the UN
regularly reviewed and if reduction program is not management and a
necessary: are cost reduction professionally established professional cost
programs implemented? [5]. management with constant
urden die Kostentreiber in der view on possible
Savings established [10]
5 Do regular cost optimizations No [0] Only when one comes Yes, there are regular cost
take place in IT? across it and in the case optimization rounds and
of new acquisitions is clear guidance on business
attention paid to the price; cases [10].
but there is no systematic
optimisation procedure
[5]
Total points
Overall ranking
Questionnaire “Finance and Compliance“
As-is Analysis Optimal Cost Structures
Worksheet 4.22 Finance Questionnaire - IT Controlling
1 Can the company management be No [0] Yes, but not ad hoc and Yes, a management report
provided with information on the the metrics are not agreed can be prepared at any
key IT figures at any time? with UN management [5]. time on the basis of known
and agreed key figures.
are generated [10]
2 Have specific IT key figures and No [0] Metrics exist, but not Yes, there are systematic
KPIs been defined for all IT consistently for all and recurring audits of key
systems, IT operations and IT services, nor are they performance indicators for
projects, and are these defined systematic [5] essential IT services [10].
recurrently and systematically?
checked?
3 Is there a monitoring and reporting No [0] Monitoring is carried out Yes, there is a monitoring
system - for example based on once a year during system / a BSC, with which
an IT balanced scorecard? budgeting [5]. the costs and key figures
are regularly audited [10].
4 Will deal with profitability No [0] Yes, but not for all projects Yes, there are clear rules
calculations in IT, especially for or schemes and if so, not for business case creation,
new IT projects/IT projects according to clear rules which are reviewed by
worked? [5]. management and
is released. [10]
5 If the process costs of the IT No [0] Yes, but only for selected Yes, all IT processes with
processes are known and can be areas and not costs are known and
these are actively controlled? systematically[5] are controlled [10]
Total points
Overall ranking
As-is Analysis Compliance
Worksheet 4.23 Finance Questionnaire - Compliance
1 Is a continuous No [0] Yes, but only in part Yeah, a standardized

Compliance process according to and not standardized Process for compliance
COBIT criteria available? [5] is available [10]
2 Has a license management been No [0] Licenses are managed, Yes, there is a license
established? but there is no complete management tool with an
overview with audit audit function and overviews
function [5]. of who has which licenses
and how much they cost.
these are [10]
3 Is GDPdU-compliant archiving No [0] For the essential areas Yes, for all areas exactly
of all necessary documents yes, but not across the according to GDPdU
guaranteed? board professional [5] regulations [10].
4 Can it be ensured that all software No [0] For the essential core Yes, this is demonstrable
products used in the company systems yes for all applications [10].
were also legally acquired?
5 Does the company have a data No [0] Yes, but outdated or in Yes, up to date and
protection policy in place to progress [5]. approved by management
ensure that all data is [10].
be protected?
Total points
Overall ranking
Evaluation of the Questionnaires: Creation of the as-is Maturity Model
Please transfer the points achieved per questionnaire to the following worksheet 2.24 in
order to obtain an overview of the points per subject of investigation.
Worksheet 4.24 Overall evaluation of the as-is analysis
Please transfer now the achieved points per questionnaire into the following table to get a
total overview of the points per survey item
Phase / object of investigation Points
IT processes
Project Management 2
Demand Management 1
Supply Management 3
Service Management 2
Quality Management 4
IT governance, IT organization and employees
IT Governance Structures 2
Sourcing strategy 1
Roles & Responsibilities 2
Business-IT Alignment 3
Employee development 3
Technology
Architecture Management 4
IT Security and Business Continuity Management 3
IT infrastructure and operations 3
Master Data Management 3
Finance
Optimal cost structures 3
IT controlling 2
Compliance 2
For better overview, the results can be transferred to the pre-formatted network diagram
in the following worksheet 25.
Worksheet 4.25 Evaluation of the as-is analysis in a network diagram
Please transfer the points from the questionnaires into the network diagram
Project Management
Compliance 5 Demand Management
IT controlling Supply Management

4
Optimal cost structures 3 Service Management
2 Quality Assurance and

Software development
Management
1
IT Security & Business

Continuity Management
Employee development
Worksheet: Derivation of the Areas of Action from the Status Quo

Analysis
Once the results of the status quo analysis of IT are available, the areas of action can be
relatively easily derived from the identified weaknesses and refined in steps 2 and 3:
Worksheet 4.26 Overall evaluation of the as-is analysis
This worksheet is used to identify the action fields from the Ist-analysis:
Action fields are all areas from the questionnaires that scored worse than 2.
Field of action Description of Action Fields

Conclusion Step 1
Before a strategy can be developed, it must be known what the starting point and the
basis is from which it starts. By answering the questionnaire in the four categories, many
insights have certainly already ripened, which may have been dormant, but are usually
only brought to light through intensive dealing with questions. Therefore, the completion
of the first step was also characterized by a first derivation of areas of action. These give a
quick first impression of what the priorities in the development of the IT strategy can be.
The three most important personal thoughts, insights, key words for the status quo
analysis of IT:
Step 2: Analysis of the Corporate
Strategy and Derivation of Challenges
for IT
Abstract
After an overview of the current maturity of the IT organization and IT processes has
been created in the first step, the derivation of concrete action plans for IT from the
corporate strategy and departmental bottlenecks follows.
First, the corporate strategy is examined in more detail. As a result, possible inno-
vation potentials for IT are identified together with corporate management. This
results in the formulation of an IT vision that roughly defines the action plans for IT,
i.e. the direction of travel for IT is roughly outlined.
In this second step, things are getting a little more concrete by examining the bot-
tlenecks and problems of the departments together with the department heads with a
view to optimizing them through IT systems.
“You just have to derive the IT strategy from the corporate strategy,” many consultants
say. But it’s not that simple. The following diagram in Fig. 1 is intended to show what a
procedure for deriving the IT strategy might look like. This is done very simply and only
provides a schematic representation of the dependencies of the various planning levels.
Fig. 1 shows quite clearly that any planning basis is based on the corporate strategy,
from which the business processes are then formed. IT is a kind of support in the form
of automated processes by IT applications. These applications find their echo in the IT
strategy and are supported by the sourcing and budget strategy. This clarifies how the
applications are financed and who operates them. At the lowest level are the planning
tools for implementing the IT strategy: The IT roadmap and the IT strategy cockpit for
controlling and adjusting the IT strategy over time.
As already described in the introduction, the IT strategy is a sub-strategy of the corpo-
rate strategy. It should therefore not be developed separately from the corporate strategy.

100 Step 2: Analysis of the Corporate Strategy and Derivation …
UN- Derive action lines for IT from UN strategy

Strategy
Business Basis for the architectural decisions

processes
Application landscape developed together

with the specialist departments on the
IT application strategy basis of the business processes
How and by what means is the

Sourcing strategy IT strategy implemented
Tools for planning and
IT Roadmap | IT Strategy Cockpit Implementation of the IT strategy
Fig. 1  From the UN strategy to the IT strategy
u The IT strategy does not derive from the existing departmental processes, but from
the corporate strategy. This is a big difference, because the departmental processes
can change from one day to the next due to internal restructuring, external pres-
sures such as legal changes or new products/services for customers. Part of them
may not fit the corporate strategy at all. The corporate strategy, on the other hand,
is based on solving specific bottlenecks, problems or needs of a target group (the
customers) and has a much longer time horizon than internal processes as a busi-
ness model. It is therefore a much more solid basis for a sustainable IT strategy
that should also be valid tomorrow.
It is only important that a corporate strategy exists which is still valid in 5 years. Because only
then can the IT investments be worth it in an optimally coordinated IT system landscape.
The connection between corporate strategy and IT strategy shows once again very
clearly the way the IT has to go: From the rather technically shaped delivery unit to a
modern organization which, together with the specialist departments, directly analyzes
the bottlenecks and problems of the customers and offers IT innovations to solve cus-
tomer problems. It is of enormous importance that the IT organization “goes out”—not
only to the specialist department, but together with the specialist department to the cus-
tomer on site, in order to better understand problems and bottlenecks. Only then will a
sustainable IT strategy be possible and implementable.
So how do you proceed now to derive the challenges for the IT organization from the
corporate strategy? Especially if there is not even a detailed written corporate strategy?
In step 2, the already familiar “Produktio weltweit GmbH” will again serve as an
example to illustrate the individual chapters.
Internal and External Influencing Factors 101
The Starting Situation
Before the analysis of the corporate strategy begins in order to derive the possible chal-
lenges for IT, the starting situation of the company should be described. This then forms
a kind of basis on which the considerations for the IT strategy are based.
The starting situation includes the description of the current situation of the company.
The answers to the following questions can be exemplary for the current status quo:
• What are the current big challenges for the company?

• What is currently going well, what is going less well?
• How does the management see the current situation?
• How is the current market situation assessed?
• Who are the biggest competitors who are currently costing market share?
• How is the situation of the customers or target group to be assessed?
• Are there any current legal conditions or other environmental conditions that are dis-
turbing or difficult to handle?
• Is the company currently in a special situation of change? (for example, after a change
in leadership, after major acquisitions or in economically difficult times)
• Are the employees currently more satisfied or are there major problems that lead to a
high turnover?
Answering these questions can give a first impression of where the company is currently
located and how it is currently standing in the market.
The starting situation for Produktio weltweit GmbH is shown in Fig. 2 as an example.
Internal and External Influencing Factors
As already stated at the beginning of the book, there are few companies that have a
mature and written corporate strategy. Strategy has been a buzzword for years that is eas-
ily taken for granted—also for decisions and procedures that do not yet characterize a
clear strategy. Often these are only general target directions: “We want to become market
leaders!” or “We want to provide our customers with the best service!”
Therefore, first an excursion is made to the topic of corporate strategy, which will pro-
vide an important basis for the development of the IT strategy.
The Corporate Strategy
In business administration, corporate strategy is described as the long-term orientation of

a company. It serves to achieve set goals. A clear definition of strategy cannot be found
in the scientific literature. This is mainly due to the fact that the early definitions of a
On the procurement side, the sharp rise in raw material prices and the
associated weaker margins are having a negative impact.
A big challenge are the very different processes in the foreign plants
(esp. finance/HR, production/logistics)
The legal measure to be mentioned is the introduction of SEPA, which is

critical due to the large number of suppliers and customers.
The long-time managing director of finance is retiring in 6 months. The

successor has already announced that the IT costs are too high for him.
There is a big problem in recruiting good employees in the foreign locations

and the German colleagues do not want to stay there permanently.
Fig. 2  The starting situation of Produktio weltweit GmbH (Example)
strategy were based on the principle of future planning. Planning and future are things
that we do not know and cannot anticipate. Therefore, a strategy that is based on these
unknown variables is always a look into the crystal ball and thus not sufficient for the
guidelines of a company. This was confirmed at the latest by the well-known strategy
guru Henry M. Mintzberg in the 1980s.
If we cannot look into the future, how should strategies for the future arise?
Henry Mintzberg: “Our conclusion is that strategy proceeds on two legs—one delib-
erate and the other emergent” [32]. Emergent in this context means that the behavior and
decisions of executives lead to strategies that were never fixed in writing and that a strat-
egy develops from the daily decision complexes of a company on its own. This also fits
his statement that strategy “[…] is a pattern in a stream of decisions […]” [32].
The other leg mentioned by Mintzberg—the deliberate leg of the strategy—corre-
sponds to planning, that is, setting goals. Derived from this, one could regard strategy
according to Mintzberg as the setting of goals plus the daily decisions.
Other strategy experts take another factor into account when it comes to developing a
strategy: the so-called external factors. These are the environmental conditions of a com-
pany, such as competition, legal framework conditions, suppliers, customers or target
group.
Over time, various methods and models have arisen from these factors, with the help
of which a company strategy can be developed. These methods are briefly introduced
below with their essential content, as they represent an important basis for recognizing
possible challenges for IT.
The Boston Consulting Group Matrix

The Boston Consulting Group Matrix (BCG Matrix or BCG Portfolio) is such an instru-
ment of strategic planning. It serves the analysis, evaluation and orientation of products
or strategic business units (SGEs) on the basis of a portfolio. It was developed by the
namesake Boston Consulting Group (BCG).
The two criteria and axes of the portfolio are market growth and relative market share
(market share compared to the largest competitor). From the classification of the prod-
ucts or SGEs in the 4-field matrix of the portfolio, recommendations for action can be
derived for the strategic orientation of the company (the background of this consideration
is the product life cycle as well as the experience curve from business administration).
These 4 fields of the BCG matrix include different recommendations for action, so-
called standard strategies, which are shown in Tab. 1.
Fig. 3 shows the BCG matrix with the four fields and the associated action recom-
mendations as well as four fictitious example products (based on Schawel/Billing [34]).
It is important to know that the BCG matrix can only ever represent the currently
valid status of the products or SBUs on the market and that the action recommendations
Tab. 1  Action recommendations/standard strategies BCG matrix

Field of the Action recommendation or standard strategy
BCG matrix
Question Question marks are characterized by a low market share in a rapidly growing mar-
Marks ket. The product or SGE is in the introductory or early growth phase and is associ-
ated with high risks as well as high opportunities. The goal is to increase market
share. However, the generated cash flow is not sufficient to finance the required
growth. The product or SGE can develop into stars or poor dogs. The selection
strategy is recommended as a standard strategy. Promising business units should be
developed into stars through investments, and less promising business fields should
be considered for market exit.
Stars Stars are in the growth phase and are characterized by a high market share and high
market growth. They have a high need for financing, which they can finance to a
large extent themselves. The investment is recommended as a standard strategy in
this field in order to maintain or increase the market share.
Cash Cows Cash cows are products or SGEs with a high market share in a mature market
with low growth rates. Due to their favorable market position, they generate cash
surpluses due to low costs and low investments, which should be used for other
business areas.
Poor Dogs Poor dogs are products or SGEs with a low market share placed in slowly growing
or stagnant markets. Due to their unfavorable cost position, they usually generate a
negative cash flow and no longer or only marginally contribute to the success of the
company. Accordingly, the disinvestment is recommended as a standard strategy.
Question Marks (High Potential) Stars (Strategic)
Product
5
Product 2
Market growth
Product
Product 4
1
Poor Dogs (Support) Cash Cows (Key Operational)

Relative market share
Fig. 3  Example of a BCG matrix
must be derived as described above. The so-called standard strategies per matrix field
serve as support for this, as shown in Fig. 4 (based on Schawel/Billing [34]).
It becomes clear that the BCG matrix can very quickly create transparency with
regard to the market situation of one’s own products or SBUs. With the help of the stand-
ard strategies, a strategy can also be derived in a simple way (namely expanding, main-
taining, harvesting or divesting a product or SBU).
This simplicity has weaknesses such as the limitation to only two decision criteria
(market share and growth), the non-consideration of competitors and the limitation to
only four fields, which can lead to inaccuracies in market definition.
Nonetheless, the BCG matrix is still a popular tool to quickly and easily get a strate-
gic snapshot. Therefore, it is particularly well suited for the purpose of developing an IT
strategy. It quickly shows which products or SGEs will develop in the future due to the
standard strategies. This makes it possible to better decide where IT investments should
flow in the future and which IT services will be needed to optimally support the stars
(stars).
Fig. 5 shows by way of example, based on our fictitious company Produktio weltweit
GmbH, how the BCG matrix is set up. It is very easy to see that the now established
“MP3 interface” for car radios or multimedia units in the car is very well accepted on
the market and is therefore represented as a “cash cow”. The “Head-Up Display” is still
a relatively new invention, but it is no longer a “question mark”, but has developed into

Selection strategy Investment strategy
• Select promising products • Strengthening competitive advantages
• Expansion investments
• Place sufficient number of stars
• Eliminate products with no
• Stars bring future cash flow
chance of success
Market growth
Divestment strategy Skimming strategy

• Investments do not make sense • Use surplus for renewable products
• Giving capacities to other products • Sufficient number of cash cows to
• Eliminate if cash flow is negative have cash flow for question marks
and stars
• Financial resources only to secure
market position

Fig. 4  BCG matrix with standard strategies
Auto-
integration
Head
Market growth
Up
Display
MP3
Car radio
Interface
"OldStyle"

Fig. 5  BCG matrix for Produktio weltweit GmbH (example)

a “star” with the best prospects of becoming a “cash cow”. The size of the circle always
shows the turnover per product. The “car radio OldStyle” is a typical candidate for
divestment as a typical “poor dog” that has come of age and is replaced by more innova-
tive and modern products. The “app integration”, on the other hand, is a relatively new
invention and must still be seen as a “question mark” with good prospects of becoming a
“star”.
What do we deduce from the positions of the products in the BCG matrix for the IT
strategy?
It is clearly recognizable for the “car radio OldStyle” that it does not have a great
future anymore and that means for IT that in the production facility no investments in
IT automation or optimization have to be made anymore. Good IT personnel should not
be used for such products and there should be a planning of what an exit of the prod-
uct would mean for IT (reduction of computer capacities in the data center, abolition of
applications that are specifically required for this product, personnel reduction or shifting
into other areas, etc.).
The “app integration” on the other hand can become a real hit in the future and that
is why it is important for the IT organization to provide any support for the departments.
Especially because of the bad situation in the production facilities abroad described in
the starting situation, from an IT point of view, an investment in automation and opti-
mization of the foreign plants should be made here. Only then can it be ensured that the
pace can be kept up with the competitors in the further spread of the “app integration”.
An analysis should be made of which employees are needed for such products in IT,
whether they are already available internally, can be developed or have to be newly hired.
The same applies to the “stars” and “cash cows”, the “head-up display” and the “MP3
interface”. Especially for the head-up display, similar considerations apply as for the app
integration. IT should provide any support for the departments. It helps to carry out a
planning together with the departments concerned and to think together about how IT
can help to support the innovative products even better. For example, by pre- or post-pro-
cesses such as automated supply chains or better sales applications. It is also important
to strengthen the production-related control systems that simplify, automate, make safer
and faster the production process.
The BCG matrix provides, as can be seen in this example, a lot of information for
IT. In addition, the BCG matrix is also the basis and source of inspiration for develop-
ing the application strategy in step 3 with its portfolio technique. Because with the help
of the strategic statements of the BCG matrix, not only the product or SGE strategy of a
company can be developed, but also the current and future application landscape can be
examined and underpinned with strategies for the future. This makes it possible to deter-
mine which applications are cash cows, stars or poor dogs. Therefore, understanding the
BCG matrix is doubly important:
• Once to derive challenges for IT from the company’s strategy

• On the other hand, to strategically align the application portfolio in terms of an appli-
cation strategy.
Competitive Strategy (Michael E. Porter)

Competitive strategy is seen as one of the most fundamental theories of strategy for
companies. It has been known since the 1920s, but only found its way into the public
eye through Harvard professor Michael E. Porter in the 1980s. The underlying work
“Competitive Strategy” forms the framework of the strategy, which is defined by how a
company positions itself against the competition.
This can be done in three ways (see also Fig. 6):
1. Differentiation
The differentiation strategy is based on the consideration of the overall market. The
differentiation from competitors is achieved by differentiation in the form of a spe-
cial product or a unique service with which the company differentiates itself from the
competition (differentiated). This can be in the product itself as well as in the market-
ing mix and the slogan (example BMW: “Joy of Driving”) or in the very special sales,
as with Tupperware or Vorwerk, for example.
2. Cost Leadership
Cost leadership also considers the overall market. The differentiation from the com-
petition does not take place here through the product offered on the market or the spe-
cial service, but lies in the internal optimization of all processes and structures. This
makes it possible to keep the costs so low that the market prices can also withstand
the competition and thus a positioning in the market is possible.
Total market
Differentiation Cost leadership

Target market
Submarket
Niche strategy
Special product features Cost advantage
Strategic advantage
Fig. 6  Competitive strategy according to Porter (an example)

Prominent example: ALDI—through hard-nosed optimization of costs and reduction

of the range to only one article per product group
3. Segmentation / Niche Strategy
The segmentation strategy, also called niche strategy, is in contrast to the first two
strategy approaches based on a positioning in the market via the target group. The
whole market is not considered, but the company looks for a strategically favorable
part market and takes over the leadership there by occupying a market niche.
Prominent example: Kärcher and Würth, which occupy a small niche, work on it very
actively and expand it on the basis of the target group’s wishes, but generally remain
true to this niche or rather to this target group bottleneck.
Applied to the development of an IT strategy, it can be considered for each positioning

how the IT has to behave. Tab. 2 shows the implications of the norm strategies focused
on by Porter for the IT strategy.
Tab. 2  Implications of Porter’s standardization strategies on IT strategy. (based on [40])

Standardization Implications for IT strategy
strategy
Differentiation In order to optimally support a differentiation strategy as an IT organization,
the special product or brand features must be considered. How can these special
features be supported by IT? For example, at BMW, the slogan is “Joy of
Driving” and the special thing about it is that there are always more than 20 dif-
ferent axles available from very soft to very sporty suspension for each BMW
model. Always directly adapted to the customer’s feeling to ensure the joy of
driving. IT can support this by optimizing and highly automating processes in
the areas of production and supply chain to ensure that so many variants are
always available correctly and on time. In this case, IT is an important compo-
nent for implementing the differentiation strategy
Cost leadership A company that is strategically established as a cost leader must also pay
attention to economical IT. This usually has the consequence that IT is not very
innovative or cannot be, because IT costs are kept low and automation is only
carried out in the actually necessary areas. Standardization is the means of
choice, because this can save costs due to economies of scale. For example, at
ALDI, no value is placed on large-scale automation and innovation through IT,
but on efficiency and clearly standardized cash registers that bring economies
of scale and thus cost advantages in purchasing and are also easier to maintain
than highly diverse systems
Segmentation / With the segmentation or niche strategy, only a small part of the market is con-
Niche Strategy sidered and the company acts as a specialist or niche provider in this part of the
market. For IT, this often means that standardization is difficult. A very special
solution must be found for the special product, which is not available on the
market and therefore goes hand in hand with in-house development or a high
degree of customization of standard products. This is often expensive, but also
shows the special position in the market that no other company can have
Applied to our example company Produktio weltweit GmbH, it becomes clear that a
strategy is being pursued for a part of the automotive market and a specialization is being
placed on multimedia products or infotainment. Not for cost reasons, but as a differentia-
tion factor. Therefore, one can speak of a niche strategy at Produktio weltweit GmbH. IT
therefore has to map this very special position in the market. Since these are very innova-
tive products, in-house development or strong customization of standard products will
probably have to be resorted to in many areas. This requires very good IT personnel and
a lot of know-how, which must be available to a large extent in-house. Outsourcing to an
external provider is only difficult, as an external provider cannot offer this high degree of
specialization at cost-covering prices.
The Business Processes
After an initial overview of the company strategy has been provided with the BCG
matrix and the Porter competitive analysis, the area of business processes will now be
examined in more detail.
Since a process analysis—depending on the size and complexity of the company—
can be very time-consuming and mostly also an extremely theory-laden undertaking, a
pragmatic approach is taken here. Through special question techniques, only the most
burning “process problems” are filtered out. In order to achieve a further simplification
and to recognize first strategic options for action more quickly, the processes are repre-
sented as in Fig. 7 during the analysis, differentiated according to
• value-added processes,
• standardizable processes as well as,
• Commodity Services.
Pillar 1: Value-Added Processes Strategically challenging is the automation and con-

stant optimization of value-added processes in the company by IT solutions. It forms
the essential pillar of a sustainable business support. Therefore, the topic of business-
IT alignment also starts here. Because only through the efficient cooperation with the
specialist departments of the value-added or business-critical processes can a constant
optimization succeed. Since this task is very company-specific and highly protected,
no outsourcing can take place, but it has to be mapped in-house with very capable
personnel.
Pillar 2: Standardizable Processes Standardizable processes include all administrative

processes, such as finance/accounting or personnel. Compared to competitors, these pro-
cesses do not represent original value creation and should therefore be standardized and
automated with as little effort as possible. The IT management’s strategic goal for such
processes is therefore the automation and harmonization of standard processes that look
1 2 3
IInnovative IT solutions Optimization of

Automation of Commodities
for value-adding standardizable (e.g. IT infrastructure, operations,
processes processes support/helpdesk, procurement/
(e.g. production, logistics, installation of hardware and
(e.g. finance, personnel, etc.)
distribution, etc.) software)
Do not reduce costs Cost reduction Cost reduction

Generate added value possible possible
through IT Optimisation according Optimisation according
Constant optimization to cost/benefit to cost/benefit
Insourcing: Building Outsourcing

Optimize outsourcing
internal competencies optimize
Fig. 7  The three pillars of IT
the same everywhere in the company. Financial and HR processes can be outsourced to
external providers relatively easily as part of “business process outsourcing”.
Pillar 3: Commodity Services The third pillar consists of so-called commodity ser-

vices; these are not business processes in the true sense, but all service management pro-
cesses and tasks in the area of IT infrastructure, such as the operation of a data center,
the help desk/support, the provision of hardware and software, etc. The goal is the opti-
mal and most cost-effective provision of the company with “IT commodity services”.
These are tasks that can be very efficiently organized on the basis of a secured service
management according to ITIL and that can also be outsourced to external service pro-
viders as part of a sourcing strategy.
As already indicated, no detailed business process analysis is required in this analysis
phase, but a pragmatic approach based on the following questions:
• What are the Top3 core processes of the company (value-added processes)?
• How are these supported by IT today and where is there potential for improvement?
• What are the value-added business processes (Pillar 1) and is there potential for inno-
vation through improved IT systems?
• Are there processes in the administrative areas (finance, personnel) that can be stand-
ardized (Pillar 2)?
• Are there external laws or conditions that require changes to certain processes and IT
systems?
• Which processes have to be operated locally and why can this not be done centrally?
• Which knowledge and skills are essential in the value-added processes and which
knowledge in the standardized processes?
• In which value-added processes are innovations to be expected in the future and
where not?
• Which information is particularly important in which processes and in what quality?
• To what extent are the Commodity Services already standardized on the basis of ITIL
Service Management processes? Where are the weak points?
The Fig. 8 shows very clearly on the basis of the three pillars where the challenges lie
in the example of the Produktio weltweit GmbH. The challenges already found in the
context of the competitive strategy and BCG matrix analysis are also listed, which also
reflect on the business process level.
Pillar 1 Pillar 2 Pillar 3

Value adding processes Standardizable processes Commodities
Productions and Supply IT workstation support,

chain Processes Finance, HR/Personnel data center
Standardization and Standardization of Standardization of IT

harmonization of processes accounting processes incl. workstations in terms of
at the foreign sites introduction of SEPA standardized hardware
Creation of a blueprint Uniform ERP system for and software (operating
for logistics and production headquarters and foreign system and office
systems for all foreign locations software) is urgently
locations Archiving of necessary, since today
Customizing or documents in the areas different hardware is used
in-house development of personnel, finance and and different software that
for particularly worklows management makes maintenance extremely
innovative Products complex and expensive
Detailed contribution margin Optimization of the IT hotline
calculation for the products in through the introduction of a
Controlling Customizing ticket system, as today the
ERP and estimation data problems are not recognized
warehouse immediately and many things
are left undone
Insourcing : Building
Outsourcing makes sense Outsourcing makes sense
internal competencies
Fig. 8  Challenges for IT at business process level (example)

Strong specialization of products requires a lot of know-how in the IT sector for the
development or customization of specific production and complex logistics processes. In
addition, an attempt should be made to unify the currently very heterogeneous business
process landscape in foreign locations. These unified processes can then be standardized
to the same extent as possible with the same IT system as a kind of blue-print. On pillar
2 of the standardized processes, the accounting and personnel processes should be uni-
fied and mapped in an ERP system. Here, outsourcing is partly possible. In the area of
commodities (pillar 3), the general direction is always to buy as much as possible from
third parties. But in this case, it is necessary to carefully consider which commodities
should remain in-house due to the high specialization and delivery capability, as out-
sourcing could be too expensive due to the special requirements.
Requirements from the Departments
Requirements from the departments are also of great relevance for deriving challenges
for IT. The aim here is to obtain as comprehensive a picture as possible of the current
bottlenecks and problems from the departments.
This includes structured interviews with department heads in order to better analyze
where the “shoe is currently pressing”. The following questions can help here:
• What do users urgently need in terms of end devices or IT technology in their daily
work with customers?
• Where is a quick collaboration and exchange of information crucial for success?
• Which security requirements must be considered?
• Where is particular attention to be paid to quality?
Based on our example of Produktio weltweit GmbH, the following requirements from
the departments could be:
• In general, all departments mention the topic of “better response times and more qual-
ified answers from the Service Desk/Hotline for PC problems” (this could be a hint at
sourcing problems and the need for in-sourcing of these services or a renegotiation of
service levels with the provider)
• The finance department is pressing for a quick implementation of SEPA
• Finance and HR would like to see a more efficient electronic archiving of contracts
and documents in the areas of HR and accounting
• Regional managers and plant managers would like better support for IT problems at
overseas locations and a better “line” to IT at headquarters
• The production department would like a closer link between production systems
and the ERP system, as there are no automatic interfaces today, but much has to be
entered twice in both systems
Deriving Challenges for IT 113
• Quality management would like an application with which they can see clearly when
which errors occurred and how. Today this is only possible with complex scripts and
cannot be carried out by everyone
• Management would like a better overview of production downtime as well as better
tools in general to have “at a glance” coverage calculations and business cases
Deriving Challenges for IT
The just-determined influencing factors such as the UN strategy, business processes and
requirements from the specialist departments must now be used to derive challenges for IT.
In general, this is the essential point in step 2, in which the findings from the previous steps
must be subsumed and summarized in order to derive first action options for IT from them.
For our example company, Produktio weltweit GmbH, the summarized results are
shown in Fig. 9.
Derivation of courses of action for IT
Problems and bottlenecks

Initial situation Corporate strategy Business processes in the department
Sharp rise in raw Stronger support through Standardization and "Better response times
material prices in-house development unification of processes and more qualified
Poor margins and/or more customizing in the foreign locations answers from the
Working methods and for innovative products Customizing or in-house service desk/hotline
processes in ("Stars" and " Question development for for PC problems."
Foreign locations Marks") particularly innovative Rapid introduction of
very different Possibly insourcing of products SEPA
SEPA introduction commodities to achieve Standardization of Electronic archive.
necessary better product support accounting processes IT problems at the
IT costs too high incl. introduction of SEPA foreign locations
Not enough good Archiving of Documents Closer integration of the
Employees in the in the area of personnel, production systems with
foreign locations finances and creation the ERP system
of workflows Quality Management
Application
Better overview of
downtimes and generally
Management Cockpit
Key action threads for IT stemming from all influencing factors:

Foreign locations: better integration, harmonization of processes and systems, better service
More and better qualified in-house personnel required, possibly also insourcing of certain IT services
More individual IT solutions for innovative products
Standardization/automation in finance, personnel, controlling (SEPA, electronic archiving, Management
Cockpit)
Review IT costs and make them more transparent to avoid savings
Fig. 9  Deriving the challenges for IT of Produktio weltweit GmbH (example)

The IT Vision
An IT vision serves to briefly and concisely represent the strategic guidelines of an IT

organization. It answers the question of “Where do we want to go?” The IT vision is
therefore the first question that should be answered in the context of developing an IT
strategy. The actual IT strategy is, as can be seen in Fig. 10, to be considered as the next
step, with the concrete answer to the questions of “How do we get there?” and “What do
we need for this?”.
The time horizon of an IT vision is therefore also greater than that of an IT strategy,
namely more than 5 years, whereas the implementation as an IT strategy can be planned
for the next 3-5 years.
After the plotlines have been roughly determined and one knows at least what the
challenges, problems and approaches for an IT strategy can be, one takes this as a basis
for formulating the IT vision. Because it is now clear, for example, that one will invest
in new areas at the corporate level and thus have a different customer base; this has an
impact on the business processes, which are moreover not yet as standardized as they
could be. The Commodity Services are already well supported, but still operated inter-
nally and ITIL is only used to a limited extent. It becomes clear that there are still many
homework assignments to be done in IT and new tasks to be added at the corporate level.
> 5 years Where are we going?

IT Vision
How do we want to achieve it?

3 - 5 years IT strategy What do we need to achieve it?
approx. 2 years IT roadmap How do we get there?
monthly Control and

IT Strategy Cockpit adjustment of
the goals
Fig. 10  IT vision, IT strategy and IT roadmap

The IT Vision 115
But what are the advantages of an IT vision and why should this be created before
the final development of the IT strategy? Table 3 provides an initial overview of the ben-
efits of an IT vision, in which the four functions of IT visions are presented based on
Tiemeyer [36].”
In American management, creating a vision is called “visioning” and has its origins
in Gestalt psychology (organizational psychology by Maslow). The idea of visioning is
based on the fact that change processes in companies—especially in IT organizations—
cause fear in employees. This fear can only be reduced from this theory by means of a
positive image of the future (positive futuring).
The development of an IT strategy is always associated with major changes, even to
the point of job loss for the respective employee. The leadership of such large upheaval
processes, from which many employees are affected, can be positively controlled by a
vision. A vision gives the affected employees support and shows them how the future can
look and how they can find themselves there again.
However, it must be ensured that the tension between the vision (“Who we want to
be”) and reality (“Who we are currently”) is not too great. This can not only demotivate
employees, but can also turn into its opposite and do more damage than it helps the IT
organization to move forward.
Therefore, the following 4 maxims must be observed when formulating the IT vision:
1. The vision must be inspiring

2. The vision must be realistic (the tension between vision and reality must not be too great)
3. The vision must be written in the present tense
4. The vision must be communicated
Tab. 3  Advantages of IT visions. (based on [36])

Function Description of the advantage
Orientation function With the help of IT visions, all IT employees, but also the
departments, can get an idea of where the journey is going. This
can create a sense of involvement in a great cause for all those
involved
Motivation function IT visions can create a positive basic mood for IT employees,
which releases motivating forces. The strategic guidelines
become clearer and thus the own task gets a added value in the
context of the big picture; this can be very motivating for many
IT employees
Team development function A “we” feeling develops among all those involved, which makes
it clear that “everyone has to pull on the same rope” and that
something great can be achieved
Function of creativity release The IT vision releases the creativity of the IT employees, which
stands for new impulses and approaches to the tasks
IT Vision
We are partners at eye level for our specialist areas at home and abroad.
We take advantage of the high speed of innovation in IT
for continuous internal further training and are thus the drive and motor
for a sustainable future of Productio worldwide GmbH!
Fig. 11  IT vision of Produktio weltweit GmbH (Example)
Examples of an IT vision can be:
• “IT creates value through close and constructive cooperation with the departments”
• “Satisfied customers in the departments through constant innovation in IT”
Fig. 11 shows an example of the IT vision of Produktio weltweit GmbH
First of all, the following principle applies: Listening is the starting point for a successful
derivation of action sequences from the corporate strategy.
This is how the procedure for developing action sequences looks:
1. Collect information about the company strategy, mission and goals of the overall
company.
2. Prepare workshop with management or executive management.
Involved Step 2
• CIO/IT manager
• Executive management
• First management level IT
• Department/business unit manager
• If necessary, external moderator
Determine the Starting Situation
Worksheet 5.1 Determining the initial situation
What is the current situation of the company? Are there any problems at the moment?
What are the major challenges that the company faces?
Does the Managemnt have a direction and is there a clear goal before the eyes, an agenda or a
stratgey paper ?
What is currently going rather well, what rather badly? How does the management see the current situation?
How is the current market situation assessed? Who are the biggest competitors that are currently costing
market share?
How is the situation of the customers or the target group to be assessed?
Are there any current legal conditions or other environmental conditions that are disruptive or difficult to
are manageable?
Is the company currently in a special situation of upheaval? (For example, after a change at the top
management or after major acquisitions or in economically difficult times)?
Are the employees currently rather satisfied or are there serious problems that lead to a large
fluctuation?
The Corporate Strategy
Worksheet 5.2 Competitive analysis according to Porter
Where is your company currently in the framework of Porter's competitive analysis and
what does that mean?
Please tick the dimension and argue what this means for your company.
Total market
Differentiation Cost leadership

Target market
Submarket
Niche strategy
Special product features Cost advantage

Strategic advantage
Consequences of the current competitive situation:

Worksheet 5.3 3BCG Matrix
Where are your company's products located in the BCG matrix?

What effects does this have or what standard strategy would have to take effect or be adopted?

Market growth

Implications of the BCG matrix and standards strategies:
The Business Processes
Worksheet 5.4 The challenges at GP level
What are the top 3 core processes of the company? How are these supported by IT (potential
for improvement)?
What are the value-adding business processes (pillar 1) and is there innovation potential there?
Are there processes that can be standardized (pillar 2)? Are there external laws or framework
conditions that require changes to certain processes and IT systems?
Which processes have to be operated locally on site and why can't this be done centrally?
Which know-how and which skills are very important for the value-adding processes and which
knowledge for the standardizable processes?
In which value-adding processes can innovations be expected in the future and where rather not?
Which information is particularly important in which processes and in which quality?
The challenges at the business process level:

Requirements from the Departments
Worksheet 5.5 Departmental requirements
What are users urgently missing today in terms of end devices or IT technology in daily
use at the customer?
Where is fast collaboration and information sharing critical to success?
Which safety requirements have to be considered?
Where is it particularly important to pay close attention to quality?
What are the three most important things you want from IT?
The requirements from the department:

Derivation of the Action Strands for IT
Worksheet 5.6 Deriving lines of action for IT
Problems and bottle-

Initial situation Corporate strategy Business processes
necks in the department
Key storylines for IT stemming from all influencing factors:

Conclusion Step 2 123
The IT Vision: Where Do We Want to Go?
Worksheet 5.7 The IT Vision and Mission Statement
What is the IT vision of your company or IT organization?

What is the mission statement of your IT?
The IT Vision:
Mission Statement:
Conclusion Step 2
After a detailed analysis and recording of the internal IT took place in the first step, the
perspective was now extended to the entire company. This is extremely important for the
development of an IT strategy, because the IT strategy should not be a theoretical treatise
far from corporate reality. It is important to directly involve the IT strategy in the corporate
strategy with a focus on all aspects of the company, i.e. the products, services, competitors
as well as the peculiarities of the market or the industry in which it is active. With the help
of portfolio techniques and structured interviews, it was worked out what the important
future questions are and how the IT can support them there in the form of derived action
lines. The round conclusion of this second step was the IT vision, which is supposed to
carry the IT organization as a strong pillar through the upcoming steps of the IT strategy.
The three most important thoughts, insights, key words:

Abstract
After the derivation of the still coarse action strands for IT from the corporate strategy
and the business processes carried out in step 2, the application strategy is now cre-
ated. For this purpose, the already known portfolio and life cycle theories are used
as aids. Together with the management and the specialist departments, analyses and
evaluations of the current application landscape are carried out, which are then con-
densed into a target application portfolio.
The aim of this third step is to show which services and services the IT has to offer
in order to optimally support the corporate and departmental goals. The creation of
the application roadmap serves this purpose at the end of this chapter.
Upon closer inspection of HP and Capgemini’s “Application Landscape Report 2011”,

it becomes clear that applications are becoming a burden, as Computerwoche reports
[14]: “85% of IT managers surveyed complain that their application portfolio needs to be
revised. The deficiencies affect even mission-critical core applications that often rely on
outdated legacy applications.” The urgent question arises as to how IT responsible should
best deal with such an outdated and heterogeneous application landscape? According
to Computerwoche and the study by HP and Capgemini, standardization, consolidation
or replacement are the strategic options for modernizing the application landscape. The
following creation of the application portfolio now takes up this topic of the expanding
application landscape.
126 Step 3: The IT Applications Strategy
Creating the Application Portfolio
In many large companies and corporations, one sometimes comes across more than
5,000 or even 10,000 applications or services 1, but even small or medium-sized com-
panies can sometimes operate several hundred applications for a variety of purposes. To
examine this large number of applications in the strategy process before us and to cata-
log approximately 2–3 pages of details per application would exceed the scope and miss
the goal of a sustainable IT strategy.
Therefore, the focus is on the large and mission-critical applications. However, it can
make sense and is in some cases even legally required to catalog all applications and
applications. This refers to SOX and/or the German-relevant KonTraG (Law on Control
and Transparency in the Corporate Sector) as well as GoBS (Principles for Proper
Computerized Accounting Systems). Detailed information is available in specialized
books.
What are the essential motives for creating and jointly evaluating an application port-
folio with the departments?
• Filtering out so-called “shadow applications” (these are applications that were created
in the departments without involving IT and that are only partially known to IT; often
these are small Access or Excel applications or self-developed web solutions that are
very helpful for the department but were often not documented and can no longer
be requested from the developer. The maintainability of such applications cannot be
guaranteed
• Make isolated solutions transparent: Many applications are in use in the company as
a result of the purchase of companies or company parts, which are “stand-alone”, i.e.
without interface to other core systems, and therefore represent isolated solutions
• The same data and functions are used in different applications (duplicate or multiple
use of data/functions)
• Filter out applications that are based on very different technical standards
• Reveal interface problems and make too complex solutions for connecting all systems
transparent and show architecturally sensible alternatives
• Identification of legacy applications (these are applications that are very outdated)
• Establish transparency with regard to dependencies on applications by certain people
or important IT suppliers.
1
Only applications portfolios will be mentioned below, but if companies work with services
instead of applications, the two terms service and application can be treated the same in this
context.
Creating the Application Portfolio 127
Another big strategic asset of creating and evaluating an application portfolio lies in the
significant reduction of maintenance costs. Because according to a survey by Forrester,
maintaining existing applications consumes 80% of the IT budget in many companies [16].
The goal is therefore to standardize the application portfolio taking into account the
highest possible scalability and flexibility. How and by whom these applications are
operated, for example in the form of SaaS (Software as a Service), is worked out in step
4 as part of the sourcing strategy. In this step it is decided which applications
• can be continued without major changes

• require major changes or
• must be taken out of the portfolio and/or replaced by new ones.
The creation of the IT application strategy used here is based on the design of the applica-
tion portfolio according to the Boston Consulting Group Matrix (BCG-Matrix) already
presented. The applications are then divided into four fields on the basis of a 2 x 2 matrix.
The basic derivation of standard strategies for applications is very well described by
Ward and Peppard [39] and Hofmann/Schmidt [25]. Fig. 1 shows the representation of
the application portfolio based on Hofmann/Schmidt.
Following Fig. 1, Ward and Peppard as well as Hofmann and Schmidt can develop the
following standard strategies [39] and [24]:

Potential contribution to achieving future business goals
Applications that may be Applications that are critical to

important in achieving future sustaining future business
success strategy
Applications that are valueable by Applications on which the

not critical to Success organization currently depends

Degree of dependency of the business on IS/IT application in achieving business performance
Fig. 1  The application portfolio

• High Potential Applications (called “Wildcats” by Ward/Peppard, “Question Marks”

in the BCG matrix):
It is unclear and uncertain to what extent these will contribute to the success of the
company. They are therefore to be classified as “risky”.
Such applications are often started in the form of prototypes or pilot projects—with
the aim of testing whether a corresponding benefit can actually be generated for the
company. Ward/Peppard point out that such applications should not be integrated
directly into the existing application landscape, as otherwise dependencies can arise
too quickly (minimal integration). With these high potential applications, clear time
and budget limits as well as the constant control of these prototypes or pilot projects
are important. This ensures that only those applications that can prove the expected
benefit become a strategic application for the company.
• Strategic Applications (BCG matrix: “Stars”)
The strategic applications are the most important company applications. The most
important principle in the context of the strategic orientation is the continuous devel-
opment of these applications (continuous improvement). This should ensure that these
applications continue to provide the strategic benefit in the form of highly automated
core processes and innovative new features. In order to continue to generate the “High
Value-Added” described by Ward/Peppard, a very close, cooperative coordination and
cooperation between business and IT is necessary. Market changes, new or slightly
changed business models or product changes must be quickly adapted by the business
and translated into new IT requirements in order to maintain the strategic advantage
of these applications. However, these constant value-added activities can become very
expensive over time. This is the point at which the strategic applications become “Key
Operational Applications”.
• Key Operational Applications (BCG-Matrix: “Cash Cows”)
These applications are very important for the company and support the core but also
management and support processes with great reliability, often over long periods of
time. However, adaptations to these cash cow applications should be carried out in
a cost-effective manner and larger expansions should only be made if this results in
significant competitive disadvantages (Ward/Peppard refer to this as “defensive inno-
vation”). Due to the often long life of these applications, attention must be paid to
quality in order to ensure the best possible integration into the entire application land-
scape (high quality). However, the same number of resources cannot be made avail-
able for the cash cows as for the strategic applications. Therefore, it is necessary to
keep the value contribution of the cash cows as high as possible for as long as possi-
ble with as few resources as possible.
• Support Applications (BCG-Matrix: “Poor Dogs”)
This type of application serves purely to support processes that are often not so
important. They are therefore not to be classified as critical and not as decisive for
the future of the company. It is often therefore sensible to outsource this software
category, which can be referred to as a commodity, to an external service provider
who, due to economies of scale, can operate these support applications more cheaply
(Ward/Peppard speak of disinvest/rationalize). Self-operation is usually only eco-
nomically viable if largely standard software is used without major expansions or
customization.
The described standardization strategies will prove to be helpful when creating the tar-
get application portfolio. For the purposes envisaged here, an application portfolio based
on Ward/Peppard is used, which is shown in Fig. 2. The horizontal axis of the appli-
cation portfolio shows the importance of the application for the company. The vertical
axis shows the maturity of the application from the perspective of the entire company.
The size of the circle reflects the number of users and the color the level of maintenance
costs. The legend in Fig. 2 shows the divisions of the size and color of each circle.
This results in the following questions that are relevant in the context of an analysis of
the application landscape using a portfolio:
• Which applications are retirement candidates, so they have to be replaced soon?

• Which applications are restructuring/optimization candidates, so they can still be
saved?
• Which redundant basic services, such as double data storage, are there?
• Which “Unsupported Systems” do I have? Where was “End of Life” reached in support?

New technology
App 3
Maturity of the application
App 1
Old technology
App 4 App 2
Support process (standardizable) Value-added Process
Importance of the application for the department
Fig. 2  Example of an application portfolio

• Which sick applications do I have? Which ones consume too many resources?
• Risk management: Which applications are unsafe? Which applications lead to compli-
ance violations?
• Which are the most important applications for the department or the whole company?
• Which are the applications that are considered critical—for example, in terms of out-
dated technology, insufficient support for requirements, too high maintenance costs?
• Which applications are already in a stage that urgently requires a replacement or a
successor arrangement?
When creating the application portfolio, many readers may now ask themselves the ques-
tion: “What should I do if there is basically only one large application?” For example,
almost all processes are supported by an ERP system and all other applications are tools
in the sense of IT infrastructure, such as mail programs or antivirus software.
Since the central application is mapped in most companies by an ERP (= Enterprise
Ressource Planning), the essential features of ERP systems should be briefly presented:
• Coverage of the essential business functions, such as accounting, controlling, person-

nel administration, general administrative activities, etc.
• High modularity while still integrating the modules with each other
• Scalability (this means that the ERP system is able to scale from small applica-
tion scenarios to large and very large scenarios (adapt). Scalability can be achieved
through a client-server architecture. With the SAP R/3 system, separate servers can be
used for database, application and presentation (multiple servers can even be used for
application and presentation).
• Portability (this means that ERP systems can be used on all major operating systems
and hardware platforms)
• Openness (ERP systems enable standardized interfaces for integration with other soft-
ware systems (data exchange, function call) through
A key feature of ERP systems is modularity. This can help when creating the applica-
tion portfolio if the ERP software is considered in modules. SAP is an example here.
The SAP modules FI/CO map standard processes in most companies that are not directly
value-adding or competitive. These would then appear on the left side of the portfolio.
Whereas, for example, the SAP WM or JIT/JIS module can play a significant role in
value creation in a manufacturing environment. This is usually seen in that these mod-
ules are not used as standard by SAP, but are equipped with many individual program-
ming (called SAP ABAPs). Exactly these individual adaptations are value-adding and
therefore to be mapped on the right side of the portfolio.
Even if the IT landscape is characterized by a very large “master system”, it is still
important to track down the other applications and evaluate them once. To do this, it can
help to take a closer look at the interfaces of the ERP system:
• What other systems are used to exchange data?

• Where are other important master data such as customers or suppliers located?
• What does the marketing or sales department actually use IT systems for?
• Are all personnel processes outsourced or integrated into the ERP or are there still so-
called satellite systems?
• From the customer’s point of view: What data does the customer need from us and
where do these come from?
If there are no direct answers to these questions, it is advisable to take a closer look at
the license management: Not the Microsoft Office applications as such are interesting
here, but above all database licenses or self-developed software, for example based on
MS Access or MS Excel.
The easiest way to proceed is to sit down with the department and work through the
company’s essential business processes or organizational units and check using Table 1
whether the following applications are available or how the underlying processes work
today (e.g. manually or via a self-written application or via Excel).
The Table 1 serves at the same time as an example, because in column 3 (actually
used applications) the applications actually used by the Produktio weltweit GmbH are
listed.
If the applications are assembled as shown in Table 1, they can be entered in the
application portfolio described above. For the example company, this is shown in Fig. 3.
In this application portfolio, it is very easy to see which applications are value-creating
and which support processes are mapped, which are well standardized. On the Y-axis you
can see whether it is new or old technology. What can be derived from this for the exam-
ple company, the Produktio weltweit GmbH, at the current time:
• SAP as a central ERP system was not only depicted as a single application in the
portfolio, but—as already described—in its module components. This makes sense
because it is immediately apparent that some modules are very standardized because
they automate general support processes (here SAP HR and SAP FI/CO). In contrast,
SAP WM is very important for the supply chain and the supply of production and is
therefore shown as a value-adding process further to the right. SAP FI/CO is therefore
currently still a “question mark” and according to the norm strategy, investments still
have to be made here. And indeed there is a kind of “investment backlog“: The finan-
cial processes are not yet fully standardized and have not yet been rolled out in all
foreign locations, as was already determined in step 2 of the initial situation.
• Siemens’ MES is a bit older, but it supports a value-adding process and is therefore
shown in the lower, right quadrant as a so-called cash cow. There is a great depend-
ence on the applications for the company here, but it should be looked at exactly how
to deal with the MES in the future in the following consideration of the application
life cycle.
Table 1  Check for applications in all organizational units

Organiza Possible applications Actually currently used applications (here
tional unit by way of example for “Produktio weltweit
GmbH”)
Sales/Sales • Customer
Relationship • Salesforce
Systems • Custom-developed MS Access database with
• Appointments
and Lead customers for the “OldStyle” radio
Software
• Applications for Pre-Sales
Activities
• Order Processing
• Shipping and Invoicing
Marketing • Applications for the • Various websites
Management of Advertising • Various Excel tables for marketing evaluations
Materials [→ →these evaluations could also be created
• Websites with the ERP system]
• Store construction software
• Analysis software for
• Marketing measures
Personal/HR • Salary calculation • SAP HCM (Human Capital Management; here
• Employee master data in use personnel management, • calculation)
• Archiving and administration [→ →It is important to know that this is not
of contracts used for all overseas locations]
• Archiving is not yet digital, but by physi-
cal storage (a software is selected and being
introduced)
• The time management in SAP HCM is still
missing and is urgently needed as it is only
available in Excel today
Finances/ • Financial accounting (general • SAP FI (complete financial accounting, bank
Controlling ledger, accounts receiv- transactions)
able/accounts payable, asset • SAP CO (cost center, cost accounting, contri-
accounting) bution margin calculations)
• Tax administration • [→ important: Not all foreign locations are
• Bank transactions connected to SAP! The locations that are not
• Archiving software connected send monthly numbers from Excel,
• Controlling tools/contribution which are manually entered into the central
margin calculations SAP]
• Balanced Scorecards • Contribution margin calculations are partly
• Cost center accounting only done in Excel
• Cost accounting • The archiving software is also in the introduc-
• ERP systems (for example, tory phase, as is the case with HR, which is
SAP FI/CO or MS Dynamics particularly important in accounting due to the
AX) large number of invoices (as physical filing
currently requires a lot of extra effort)
• Tax administration is done by an external tax
consultant using Datev
(Continued)
Table 1  (Continued)
Organiza Possible applications Actually currently used applications (here
tional unit by way of example for “Produktio weltweit
GmbH”)
Production • Production control systems • A MES (Manufacturing Execution System)
• Production master data from Siemens is used as a production control
• Applications for production system [→ currently no interface to SAP, only
order management manual data transactions possible; interface
• anonymous stock production but planned]
• customer-specific production • Production evaluations are done using Excel
Logistics • Sales and production rough • The logistics chain is mapped by SAP WM and
planning partly by SD (for shipping and transport)
• Program planning
• Material requirements
planning
• Order processing planning
• Order implementation
planning
Material • Physical inventory (inventory • SAP MM is used here
management scenarios) or special topics,
such as batch management
• Serial number management
• Handling Unit
• Stock processing
• Storage structure
• Inbound/outbound processes
Purchasing • Request/offer processing • SAP is used partly for purchasing, but still
• Order processing very rudimentary, because most of it is still in
• Price control an old MS Access application
• Invoice verification
• Supplier management
General • Middleware systems • SAP PI and DWH solution (esp. for interface
administra- • Data warehouses/BI systems between SAP and MES and as data cube for
tion/other IT evaluation and connection of production and
systems financial data)
• The two MS Access applications can be found in the lower, left quadrant. This is
mainly due to the age of the technology (old MS Access from 2003 and no update
available, as the developers were interns at the time and are no longer with the com-
pany). However, it is good to see that the applications do not support value-adding
processes, otherwise it would have to be considered relatively quickly how they could
be replaced. But the management of customer data for the anyway expired “OldStyle”
radio is no longer so relevant for the company and the Access application for purchas-
ing has to be taken over by SAP.
New technology Question Marks (High Potential) Stars (Strategic)
SAP Sales
FI/CO force
SAP
SAP SAP WM
HR MM
MES
Siemens
Old technology
MS
MS Access
Access Purchasing
OldStyle
Support process (standardizable) Value-added Process
Fig. 3  Application portfolio for the Produktio weltweit GmbH (Example)
• Salesforce as a sales and CRM application is a new technology and has value-adding
character for the company, so it is located in the upper, right quadrant as a star again.
There is currently no need for action here.
The Application Life Cycle
After all essential applications for mapping the application portfolio have been identi-
fied, it is important to recognize in which maturity level an application is. This maturity
level is very clearly represented by means of the so-called application life cycle, based
on the well-known product life cycle.
The following Fig. 4 is based on Heinrich [22] and serves as a basis for the represen-
tation of a typical application life cycle.
This model of the application life cycle uses six phases and, in contrast to many other
models, also considers the development phase as well as the abolition or succession
planning. These six phases according to Heinrich [22] are:
1. Development: In the development phase, the steps of idea generation and software
development are carried out. The highest costs occur during the life cycle of the
development.
The Application Life Cycle 135
Development Introduction Growth Saturation/ Decrease Abolition

Maturity
System usage
System costs
System benefits
Fig. 4  The application life cycle
2. System introduction: If introduced step by step, usage will grow. The usage intensity
is also determined by the occurrence and elimination of errors during installation tests
and at the beginning of productive operation.
3. Growth: In this phase, all tests are completed, all errors that occurred during the
introduction are eliminated and all functions can be used productively. The usage
increases through additional users, unless it is a basic application with a limited num-
ber of users.
4. Saturation/maturity: In this phase, usage reaches its peak. Previous users cannot dis-
cover any further usage possibilities and no further users are added. The decline may
be due to the fact that the system is no longer up to date, competes with others or the
supported tasks decrease in quantity and importance.
5. Decline: The decline that started in the saturation/maturity phase continues.
6. Abolition: Here the decision must be made as to when a system is replaced by a new
one. Beyond the time of use, the system to be phased out can still cause conversion
costs or residual license costs.
In general, such a model must be taken into account that it is not always ideally, but is
influenced by various external factors. Nevertheless, this model allows, based on a clear
representation, the most accurate classification of an application in its respective matu-
rity level.
It should be noted that, especially between very technically oriented applications,
such as an application for controlling a production plant, the life cycle is longer than for
commercial applications. For example, typical ERP systems are subject to new require-
ments of legal or internal company nature more often and are therefore shorter-lived than
technical applications from their life cycle.
The application life cycle theory provides important information for the development
of the IT strategy about the maturity level of applications and is a useful supplement to
the portfolio view. If both models are applied to your applications, you can very pre-
cisely find out which applications will need which maturity level in the future and thus
require an exchange.
Based on our example company, Produktio weltweit GmbH, further useful informa-
tion arises for dealing with the application landscape (the classification of the applica-
tions is shown by way of example in Fig. 5):
• There are two very essential applications in the development phase: The new archiv-
ing solution, which will help automate the manual process of filing and ensure (devel-
opment phase does not mean that the software itself is being developed, but can—as
in this case—mean that the software is being written and purchased. Customizing to
company-specifics would then typically be characterized as a development phase).

Maturity
System usage
System costs
System benefits
Archiving SAP MM SAP FI, CO, HR SAP WM MES (Siemens) Access

solution (replacement Salesforce "OldStyle"
SAP PI Access) customer base
(interface
MES/SAP)
Fig. 5  Application life cycle of Produktio weltweit GmbH (example)

The Application Life Cycle 137
Also to be found here is the interface between SAP and MES, which will finally con-
nect production with ERP. As the graphic shows, development is always initially asso-
ciated with high costs/investments and does not yet provide any benefit.
• In the introductory phase, the SAP MM module for the administration of purchasing
processes is located. The SAP MM is already available, but is only used rudimenta-
rily and the essential part is still available in the old Access solution, which is now
replaced by SAP MM. Therefore, this is referred to as an introduction, since the MM
module still has to take over the entire process of the old Access and can only then be
used properly.
• SAP FI, CO and HR are the support processes recognized in the portfolio that can be
standardized very well. This is also urgently needed because the foreign locations are
not yet integrated to a large extent and some evaluations are still being made manu-
ally via Excel. Therefore, these SAP modules are placed in the growth phase, which is
actually a intermediate step between introduction and growth.
• The SAP WM module is a typical application in the mature stage, which already very
well maps all processes of the supply chain, but now absolutely needs the interface to
the MES in order to be able to play out all its advantages.
• The MES had already been classified as an older technology in the portfolio and now
in the life cycle it is exciting to see where it really stands. The application will have
no further support for further development at the end of the year. Therefore, the appli-
cation has been classified in the “decline” phase with a tendency towards the “aboli-
tion” phase. It must be clarified urgently how to proceed with the application and how
a replacement or modernization could look like.
• In the “abolition” phase, the Access solution for the OldStyle car radio can be seen,
which must be abolished urgently. As soon as the product is taken off the market, it
must be considered how the historical data is transferred to other applications so that
data is still available for warranty issues.
Software Maintenance
Traditionally, the majority of the effort of the software life cycle flows into maintenance. The
maintenance effort to be included is also constantly increasing. If one still expected in the 1970s
that the maintenance effort would account for 35 to 60% of the total effort of the software life
cycle, this increased by the end of the 1990s to 80 to 90%.
Whether and with how much effort software has to be maintained depends strongly on the fol-
lowing factors:
• Error density and maintainability of the software

• Use of the software (error disclosure through different application scenarios; the desire to
improve certain attributes)
• Duration of use of the software (changing environment).
For software critical to the company, maintenance usually makes a significant contribution to
investment security. On the other hand, it is also a significant cost factor. Therefore, maintenance
agreements are mandatory for software critical to the company. Depending on the agreed service
level (see Service Level Agreement), the annual costs are usually in the order of 10 to a maximum
of 20% of the investment sum of the software.
If the necessary attention is already paid to appropriate maintainability when designing the sys-
tem, unnecessarily high costs for software maintenance can be avoided. With high maintenance
costs, maintenance is usually carried out by a fixedly organized group of employees (maintenance
organization) in an orderly maintenance process.
Evaluation of Applications and Derivation of Action Options
After it is clear which applications are available, how they stand in the application port-
folio and in which life cycles they are, it must be decided how the application landscape
should look in 5 years in the context of the IT strategy.
The following action options are available for the applications from the application
portfolio:
• Retain → no action required

• Discard → throw away application and, if necessary, replace or supplement the used
functionality/the used process with the help of an already existing application.
• Modernize → bring application to new technological standard or adapt to changed
processes (for example by web-enabling, integrating legacy with new technologies,
re-hosting or throwing away and rewriting).
In order to be able to use these action options, all applications are first evaluated accord-
ing to certain criteria. The evaluation criteria are shown in Table 2.
The Table 3 now brings the total overview in the form of the decision for each appli-
cation to expression and shows very clearly which application from which reason must
be either retained, phased out or modernized. We orient ourselves thereby again at our
example enterprise, the Produktio weltweit GmbH. The evaluation of the individual cri-
teria takes place thereby according to school grades (from 1 to 6).
The Application Roadmap
The application life cycle planning is now used to plan the changes, additions or new
acquisitions of applications on a timeline. The goal of this roadmap is to early plan all
the required resources (especially capital, personnel and know-how).
The following Fig. 6 shows, based on the measures identified in the previous chapters,
the application roadmap for our example company Produktio weltweit GmbH.
In order to realize and work on the application roadmap, IT projects are set up which
can be tracked in step 6 as part of an IT project portfolio.
Table 2  Evaluation criteria for applications (derivation of target application portfolio)

Evaluation criterion Description
Maintenance costs How are the maintenance costs for the respective application to
be assessed? Too high, too low, market-oriented? Maybe bench-
marks help that are offered by neutral market observers
Acceptance by the users What is the acceptance of this application by the users? Is the
usability, i.e. the user-friendliness good? How do the users talk
about the application? What are the (pre)judgments about the
application that are often heard?
Maturity of the process To what extent does the application really map the processes
mapping or requirements? Is this 100% or rather only 50%? What is the
reason for this?
Probability that the process will How likely is it that the process automated by the application
change in the short term will change in the short term or very strongly in the next 3
years?
Maturity of the technology and On which basis is the application programmed? Is this a new
lock-in risk technology that will also be supported in 3–5 years? Will there
be any developers in the future who can adapt this application?
Is there enough know-how in-house or does everything have to
be bought in the future?
Preparations for Step 3
Necessary information or documentation that is helpful, especially in the analysis of

applications for Step 3:
• List in the form of a table:

– Name of applications
– Unique ID (application number)
– Responsibility/delimitation of the application
– What is the application responsible for and what is it not responsible for
– Persons who can be addressed to the application (application owner, key user)
Persons required for Step 3:
• CIO/IT manager and first management level of IT

• IT architecture management
• Partly application/system responsible
• Department/business unit manager to check the target application portfolio
Table 3  Evaluation of the applications and derivation of action options (example)
140
Application Maintenance Acceptance Maturity Short-term Maturity Action To Do’s

costs by users level of pro- process changes level of option
cess mapping foreseeable? technology
SAP FI 3 4 4 Yes (SEPA) 3 Modernize Standardization of accounting processes
Introduction of SEPA
Integration of overseas locations
SAP CO 3 3 4 No 3 Modernize Contribution margin calculations should be
able to be carried out directly in SAP CO
(introduction of the result and market seg-
ment calculation)
SAP HCM 3 4 5 Yes, constant 3 Modernize The personnel processes must be standard-
changes in social ized and unified; the foreign locations must
legislation be integrated
Introduction of time management in SAP
HCM
SAP MM 3 3 4 Not currently 3 Modernize Check and integrate the necessary func-
tions/processes from the MS Access tool
Training necessary
SAP WM/ 3 2 2 No 3 Retain
SD
(continued)
Table 3  (continued)
Application Maintenance Acceptance Maturity Short-term Maturity Action To Do’s
costs by users level of pro- process changes level of option
cess mapping foreseeable? technology
MES 5 3 3 No 5 Modernize/ The MES is quite popular because it has
phase out been in use for a long time and is there-
fore known and many functions have been
strongly adapted to the individual needs
Interface to SAP must be established
Generally a disinvestment, where the time
for a new tender for an MES is due and it
must be checked whether the current sup-
plier can offer a modern product or another
alternative is used
Working Questions and Implementation Step 3
Salesforce 2 2 3 No 2 Retain
MS Access 4 3 4 No 3 Discontinue Discontinue because legacy application and
“OldStyle” developed by shadow IT; currently no one
has expertise for further development or
adaptation; must be integrated into ERP
MS Access 4 2 4 No 3 Discontinue Shadow application for which no expertise
“Supplier for further development or adaptation is
Data” available; the data are important master
data for the ERP and must be maintained
there
Archiving Retain (or No direct assessment possible at this time
solution Introduce) because it is currently under development
or introduction
141
SAP Enhancements Part 3:

Replacing the Access Tool and
SAP enhancements part 2: Integrating Functionality in
HCM for all foreign locations and SAP MM
Time recording
Roll-out SAP and MES at all

foreign locations
Interface
SAP/MES
Tender MES and

introduction

FI/CO Implementation
Foreign Locations, SEPA,
New
document management system
(DMS) incl. archiving
t: 2014 2015 2016 2017
Fig. 6  Application roadmap for the Produktio weltweit GmbH
• If necessary, business process experts or key users

• If necessary, external moderator
The first worksheet can be worked out more clearly in table form. The following hints
are important:
• Structured interviews should be conducted with all department heads and process
experts to evaluate all applications in the company;
• All business processes documented in Visio or by means of an EPC should be
reviewed in detail with regard to possible applications that are not yet known
• Existing specifications should be checked to see for which application purposes appli-
cations have been created
• Legacy systems or legacy systems must be checked to see which processes are served
there?
• It must be checked in the departments where Excel or Access solutions exist or own
IT systems (shadow IT?) Have arisen?
The worksheet 4.1 serves to structure and document the results:
Worksheet 6.1 Evaluation of applications
All applications currently in use should be listed here for each department.
Trade Possible applications Currently in use

area Applications
Distribution / Customer relationship systems (such as Salesforce), appointment

Sales and lead software
Applications for pre-sales activities, order processing, shipping

and invoicing
Marketing Applications for the management of advertising media, internet presences,

shop fitting software, analysis software for marketing measures
Staff Payroll, employee master data, archiving and administration

of contracts
Finances / Financial accounting (general ledger, accounts receivable/payable,

Controlling asset accounting), tax management, bank transactions
Archiving software, controlling tools / contribution margin calculations,

balanced scorecards, cost center accounting
Cost type accounting, ERP systems (for example SAP FI/CO or MS

Dynamics AX)
Production Production control systems, master data of production, applications for

production order management, anonymous make-to-stock production
Order-related (make-to-order) production
Logistics Sales and production planning
Program planning, material requirements planning,
Planned order processing, planned order conversion
Materials Physical inventory (inventory scenarios) or special topics, such

Manager as batch management, serial number management
-share
Handling unit
Warehouse processing, warehouse structure, inbound/outbound

processes
Purchasing Inquiry/quotation processing, order processing, price control,

Invoice verification, supplier management
Other Middleware systems, data warehouses / BI systems, reporting

IT systems systems
Worksheet 6.2 Creation of the application portfolio
Inserting the determined applications into the application portfolio below

Legend: Circumference (number of users), circle color (green=low maintenance costs,
yellow=medium maintenance costs; red=high maintenance costs).

New technology
Old technology
Support process (standardizable) Value-adding process

Dividing the Applications into the Life Cycle
Worksheet 6.3 Breakdown of applications in the life cycle
Please enter your applications in the blue coloured boxes according to their life cycle

Maturity
System usage
System costs
System benefits
Evaluation of Applications and Derivation of Action Options
The first worksheet is again represented as a table (see worksheet 4.5 below) in order to
be able to evaluate the applications in a structured manner and to derive the right action
options. The evaluation is carried out according to school grades. The legend of the
action options is described again below:
• Keep → no action required

• Dismantle → throw away application and, if necessary, replace it or supplement the
used functionality/the used process with the help of an already existing application
• Modernize → bring application to new technological standard or adapt it to changed
processes (for example by web-enabling, integrating legacy with new technologies,
re-hosting or throwing away and rewriting)
Worksheet 6.4 Evaluation of the applications and derivation of options for action
All applications currently in use should be listed here for each department.
To Do's
Acceptance by users
Short-term process
Maintenance costs
Process mapping
Maturity of the
foreseeable?
Maturity level
technology
changes
Application Action option
Standardization of
financial accounting
processes
Yes
EXAMPLE (SAP FI) 3 4 4 3 Modernize
(SEPA) Introduction SEPA
Integration of the
International locations
Creating an Application Roadmap
Worksheet 6.5 Creating the application roadmap
Please enter the milestones and project plans for the processing of the applications
resulting from the fields of action here
Conclusion Step 3
The application strategy is, so to speak, the heart of an IT strategy. In addition to the cre-
ation of the target application portfolio shown here, with the planning of the introduction
or change of applications on the timeline (application roadmap), a key milestone for the
planning and input for the future orientation of IT in the company is done. But it should
not be hidden that many important, technical decisions have to be made with regard to
IT architecture and detailing with regard to an IT development plan. This depth is impor-
tant, but would exceed the scope of the book and address a different target group, namely
IT architects, software responsible persons and IT design experts. However, before the
application roadmap is adopted, the examination of the aforementioned experts must
have taken place.
Your three most important thoughts, insights, key words:

Abstract
After the roadmap for the new application landscape has been created, it must now
be decided who operates these applications and the IT infrastructure required for this.
The answer is given with the development of a sourcing strategy. It is a central part of
the IT strategy, but also of the IT organization, as it is decided here which resources
are needed internally and which are outsourced externally.
Basic Questions on Sourcing
In the context of the sourcing strategy, the classical question of “make-or-buy” is

answered. This means: Which IT services can or should a company provide itself and
which services should it purchase from third parties on the market?
Motives for a Sourcing Strategy
In practice, sourcing usually means outsourcing of IT services, i.e. outsourcing in the

sense of the buy variant. The question therefore arises first of all, what sense IT out-
sourcing could make and where the motives for this lie (based on [25]):
Trust is the key word for successful outsourcing of IT services to an external supplier. Prof. Dr.
Walter Brenner (University of St. Gallen)
152 Step 4: The Sourcing Strategy
• Reduction of production depth

• Cost savings through economies of scale at the provider
• Variabilisation of fixed costs
• Improved access to know-how, skills, procedures and methods that are not available
in-house
• Improvement of the quality of IT services
• Flexible adaptation to the actual need for IT services
• Concentration on core competencies
• Access to the provider’s know-how
These arguments for the outsourcing of IT services represent the positive effects of out-
sourcing and are quite solid arguments for management that speak in favour of the buy
variant. However, in order to objectively illuminate the topic of sourcing, the “make”
variant must also be seen. Arguments for keeping IT services in-house or for retrieving
previously outsourced IT services (so-called in-sourcing) can be as follows:
• Keep know-how internally, as these are essential core processes of the company that
need to be protected
• Regain lost know-how
• less time required for coordination with providers or suppliers
• not as great a dependence on providers
• Reduction of quality problems or defects
To facilitate the make-or-buy decision-making process, the matrix shown in Fig. 1 can be
used. It provides a good overview of when to outsource or when to provide the IT service
in-house.
The strength of the company is represented on the Y-axis, and the differentiation in
competition is represented on the X-axis. Differentiation in competition means how
much the respective IT service offers a competitive advantage or not. An example is the
distinction between commodity, standardized, and value-added processes shown in step
4. Commodities such as the data center or other hardware/IT infrastructure are more
likely to be found in the two left quadrants, whereas, for example, the MES of Produktio
weltweit GmbH would be more to the right, as it offers a great competitive advantage.
Typical “Buy”, that is, outsourcing candidates are therefore commodities in which the
company itself does not have great strengths. “Make” candidates, that is, IT services that
should definitely be operated in-house, are value-added applications. Their strengths are
either already in the house or will definitely be built there, as they are essential and/or
value-added core processes. Everything in between are the quadrants in the upper left
and lower right, where it can be decided on a case-by-case basis whether these should be
outsourced or operated in-house.
Basic Questions on Sourcing 153
Make or Buy Make

high
Strengths of the company
Support process Core process
Buy Make or Buy

low
Outsourcing Support process
low high
Differentiation in competition
Fig. 1  Make or Buy Matrix
Opportunities and Risks of Outsourcing
What are the opportunities and risks of outsourcing? In order to make this transparent, a
so-called SWOT analysis is used. The term SWOT is made up of the initial letters S-W-
O-T. These stand for:
• S = Strength = Strengths
• W = Weaknesses = Weaknesses
• O = Opportunities = Opportunities
• T = Threats = Dangers or risks
The SWOT analysis in Fig. 2 shows very clearly and generically the advantages and
disadvantages as well as the opportunities and risks of IT outsourcing projects. The
advantages and disadvantages have already been explained in the introductory chapter
“Motives for a sourcing strategy”. Opportunities mainly arise in the area of cost reduc-
tion, faster time-to-market (and thus possibly more flexibility) and improved quality of
service delivery (fewer failures, more reliable operation). These are all desirable opportu-
nities that can actually be realized depending on the performance of the provider and the
Strengths Weaknesses
• Reduction of the vertical range of manufacture • Possible loss of control and competence
• Improved access to know-how, competencies, • Large amount of time required for coordination
processes and methods that are not available with providers or suppliers
in-house • Quality problems and defects can occur that
• Improving the quality of IT services are more difficult to control than if they
• Enable flexible adaptation to the actual demand were internal.
for IT services
• Concentration on core competencies
• Access to know-how of the provider
• Cost reduction and variabilization of fixed • Dependence on the provider can be very
costs large
• Flexible business processes are • Problems with back-integration or
enabled insourcing
• Speed / Time-to-Market improved • Risk of business secrets being passed on
• Improved IT security Third get
• Internal loss of know-how
Opportunities Threats / Risks
Fig. 2  IT outsourcing: SWOT analysis (an example)
price. In addition, there is always the question of the economic feasibility or the business
case for make or buy, which will be discussed in the next chapter.
Risks are mainly seen in the area of knowledge loss. Therefore, the service to be out-
sourced must under no circumstances be a core competence of the company, because the
know-how must absolutely stay in-house. Also for the further, essential reason that stands
out among the risks: There is the danger of losing trade secrets or process knowledge that
should not be passed on to outsiders. The other risks are related to the provider: too strong
a dependence on a provider who could then gain too much market power. The problem
then arises at the latest when the former outsourced IT area has to be operated in-house or
transferred to another provider. This is—depending on the outsourced IT area—very deli-
cate and can be accompanied by system downtime and possibly longer system downtime,
costing a lot of money or even endangering the existence of smaller companies.
The Economic Feasibility of IT Outsourcing Projects
The intention to outsource certain IT services to a service provider or provider is based

on the following four advantages of outsourcing projects:
• Reduction of costs
• Higher quality, as the service provider or provider is a specialist in his field
The Type of Sourcing: Which IT Services can be Outsourced? 155
• Higher transparency and predictability of costs through clear definition of service lev-
els and transparent pricing models of the provider
• Faster and easier scaling of the required capacities, which can be added or removed at
the provider if necessary.
Attention: Unfortunately, reality often shows that these advantages, which are very well
comprehensible in theory, can often not be implemented in practice. Especially the topic
of economic efficiency is for the management the decisive factor for the question of
make or buy when it comes to the decision for or against outsourcing.
Therefore, it is very important to make a TCO consideration (TCO = Total Cost of
Ownership) as a basis for the calculation of the economic efficiency. This has the advan-
tage that really all direct and indirect costs flow into the consideration and not only the
previous wage costs are compared with the resulting outsourcing costs. A typical cost
structure of an IT outsourcing project is shown in Table 1 according to Gadatsch [18].
Identifying indirect costs usually presents the biggest challenge. In this context, indi-
rect costs are primarily factors that are difficult to measure, such as the quality of the
provider, the number and frequency of errors, or compliance with so-called service levels.
This also includes the indirect cost reductions shown in the last line of Table 1, such as
fewer disruptions, faster commissioning or restart times. However, if these factors occur
more often in the form of problems or do not result in cost reductions in the form of faster
restart times, this can cause enormous costs that are very difficult to quantify, let alone
estimate, before an outsourcing deal. Assumptions can be made, but no one can look into
the future and know how outsourcing will develop. This depends on many uncertainties,
as Fig. 3 shows by way of example for IT outsourcing over a certain period of time.
Therefore, although a cost-benefit analysis is a “must” in order not to blindly run
into ruin, it is usually not a definitive insurance. It is therefore difficult to make a defini-
tive statement in favour or against outsourcing on the basis of cost-effectiveness, as this
depends on too many and partly unknown parameters.
The Type of Sourcing: Which IT Services can be Outsourced?
After the advantages and disadvantages of make-or-buy options have been presented, the
question arises as to which IT services or services are suitable for outsourcing. Before
decisions are made, a description and definition with advantages and disadvantages of all
outsourcing forms is first carried out with regard to the service. In practice, four different
types of outsourcing are usually differentiated, which are described in detail below:
• IT Infrastructure Outsourcing
• Application Outsourcing
• Business Process Outsourcing
• Cloud Computing
Table 1  Cost structure of an IT outsourcing project (according to [18])

A) Investments
Costs of the preliminary project (decision preparation)
• Personnel costs (IT and specialist department)
• Consultancy (incl. legal advice)
• Other costs
Costs of the transfer project
• Personnel costs (IT and specialist department)
• Consultancy (incl. legal advice)
• Other costs
Effect of the transfer of ownership
• Net sales proceeds (hardware, land, buildings, etc.)
• Other net sales proceeds
• Termination payments for staff
• Elimination of previous personnel costs
B) Operating costs
Fixed and variable outsourcing fees
Other operating costs
C) Effects of the outsourcing project
Direct effects
• Reduction in personnel costs
• Elimination of space costs (rent, insurance, lease, etc.)
• Elimination of other costs
Indirect cost reduction
• Fewer disruptions to operational processes
• Faster restart after disruptions
• Faster commissioning after release changes, etc.
• Revenues from penalties (SLA violations)
IT Infrastructure Outsourcing
The IT infrastructure forms the basis for all IT-based services and functions of a com-
pany. When using the term IT infrastructure, most people first think of the workplace
computer, printer, networks and other IT devices such as monitor, scanner or mouse and
keyboard. Depending on the definition, IT infrastructure can be more than just pure hard-
ware. In practice, all components subsumed under the term IT infrastructure are repre-
sented in Table 2.
Table 2 clearly shows that, in addition to pure hardware, highly standardized software
such as office software, system-related software such as operating systems or databases
also belong to the IT infrastructure. Nevertheless, all IT infrastructure components men-
tioned here are so-called “commodities”.
Increased customer
demands
Additional costs
Capacity margin
of the customer
plan capacity
Reduced customer
Provided
Additional costs
demands
Fig. 3  Cost structure in IT outsourcing
Table 2  Definition: Components of the IT infrastructure

Component Contents
Hardware • Server operated centrally or decentralized
components • Network printer
• Networks and their components
• Workplace end devices (desktop/notebook, printer, mouse, keyboard, etc.)
System-related • Operating systems
software • Administration tools
• Database systems
Cross-cutting • Office communication, workflows
• Office products
• Browser
Services • Communication and information services (e-mail, intra- and/or Internet,
directory and signature services)
Development tools • Development environments
In analogy to the “Three Pillars of IT” (see Fig. 7 (The Three Pillars of IT) in the con-
text of the application strategy), companies should focus on the value-creating processes
and systems (Pillar 1) in order to make the IT competitive and not primarily on the com-
modities (Pillar 3), which can often be operated economically by third parties in the con-
text of make-or-buy decisions.
However, the selection of a well-scalable and performant database as an IT infra-

structure component is an important decision that a company makes in the context of
the application strategy (see Chap. 4). However, the provision of these IT services does
not necessarily have to take place within the company. External IT providers often have
much more expertise and are specialized in such services; this know-how of the potential
suppliers is usually not relevant to the company’s competitiveness.
It is therefore recommended to develop a sensible sourcing strategy that outsources
these commodities. The following areas are outsourced by way of example:
• Desktop Services/IT Workplace Environment (Provision, Renewal and Maintenance

of the IT Workplace Environment. This generally includes the workstation computer,
operating systems and office applications)
• Data center/server room (provision and maintenance of the servers and the IT infra-
structure required for their technical operation)
• Network/Telecommunications Services (Provision, Maintenance of the IT
Infrastructure and the Telecommunications Infrastructure. This includes, for example,
active and passive components (LAN/WAN), telecommunications)
• User Helpdesk/Service Desk/Hotline (Support of users/users in the company for the
workplace environment made available as part of the desktop services.)
Application Outsourcing
In the context of application outsourcing, entire IT systems or applications are out-

sourced to an external provider. This form of outsourcing is particularly common with
highly standardized ERP or CRM systems. There are generally two forms of application
outsourcing:
• Application Management Outsourcing

• Software as a Service or Application Service Providing (ASP)
In application management outsourcing, the ownership of the software lies with the
company applying it, i.e. the licenses belong to the client. The provider as contractor is
responsible for the operation and maintenance of the software.
In the context of application service providing (ASP), the provider also assumes
ownership of the software in the form of licenses and license management. This current
method of application outsourcing is based on a rental model per user and is obtained
from the cloud, which is why it is mainly referred to as “software-as-a-service” (SaaS)
today. The responsibility of the ASP or SaaS provider includes complete software man-
agement: from purchase to license management, to maintenance, care and operation, as
well as implementation or customizing and update/administration of the software. This
model of application outsourcing has become possible through the now widely available
high Internet bandwidth. Users access the software directly from anywhere via a secure
Internet connection.
Therefore, when using SaaS, one speaks of cloud computing. However, cloud com-
puting can be more than SaaS, which is why its own chapter is dedicated to this new
form of outsourcing (see section Cloud Computing).
Business Process Outsourcing
Business process outsourcing represents the highest form of outsourcing. In addition to

the entire IT (infrastructure + applications), entire business processes are outsourced to a
provider. These are highly standardized business processes that are not of great strategic
importance to the company. These include, in particular, operational personnel processes
such as enclosing payroll or salary statements, as well as financial and accounting pro-
cesses that do not have a competitive focus.
Cloud Computing
In addition to the aforementioned sourcing models, new possibilities for the use of IT
services have arisen within the framework of cloud computing. These are referred to as
services that can be “ordered on demand”. To answer the question of a simple definition
of cloud computing, the following quote by Lewis Cunningham [15] helps:
Cloud Computing is using the Internet to access someone else’s software running on some-
one else’s hardware in someone else’s data center.
There are three different sourcing models in cloud computing, which are presented in
Table 3.
In general, it can be said that cloud computing partly replaces the old sourcing models.
It should be mentioned that when choosing a cloud solution, three alternatives are available:
• Public Cloud: The responsibility and complete management of the cloud are assumed
by the provider. This maximizes scalability and—depending on the provider—the
pay-per-use option. You only pay for services actually used
• Private Cloud: In this model, the IT organization retains control of its own cloud.
This model has the advantage of often questioned security when outsourcing sensitive
data, for example in the ERP area.
• Managed Private Cloud: This variant of cloud computing combines the advantages of
private and public clouds. It works so that you get a dedicated and autonomous infra-
structure tailored to your needs from a provider in a public cloud. On the one hand,
the scalability and, on the other hand, the security advantages can be used on the basis
of secure Internet connections, for example via VPN or Direct Ethernet Links.
Table 3  Cloud Computing: New Sourcing Models in the Cloud

Cloud Sourcing Model Longform Description of the Cloud Sourcing Model
SaaS Software as a Provision of software via the Internet. The SaaS pro-
Service vider is fully responsible for the software, including
maintenance, support, administration, and develop-
ment. The owner is not the user, but the provider
A prominent example is Salesforce
IaaS Infrastructure The IaaS provider operates special server systems for
as a Service the customer, for example for backup, archiving, or
even whole server farms in the sense of small data
centers
PaaS Platform as a This model is a combination of SaaS and IaaS,
Service because here complete packages of hardware and
software are offered to the customer
In contrast to classical outsourcing, it is very important to know that when using cloud
computing, one must orient oneself to the standardized specifications of the cloud pro-
vider in most cases. This means: In contrast to a classical outsourcing provider, who
adapts the outsourced systems to the respective business processes and conditions within
the scope of a customizing, one must adhere to the standards of the cloud provider when
using cloud computing. When using cloud solutions, internal processes and business pro-
cesses must therefore be changed to some extent as required by the cloud solution or the
cloud offer must be individually adapted if possible.
An advantage of cloud computing over traditional outsourcing is seen in the profit-
ability, which often only occurs after 4–5 years in traditional outsourcing solutions. And
during this time, there are often cost increases of not infrequently up to 10%. With cloud
computing, the connection between the company and the provider is not as close as with
traditional outsourcing. It can therefore have a shorter term with the advantages of the
faster and more flexible switch to another provider, which may be cheaper. In addition,
once the interface to the cloud provider is standardized with you, the risk of vendor lock-
in is not as strong as with traditional outsourcing, where you are relatively committed to
a partner and a switch to another provider is associated with a lot of effort and costs.
Sourcing Strategies at a Glance
In addition to the general definition of the manufacturing depth for the IT organization,
three different aspects must be differentiated when deciding on outsourcing:
• The degree of outsourcing

• Number of service providers/providers
• The location of the service
Sourcing Strategies at a Glance 161
Determination of the General Manufacturing Depth of the IT

Organization: Degree of Outsourcing
With regard to the degree of outsourcing, there are different sourcing options, which are
defined in Table 4 and illustrated with the respective advantages and disadvantages.
The Fig. 4 shows the illustrated sourcing options in a portfolio, in which the Y-axis
shows the maturity of the organization or your company as an aid to assess.
Number of Providers: Single Sourcing vs. Multi-sourcing
The question at stake here is how many providers one wants to work with. The back-
ground to this question lies in the problem of so-called vendor lock-in. This means that,
due to the usually medium- to long-term commitment to an outsourcing partner, depend-
ence on this can arise. With classic outsourcing, it is not so easy to change the provider,
Table 4  Degree of outsourcing with advantages and disadvantages

Sourcing Type Description Benefits Disadvantages
Full Outsourcing Complete outsourcing of Focus on core business Dependency on one
all infrastructure or appli- Cost reduction supplier/provider
cation services of the Better service quality? Costly reversal in case
company to a provider Use of external expertise of provider change little
scalability
Loss of internal expertise
Possibly high transaction
costs, hidden costs
Selective Outsourcing of part of Focus on core business Loss of internal expertise
Outsourcing the IT services (“Best of Use of external As often several provid-
Breed” approach) Expertise Cost reduction ers are used, the control
and supervision of the
providers can be time-
consuming and risky
Outtasking/ Partial outsourcing Low dependency on Limited customizing
Managed provider Flexibility and Lack of integration with
Services cost advantages through other ERP platforms
on-demand models Low Data is stored externally
transaction costs
Shared Service Internal outsourcing of Cost reduction Better No best-practice
Center IT services to a Shared control of processes and approaches from
Service Center (this can data external providers
appear as a separate com- Processes remain largely
pany or as a Competence unchanged
Center within an IT
organization)
Maturity level of the organization/company
Selective
out-tasking Joint
High
venture
Selective
outsourcing
Shared service center

(spin-off of IT / BPO
departments)
Low
Full
outsourcing
Inhouse
Make vs. Buy
Fig. 4  Sourcing model in portfolio
Table 5  Number of service providers

Number of service Description/Definition
providers
Single Sourcing Outsourcing of the entire IT or part of it to a service provider or provider
General Contracting A hybrid between single and multi-sourcing: use of multiple service pro-
viders, but controlled by a general contractor
Multi Sourcing Outsourcing to multiple service providers (multi-supplier strategy)
because a new transition phase to another provider or the backfall principle in the sense
of insourcing can become very expensive and time-consuming.
Therefore, the question arises as to whether it makes sense not to rely on just one pro-
vider, but on several. In general, three different models can be distinguished, which are
shown and defined in Table 5.
Location of Service Delivery
In addition to the degree of outsourcing and the consideration of whether to work

with one or more providers, the question arises as to the geographical location of the
outsourcing. There is generally a distinction between three different possibilities for the
location of the service provision of the outsourcing provider:
• Onshore
• Nearshore or
• Offshore
Onshore outsourcing provides the service within its own country. This is usually quite
uncomplicated and does not involve any legal problems. However, it often has the disad-
vantage that wage costs are relatively similar and therefore the cost effect of an outsourc-
ing will not be very significant.
Under the nearshore concept, outsourcing services for German companies are often
provided today in Eastern European countries. This model tries to minimize the large
cultural and linguistic deficits while still achieving a good cost savings due to lower
wages. Legal issues are often not as complex as when operating in distant countries due
to the membership in the European Union.
In offshoring—the original concept of outsourcing—outsourcing services are pro-
vided in countries that promise a significant wage cost advantage. It all started with
the outsourcing of very simple tasks such as help desk or data entry. But for years now,
this industry-specific offshore share has been extended to all known outsourcing types.
Typical offshore countries such as India or Indonesia have proven that providers can
offer standardized IT processes that, according to common maturity measurements—
for example according to CMMI—have better maturity levels than some German large
companies. A overview of possible offshore countries is shown in Fig. 5 according to
Gadatsch [18].
The question now arises as to how near- or offshoreing is best organized? The follow-
ing two operator models have established themselves in the field of off- and nearshoring:
• Bridgehead model: In addition to its foreign presence, the offshore provider has a
legal and cultural seat in Germany, the so-called bridgehead. This may be the case
The service is provided abroad, but communication and demand management are
located in Germany. It is easier to coordinate because the client does not have to over-
come cultural and time differences.
• Workbench model: In this model, the client has experts at the foreign location of the
offshore provider to lead the contract or the outsourcing project. The legal responsibility
lies with the offshore provider and forms the extended workbench of the client abroad.
The Sourcing Governance
In addition to the three aforementioned aspects of sourcing strategy, sourcing govern-

ance plays a significant role in the success of sourcing projects. Sourcing governance
Phillip-
Criteria India China Russia Canada Ireland
pines
Tax advantages
Availability of relevant
expertise
Infrastructure
Training system
Cost advantages
Service quality
Cultural fit
Time difference
English skills
Fig. 5  Offshore countries in comparison
describes the necessary institutions and committees with their decision-making powers
before and after a sourcing decision.
Before the Sourcing Decision (On the Way to the Right Provider)

As part of the general considerations and decision-making process of which IT services
are to be outsourced and which provider will win the contract in the course of a tender
and contract negotiations, a committee should be formed with clear task and decision-
making powers. Such a committee, for example referred to as a sourcing committee,
should definitely include the following:
• Management (the superior of the CIO or IT manager)

• The superior of the department most affected by the sourcing decision
• The IT manager or CIO
• IT architect in the case of application outsourcing or IT infrastructure expert for infra-
structure outsourcing
• Purchasing responsible for IT
• A lawyer/jurist specializing in IT contracts and specifically outsourcing contracts for
the contract negotiations
Fig. 6 shows an example of the hierarchy and involvement of the aforementioned people
in the sourcing decision (Fig. 7).
Steering Committee or
Sourcing Steering Committee
Chairperson (usually CIO)

Participant 1 (Company Management)
Participant 2 (Department Manager)
Project management
Project Manager
Departments Expert Pool
Process Expert FB1 Lawyer/RA

Process Expert FB2 IT Specialists
….. IT Architects
IT Purchasing
Fig. 6  Organigram of a sourcing committee
Provider Department
(IT service provider) CIO Organization (IT service purchaser)
Service provider 1 Sourcing Office

Product Manager
Process owner
Sourcing manager
Process owner
Product Manager Sourcing manager
Service provider 2
Product Manager
Product Manager Sourcing manager Process owner
Fig. 7  Sourcing governance
Depending on the size and qualification of the company, the project manager should
be the CIO or IT manager himself for large sourcing decisions. For smaller and medium-
sized projects, this can be an IT employee who is determined by the CIO/IT manager
and who knows and overviews the subject area of the outsourced IT services well and
in addition brings the necessary and not to be underestimated project management skills
and experience in sourcing.
In addition to the purchasing responsible, the management and the superior of the
specialist department are the essential instances in the decision-making process.
The sourcing committee should meet at regular intervals and present all steps on the
way to the decision transparently to the committee for information and decision-making.
After the Sourcing Decision (Control of the Provider)

Two central institutions are formed within the CIO organization to control the ongoing
outsourcing project and the provider, which have a interface function between the opera-
tional business units and the providers. One orientates oneself here on the suggestions of
Brenner and Zarnekow with regard to the source-make-deliver approach [5].
These two institutions mentioned are the so-called sourcing office and the sourcing
managers, who fill the indicated interface function as can be seen in Fig. 7 (after Brenner
et al. [5]).
The sourcing office takes on the following tasks, which are not only for a sourcing
project, but also cross-functional tasks within the entire sourcing context:
• Definition of the sourcing strategy together with the CIO

• Analysis and selection of service providers
• Contract negotiations and design of service level agreements
• Evaluation of service providers
The sourcing manager takes over the management of the daily service business. This
means that on the one hand he is the contact person for the provider, but also for the
internal customers, the departments. He takes over the following tasks:
• IT product planning together with the departmental or process responsible

• IT product procurement and monitoring
• Control of the provider
• Problem and escalation management
• Monitoring and evaluation
Example: The Sourcing Strategy for the Produktio weltweit GmbH
In order to be able to apply the sourcing basics presented, the example company
Produktio weltweit GmbH is used again.
Example: The Sourcing Strategy for the Produktio … 167
The starting point is the analysis of the existing sourcing contracts with external
providers, as they are shown in Fig. 8 as a fictitious example. The following details are
queried:
• Type of outsourcing: Here there are the three options shown above
– IT Application Outsourcing
– IT Infrastructure Outsourcing and
– BPO (Business Process Outsourcing)
• Scope of services: here it is defined which IT service is meant (for example Salesforce
in IT Application Outsourcing or the data center in IT Infrastructure Outsourcing)
• Type of sourcing (see Table 4)
– Full Outsourcing
– Selective Outsourcing
– Out-Tasking
– Shared Service Center
– Joint Venture
• Current provider: Here the current provider or providers to whom the IT service has
been outsourced are listed
• Costs: The roughly estimated costs per year for outsourcing this IT service
Evalua-
Type of Sourcing Current Costs Current advantages tion
Power range
outsourcing type provider (per annum) and disadvantages (school
grade)
IT Application Full
CRM: Salesforce.com Salesforce.com 25,000.00 € 2
Outsourcing outsourcing
very good support
and good
ERP: SAP maintenance, documentation,
IT Application support and external Selective approx. but it remains
SAP, Accenture difficult to build up 2
Outsourcing programming or outsourcing 900,000 €
customizing the necessary
know-how
internally
The SLAs were not

met in 2013 due to
Data center two major outages
IT Infrastructure (outsourcing of all Selective IBM, partly the lead times for
Outsourcing servers to a secure outsourcing in-house 750,000 € extraordinary 4
data center) maintenance
windows are too
long
Business Process Full Salary-Printout

Salary pressure 14,000 € No problems 1
Outsourcing (BPO) outsourcing GmbH
Fig. 8  The sourcing overview of the Produktio weltweit GmbH (Example)

• Current advantages and disadvantages: Here the current advantages and disadvantages
of outsourcing are shown
• Evaluation in the form of a school grade in order to quickly and clearly see where
there are problems
Figure 8 shows very clearly where there are still problems with the Produktio weltweit
GmbH and what has already been outsourced very well.
• The Salesforce CRM software is a typical application outsourcing from the cloud.
Salesforce was the pioneer of cloud software and therefore has a lot of experience and
a very flexible business model, from which the customer can choose the functionality
that is right for him; scalability is very important here, which means that the software
grows with the company, but can also shrink. With Salesforce, our example company
currently has no problems.
• ERP outsourcing refers to two things:
– On the one hand, the outsourcing of the operation of the SAP system to a data
center of IT-Ops GmbH (see line below)
– And on the other hand, the outsourcing of development or customizing services,
which are carried out by the external service provider XYZ Customizing GmbH.
The introduction of SAP resulted in very high costs last year and there were some
problems. These are mainly visible in the interface between the department and
IT, because the processes from the departments, especially finance/controlling and
purchasing, could not be mapped directly by SAP. However, the department found
it very difficult to standardize the highly individual processes and to integrate
them into the SAP system. So a lot of individual solutions have arisen, which are
already difficult to maintain and above all the know-how is only available at XYZ
Customizing GmbH and not in the internal IT. Whenever a question or an error or
problem arises, XYZ Customizing GmbH must always be commissioned immedi-
ately. Already now enormous costs arise, which were not planned and recognizable
at the beginning of the outsourcing.
• Outsourcing the data center to IT-Ops GmbH is based on a very intensive tender from
2011; intensive in terms of time and cost. In the end, a very complex contract work was
created and it was hoped that IT-Ops GmbH would be found to be the best partner due to
its market presence and the best know-how in the market as a quasi-pioneer. Currently it
looks as if the Production world GmbH feels like a third-class partner and has commit-
ted itself to standard processes of IT-Ops GmbH, which are very hard for Production in
the current phase of the many adjustments in SAP. For example, maintenance windows
or simple change requests for new installations must be announced at least six weeks
in advance and it is still not certain that they will then be approved. You are facing a
bureaucratic monster that you as a small customer of IT-Ops GmbH cannot oppose.
Then there were even failures that one would never have expected from the provider.
Escalations are not taken seriously and the IT manager of Production is quite desperate
Example: The Sourcing Strategy for the Produktio … 169
because his specialist colleagues are very dissatisfied and give the internal IT the blame
for the constant delays in new installations, the inflexibility and the failures. The ques-
tion here is only how to get out of the contract and what the alternative could be.
• With the Business Process Outsourcing (BPO) of the salary pressure to the company
Salary-Print one is very satisfied with the services. The human resources department
has not yet found any problems and the outsourcing contract is to be renewed and
extended on the basis of a new price structure and a better interface for the transfer of
the salary data as well as a new and improved confidentiality agreement
For the Production world GmbH there are therefore both good and bad outsourcing con-
tracts and it makes sense to take a closer look at the bad ones. The SWOT analysis serves
this purpose, as it was already shown in Fig. 2. There a very generic SWOT analysis was
given, which now has to be broken down per IT service. Only then can the strengths and
weaknesses as well as the opportunities and risks of a possible in- or outsourcing per IT
service be analyzed in detail and provided as a decision-making basis for the management.
Figure 9 shows the SWOT analysis specifically filled out for SAP outsourcing of
Produktio weltweit GmbH at the current time. It is immediately apparent that, of the
hoped-for advantages and opportunities, unfortunately mainly disadvantages and risks
have arisen. Above all, the loss of know-how in internal IT and the resulting loss of
• Concentration on the core business • Severe loss of know-how regarding
process and SAP knowledge
• Loss of competence within the company,
because only Accenture knows how to
correct errors.
• The costs are hardly calculable
• Flexible deployment of personnel, which • The internal IT has no more control over
cannot currently be guaranteed by the the ERP/SAP and is only "Pass-through"
internal IT system of orders to the the provider
• Loss of competence within the company
leads to the internal IT loses important
personnel
• Re-integration of the know-how into the
internal IT associated with a lot of effort
and additional costs as well as new
personnel
Opportunities Threats
Fig. 9  SWOT analysis Outsourcing SAP to XYZ Customizing (Example Produktio)

competence of IT in the company is a severe blow for Produktio weltweit GmbH. In

addition, of course, the sharply increased costs are not justifiable for the management
and the IT manager is really struggling to find good arguments why one should continue
as before, especially since the SWOT analysis clearly shows that currently there is not
much on the “opportunities” side. What could be a possible way?
• The chances side as well as the weaknesses show that the problem lies in the know-
how, i.e. IT personnel. More know-how must be built up internally, possibly with
newly hired experts or recruitment from the current provider.
• The risk of reintegration, i.e. the immediate cancellation of the contract with the pro-
vider and the takeover by a new provider or an outsourcing with the complete with-
drawal into the internal IT organization, is very difficult. First of all, due to the probably
difficult contractual situation, on the other hand, mainly due to the know-how, which
would have to be transferred step by step either to another provider or to the internal IT.
• A good compromise could be to identify the processes that are important and value-
adding worldwide for production and that are supported by SAP. The know-how must
absolutely be transferred from the provider to the internal IT for these processes. This
would be SAP WM and possibly MM in this case, especially since the integration of
the access functionality is pending. Then it should be considered which processes or
developments are very important for the company. This is definitely the integration of
the foreign sites. This should also be done mainly internally in the sense of leadership
and project management by internal personnel.
• A final point that is not directly related to the provider, but became very transparent
through outsourcing, is the responsibility of the department for the processes. There
is still no clear process responsibility in the company today. These must be clearly
defined by new roles. But more on that in step 5.
The second outsourcing contract that causes problems worldwide at Produktio is the out-
sourcing of the data center. An updated SWOT analysis has also been carried out here,
which is shown in Fig. 10. The already mentioned risks and weaknesses are quickly rec-
ognizable here, which this time do not primarily lie in the loss of know-how, but rather
in the dependence on the provider with its inflexible standard processes as well as the
recurring new costs through change requests and the resulting deteriorating relationship
with the provider. Produktio worldwide feels helpless because their requirements are not
taken seriously and are only accepted against hardly payable additional costs. On the
side of chances and strengths stand the security and the fact that Produktio worldwide
does not have to take care of the commodities anymore. This makes sense from a corpo-
rate point of view, but how do you get a grip on the mentioned problems:
• It can be derived from the SWOT analysis that a reintegration into the internal IT is
not possible and not desired from a corporate point of view.
• Therefore, only a switch to another provider or the solution of the mentioned prob-
lems with the current provider remains.
Excursus: Tender for an IT Sourcing Project in 5 Phases 171
• Concentration on core business for • Speed and time-to-market have deteriorated
internal IT possible (we had deteriorated (on the contrary, one
• Best of breed solutions offered by IBM had hoped for improvements here)
• Costs not under control due to continous
change requests/ all only via
Standardprocess
• Failures and poor communication
• Loss of know-how due to fluctuation and
new operational areas for former
RZ employees
• Improved security • The relationship with the provider is very

bad (you are treated third class)
• Back-integration is not possible in-house,
since there are no more capacities and
resources available for operating
• Back-integration to other provider
could lead to failures
Fig. 10  SWOT analysis outsourcing data center to IT-Ops (example Produktio)
• A solution could therefore look like this: a new tender is made, which focuses on the
weaknesses and risks found in the SWOT analysis, and as part of this, the current pro-
vider is given a new chance on the basis of other conditions. Or a new provider actu-
ally comes into play, but does not bring all the above-mentioned weaknesses and risks
in the current form.
Both negative examples have shown that the tender itself and the awareness of the essen-
tial success factors can be quite essential for the later success or failure of an outsourc-
ing. Therefore, a typical tendering process is presented in the following chapter, which
integrates these success factors.
Excursus: Tender for an IT Sourcing Project in 5 Phases
In addition to the pure conception of a suitable sourcing strategy, this chapter deals as
an excursus with the concrete tendering of a sourcing project. Five phases are used to
show how you can successfully find the right provider and plan the operational phase and
transfer your IT services to this provider.
The great majority of sourcing projects are outsourcing projects. Therefore, the follow-
ing five steps do not start from an insourcing, but consider an outsourcing project. The
individual steps can be viewed in more detail and elaborated in more detail, but due to
the excursus character only the essential “must-haves” of a call for tenders should be pre-
sented. It therefore resembles a checklist more than a detailed chapter on the subject of
tendering.
Phase 1: Project Management and Scope
Most outsourcing projects are underestimated in their complexity. As a result, the set goals
such as cost reduction or process improvement can often not be achieved. Therefore, it is
necessary to apply some basic project management methods to the outsourcing project.
This includes in the first place the project planning on the basis of the five points pre-
sented below until the transfer of the operation to the provider. It is also important to put
together a project team including activities and responsibilities.
Figure 11 shows the project planning based on five phases:
1. Defining the scope of the tender and defining the project

2. The actual tendering phase with the creation of the necessary documents, market
screening and workshops with potential providers
Project management and communication
Step 5: The
transition phase
Step 4: Selection of the provider /

contract negotiations
Step 3: The tendering phase
Step 2: Analysis of the

provider landscape
Step 1: Scope and

project mgmt .
t: Jan/Feb Mar/Apr May/Jun Jul/Aug
Fig. 11  Project plan for an outsourcing project in five steps

3. The selection of the provider

4. Contract negotiations
5. The transition phase or the transition to the provider
Depending on the size of the outsourcing project, the aforementioned periods can be
larger or smaller.
In addition to creating the project plan, the following basic project contents must be
created in this first phase:
• Define the goal of the project or the outsourcing project

• Identify and name project participants
• Create project organizational chart
• Establish sourcing committee as a body and set regular meetings
Based on the sourcing types and models presented in Chapter “The Sourcing Type:
Which IT Services Can Be Outsourced?”, They must now be selected and defined for the
respective purpose. This means:
• What type of sourcing is it?

– IT infrastructure outsourcing, application outsourcing, or business process
outsourcing
• Which sourcing model is preferred? (→ see section (Determination of the general
depth of production of the IT organization: degree of outsourcing))
• How many providers should be commissioned (single vs. multi-sourcing) (→ see sec-
tion (Number of providers: single sourcing vs. multi-sourcing))
• Where should the service be provided? (Location of service provision see section
(Location of service provision))
Once it is clear what and how to outsource, the objectives of the outsourcing must be
defined. This should be followed by the creation of a business case or a cost-benefit anal-
ysis, which ideally reflects three scenarios (best, medium, worst case).
Phase 2: The Tendering Phase
The tendering phase begins with the collection of information about potential providers
and the detailing of requirements down to a short-list of potential providers.
The starting point is the creation of the following documents:
• A precise definition of who is to perform which services (for example, in the case of
infrastructure outsourcing, a precise definition of the areas of responsibility is to be
made according to ITIL)
• Determination of security requirements and legal regulations

• Analysis of the provider landscape in the form of a market screening (Are there any
suitable providers for the IT services to be procured?)
• Formulate all requirements for a potential provider and create a long list on this basis
(these are all providers that should participate in the tender)
– Geographical aspects (globally available when supporting branches internationally?)
– Obtain references from existing customers
The tendering phase is then divided into three phases:
1. Request for Information (RfI)

In the context of the RfI, contact is first made with possible providers. These are
informed about the tender by email. The RfI should be a document that contains the fol-
lowing information:
• Subject of the tender (sourcing type: app, infra, BPO)

• Goals of the tender
• Introduction of the company
• Contact person
• Task (requirements overview/specifications (still quite rough), framework conditions
(for example, first important SLAs))
• Procedure and rough sketch of the desired termination of the tender (timetable/roadmap)
In addition, a questionnaire can be sent to potential providers, which, based on formulated

requirements questions, provides indications for further progress into the next round.
The aim of the RfI phase is to get an overview of which of the potential providers
identified in the market scan are available for this tender. Furthermore, it is important to
sign a confidentiality agreement with all providers who have committed themselves to
the tender.
2. Request for Proposal (RfP)

The RfP phase serves to deepen the conversations with the providers.
The first workshop with the potential providers takes place. The aim is to present the
product or to coordinate and create a common understanding of the requirements formu-
lated in the requirements specification. The aim of the outsourcing company must always
be to keep the requirements specification up to date for all providers so that the offers
follow the same scheme and are therefore comparable.
Several iterations may be required during the RfP phase until both parties are ready to
submit a final, official offer.
Contents of the RfP phase are in particular:
• Final detailing of the requirements in the requirements specification/requirements cat-

alogue (possibly division into “must-haves” and “nice-to-have” requirements)
• Determination of which response times and availability are expected from a provider
• Detailed specification of the tender timetable
3. Request for Quote (RfQ)

In the RfQ, all remaining providers are requested to submit a first, official offer. This
must comply with rules that have been precisely defined beforehand. It is very impor-
tant to have a fixed scheme that the providers have to adhere to in order to create
comparability.
Phase 3: Selecting the Provider
After the first offers have emerged from the Request for Quote (RfQ) phase, the phase of
evaluating the offers and the so-called scoring of the providers now follows. It is impor-
tant not only to consider the quantifiable facts—such as the costs—but to make a holistic
assessment.
The following catalogue of criteria gives an overview of the “must-haves” when com-
paring the offers and the performance of the providers:
• General requirements for the supplier

– Company size,
– Financial solidity,
– Proximity,
– similar references
– Training of employees (are the necessary skills and competencies available with
the provider’s employees?)
– Project management skills for controlling and leading the outsourcing
• Strategic aspects
– Lock-in risk (how large are the dependencies estimated to be over the course of the
contract?)
– Ensuring long-term continuity
– Strategic partner (does the supplier fit into the company’s strategic partnership, are
there already supply relationships with subsidiaries, possibly a strategic partner of
the group?)
• Cost aspects
– Duration of the outsourcing contract depends on the costs of the transition and the
investment needs of the provider
– Total Contract Value = Total cost of service operation over the total term of the
sourcing contract Transition/Transition phase
• Transition phase
– Duration of the service transition
– Risks during the transition to the new provider
– Project management skills for controlling and leading the transition
Scoring can and should be expanded on an individual basis and correspondingly detailed.
The above representation shows only the generic and most important general criteria.
In addition to the pure scoring, the following guiding questions for selecting the right
provider can also be helpful:
1. How much experience does the provider have in the form of similar references? Can
the mentioned references confirm the provider’s performance?
2. Does the provider have any relevant certifications such as ISO/IEC 27001 or SAS 70
for cloud solutions?
3. How well can one agree on responsibilities for cooperation before signing the con-
tract? Are the interfaces between IT and the provider clearly defined and are the
boundaries clear in terms of the company? Does the provider use standardized
Service Management processes according to ITIL?
4. To what extent can the provider’s services be checked? Is “on-site access” guaranteed?
5. How great is the need for adaptation, i.e. do processes and internal procedures have
to be adapted strongly to those of the provider or does the provider adapt to the cir-
cumstances in the company?
6. Are you sure that the agreement of common Service Level Agreements (SLAs) is
okay or do you feel pressured here?
7. Does the provider meet all criteria in terms of security?
8. Can the new provider comply with all legally prescribed regulations?
9. How are the topics of Disaster Recovery and backup mechanisms assessed? Is this
sufficient for your company in an emergency?
10. How good is the provider’s personnel’s training and communication skills? Are the
provider’s reachabilities detailed and is there a “emergency number”?
Phase 4: Contract Negotiations
If there is agreement between one or more providers, an exchange of a letter of intent

follows. The letter of intent (letter of intent, abbreviated LoI) is a kind of pre-contractual
agreement between the contractor (the provider) and the client (the company). The LoI
mainly includes obligations to inform and keep secrets, termination criteria and services
to be provided before the contract is concluded. The aim of the LoI is to make detailed
information available to the provider until the contract is concluded, which would not be
possible without confidentiality agreements and concrete mutual declarations of under-
standing. During the LoI phase, all open points can be clarified, which then lead to a pos-
sible termination of the talks or result in a concrete contract design and -signing.
The actual outsourcing contract must be created in this phase. Typical contents of an
outsourcing contract (based on [25]) are:
Contractual basis
• Goal of the cooperation

• Technical, organizational and financial framework
• Quality criteria
• Planning and system responsibility
Content of the services
• Project planning for the transition phase

• [Takeover of employees]
• [Takeover of ongoing contracts with third parties]
• Data transfer and maintenance
• Access and license rights
• Compensation obligations
• Obligations of the client
Performance security
• Quality assurance
• Warranty and liability
• Liquidated damages
• Indemnification clauses
Contract performance
• Project management
• Organizational committees
• Changes in scope and schedule
• Special termination rights
• Termination/cancellation (It is recommended that an exit clause be included in the
contract that addresses the transition to another provider. This should also clarify what
exit costs are allowed to be incurred.)
The tips and “lessons learned” provided by Ward/Peppard are very helpful. They show
what should definitely be avoided when negotiating with a provider: (adapted from [39])
• The standard contract of the potential contractor/provider should be rejected in any

case. Instead, an individually tailored contract should be drawn up with the help of an
experienced lawyer.
• A contract that is not yet completely negotiated or still has unclear formulations must
never be signed.
• The escalation paths should be specified and clearly defined in the contract before
signing the contract.
• It is very important to clarify and agree on clearly measurable service levels before-
hand, which must be reflected in the contract as a service level agreement.
• Penalties must be taken into account in the contract (contractual penalties for non-
compliance with service level agreements)
• The contract should clearly determine reporting and monitoring of service levels
(when and how current service levels are reported).
• The termination and/or transition clauses must be taken into account in the contract
• Consumption-related cost adjustments as well as malus/bonus regulations must be
clearly regulated.
• Gain-sharing models (revenues from performance improvements or cost reductions
that companies and providers share) must also be clearly regulated.
Phase 5: The Transition Phase
After everything has been clarified contractually with the new provider, the transition of
the outsourced IT service to the new provider, the so-called transition phase, follows.
What needs to be considered?
• Concrete planning of the transition phase in the form of a Gantt chart in MS Project
• A fall-back concept must be taken into account
• Consideration of legal regulations and specific safety conditions
• Carry out and document the actual situation together with the provider (if not already
done before the call for tenders).
In addition to the operational work in the transition phase, there is a phenomenon of psy-
chological nature that occurs again and again: The “letting go” of the employees from
their often long-cared-for and possibly self-developed applications or IT infrastructures
is often very difficult. Therefore, in this phase, many apparently simple task assignments
are blocked or even boycotted. The transition phase is therefore a great challenge for
the management, including the project manager. Because in essence it is a large change
Work Questions and Implementation Step 4 179
project. In addition to the “letting go” of your “IT babies”, there are often great fears in
relation to the new role or the possible loss of employment through outsourcing among
employees. Here it is up to the project manager or manager to take precautions. It must
be clearly defined before the transition phase how the future work roles will be distrib-
uted. For this purpose, the following structured approach is recommended, which is best
carried out in accompaniment or with the support of the personnel department or exter-
nal experts:
• Every employee affected by outsourcing must be identified

• It must be determined how strongly the employee is affected by outsourcing; In other
words: Which of his work tasks are eliminated, which remain?
• Consideration per employee whether the work tasks to be eliminated should be
replaced by others or whether an implementation at another location (possibly even at
the outsourcing provider) is possible or a release is necessary
• Conduct individual interviews with each employee (possibly with the support of the
human resources department)
• Open communication of the outsourcing project and explanation of the essential
milestones
• The early coordination with the works council (if any) must not be forgotten.
It is particularly important to consider not only the possibly affected IT employees, but
above all the departments. Whether they outsource an application or the data center. There
are always employees from the departments affected and the usual training of the new
application is by no means sufficient. Because by outsourcing almost always also change
the roles and responsibilities of employees of IT but often also much stronger the roles
of employees from the department. Even if the application remains the same and is only
operated by an external provider, the communication channels and the coordination pro-
cesses change. The general cooperation must follow other guidelines than if it were to run
internally with IT.
This change character of outsourcing has a significant value in terms of the success
of outsourcing, not only during the tendering and transition phase, but above all in the
ongoing operation.
Work Questions and Implementation Step 4
In order to develop the sourcing strategy, a current situation assessment is carried out
in the first step. This can be used to derive where there is still room for improvement in
current sourcing projects. Subsequently, it can be considered for all IT services whether
sourcing makes sense or not. This is reflected in the sourcing strategy and rounds off the
picture of make or buy for your company.
For the development of the working questions in step 4, you can start alone or with
your management team. Possibly the following people can be helpful:
IT architecture management
• Partly application/system responsible

• IT infrastructure experts
• Depending on the need, business process experts or key users
• if necessary, external consultant who can bring in external market expertise, share
experiences, lead the tendering process and act as a neutral moderator or prepare the
decision templates and negotiations for top management in a neutral way
Current Situation Assessment Sourcing
In the first step, a brief overview of which IT services are already outsourced, to whom
and with what success is recorded in a clear matrix. For this purpose, the worksheet 1,
which is already known from the example of the Produktio weltweit GmbH, is used. An
example is given in the first line, which should help you when filling in the matrix.
Worksheet 7.1 Actual Sourcing Recording
◾ Please list all sourcing projects that are currently running or are in the process of being
tendered, or projects that have been outsourced to providers, according to the example given.
Type of Power range Sourcing Current Costs Current Valua- To Do's

outsourcing type provider (p. a.) advantages tion
and
disadvantages
EXAMPLE CRM: Full Salesforce 25 T€ Customer data 2 Examination
Application Salesforce outsourcing is available of how
outsourcing from anywhere individual
(cloud solution) requirements
from sales
But individual can be better
requirements implemented
are very
expensive
and difficult
Actionable
After a first overview including a rough evaluation has been carried out, a closer look
must be taken at the problem cases (evaluation worse than 2 or 3). Here there are now
various options for carrying out a detailed analysis of the problems in order to then be
able to derive how to deal with the problem.
The first possibility is a more in-depth maturity assessment, as presented in Workbook

2. In particular, the following criteria are examined in more detail:
• 1) How is the current cost situation to be assessed: Are the costs within the framework
estimated before sourcing; if not, why not? Are the costs tracked and checked con-
tinuously, are there clear specifications or ceilings agreed with the provider?
• 2) How is the personnel situation to be assessed: Is the internal IT personnel suffi-
ciently qualified to lead the provider and are all necessary processes coordinated with
the provider and working smoothly? Is the provider’s personnel sufficiently well
trained and are jointly coordinated processes used for the work? Are committees set
up in which all issues are coordinated according to clear rules? Are there problems,
annoyance, difficulties among the participants? What is the reason for this and how
can it be remedied?
• 3) How is the service quality to be assessed? Are the SLAs checked, adhered to and
how is the provider’s reporting on the service levels? What happens in the event of
deviations from the SLAs? Are there clear regulations for this or can this always be
amicably clarified with the provider? Were there any breaches of contract? How was
this dealt with and were there good solutions for both parties?
Worksheet 7.2 Maturity Review of Current Sourcing Projects
Please describe now per sourcing project the current maturity level regarding costs
(column 2), the personnel situation (column 3) as well as the service quality (column 4).
Sourcing projects Cost situation Personnel situation Quality of service
EXAMPLE Currently no continuous There is no direct contact The service quality is

cost tracking, as the costs with a technically skilled good, but there are no
CRM: Salesforce (SaaS
are incurred directly in IT specialist who can individual SLAs, only the
outsourcing)
the specialist area (sales) help implement the standard SLAs, which
and are not checked in requirements of the are currently sufficient.
detail there. sales department, but A reporting comes
only an administrative monthly and is currently

However, the costs are
sufficient in terms of
currently transparent contact.
content.
and in line with the
contracts; there are no
unplanned additional
costs.
Another way to examine the problems of current sourcing projects in more detail is to
use the SWOT analysis. This was already used in the example case (see Fig. 9 for the
outsourcing of SAP and the data center. Workbook 3 gives you the opportunity to use the
SWOT matrix for each current sourcing problem.
Worksheet 7.3 SWOT Analysis for Current Sourcing Problem Cases
For each sourcing problem case, please use a SWOT analysis in which you enter the
current strengths/weaknesses as well as opportunities and threats.
After the sourcing problem cases have been examined in more detail, the question now
arises as to how to proceed. Often, by taking up the actual problems, it has become
quickly apparent what needs to be done to stop the problems. But sometimes the prob-
lem seems to be so deep-seated that it needs to be considered whether to review the deci-
sion for the provider and to force a new tender with another provider or to bring the
previously outsourced IT service back in-house by insourcing it into the internal IT. If
this should be the case, the excursion to implement an IT sourcing project in 5 phases
can serve as a guide. You will then come through the tendering phases to a new provider.
Creating the Sourcing Strategy
After the as-is recording has been carried out, the sourcing strategy can be created. The
worksheet 4 serves as a basic worksheet for describing which IT services (see column 2)
are to be outsourced or brought back with the corresponding parameters in columns 3-5
(column 3: Should it be outsourced completely or only partially? Column 4: How many

providers do I need for this: one or more (single or multi-sourcing)? Column 5: Where
should the outsourcing take place: on-shore in Germany or off-shore abroad?).
Worksheet 7.4 Creating the sourcing strategy
Please now create a sourcing strategy in which all current and especially all planned
sourcing projects are listed (see the example in column 1)
Type of Service area Degree of Number of Location of the

outsourcing (which IT service in outsourcing providers outsourcing
concrete terms) [full | partly] [Germany=OnS
hore |
foreign=offshore]
Application Salesforce (CRM Full 1 Offshore (USA)

Outsourcing (here system)
specifically: SaaS)
Application
outsourcing
Sourcing-Governance
To complete step 4, the already familiar organizational chart can be used to determine
the project participants within the framework of sourcing governance for outsourcing
projects (see worksheet 5).
In addition, it can be considered how existing sourcing projects are to be set up within
the framework of sourcing governance? Are the current participants the right ones, are
the reporting and reporting paths reasonable, are additional persons needed or possibly
no longer needed.
Worksheet 7.5 Organizational Chart Sourcing Committee
Please use this organizational chart template for each sourcing project and enter the
project participants in the corresponding fields.
Steering Committee or
Sourcing Steering Committee
Project management
Departments Expert pool

Worksheet 7.6 Establishing sourcing governance for ongoing sourcing projects
Please use the organizational structure below and enter the names necessary for your
IT organization or adapt the structure to your circumstances.
Provider Faculty
(IT service provider) CIO Organization
(IT service purchaser)
Service provider 1 Sourcing Office

Product manager
Process Responsible
Sourcing manager
….
Process Responsible
Product Manager Sourcing manager
…….…........
Service provider 2
……….
Product Manager
….
Product Manager Sourcing manager Process Responsible
Conclusion Step 4
The sourcing strategy and working with IT service providers, often called providers, is
an essential success factor in today’s IT organization. Because the manufacturing depth
of IT organizations is often relatively high and thus the dependence on third parties. A
very important finding should be that the “cultural fit” of the (potential) provider is just
as decisive for success as the other factors (costs, service quality, performance, etc.).
Offering IT services to the company or departments is always a balancing act between
standardization and individually matching processes. This must be clarified in-house and
only when it fits, can the performance be provided by a provider.
Through cloud technology, outsourcing is becoming easier and one could almost say:
Many users do not even notice that certain IT services or data are not operated in-house,
but are located somewhere else. This is a blessing and a curse at the same time. On the
one hand, the cloud technology creates great opportunities for using data anywhere and
anytime, on the other hand there are great security risks that currently still cause uncer-
tainty, but will be controllable in the near future (must).
Your three most important thoughts, insights, keywords:
Step 5: IT Organization and IT
Governance
Abstract
After the determination made in step 4, which resources will be outsourced to third
parties or supported internally on the basis of a make-or-buy decision, this fifth step
involves a possible adaptation of the IT organization and the IT governance structure.
In other words, what you need to optimally support the internally retained IT services.
Considerations are made regarding roles and responsibilities, interfaces, departments
and within IT, between demand and supply, and suppliers.
As already shown in the introductory chapter as an organizational challenge for IT, in

addition to the role and task of the CIO or IT manager, the cooperation with all stake-
holders, from the supplier to the department or to the management, is also changing.
These changes and challenges will be examined in more detail in this step.
The IT organization is subject to manifold challenges—both from the outside in the
form of market pressure and digitalization as well as from the inside by the departments
and the management:
• Due to the high rate of innovation in the IT industry, there is a constant need for
capital in the IT organization, in addition knowledge has to be constantly renewed or
purchased
• The IT organizational forms are in a, in short cycles and waves understood, change
(from the strict separation of demand and supply to an integrated IT and back away
from it; Centralization versus decentralization)
Determination of the guidelines of the IT organization
190 Step 5: IT organization and IT governance
• The integration of IT into the corporate hierarchy is becoming increasingly difficult

(The role of IT in the company is partly unclear or the responsibility for IT in the
management is often perceived with a pure focus on finance/costs by the CFO or
commercial manager)
• IT is often the “unwanted stepchild” in the company and is therefore rarely cele-
brated, as it is usually only about problems and high investments that are not under-
standable for many colleagues → IT has unfortunately often become the problem
from the problem solver.
• Is the thesis of Carr correct: “IT doesn’t matter” and has IT become a kind of “com-
modity” in the company by now?
• There is increasingly a great role conflict between the sovereign tasks of IT and its
service provider role in the company.
• The role of IT has become less clear due to digitization. Does the topic of digitization
belong to IT? Does the Chief Digital Officer (CDO) create competition for the CIO?
Which parts of digitization does the CIO and thus IT take over and which parts are
taken over by specialist departments?
The goal of this fifth step is therefore to consider how the new IT strategy can also help
the IT organization grow.
The IT Organization Model
The IT organization has a wide range in companies due to the different roles described:
from an almost completely outsourced IT to an external provider, via the model of a
100% subsidiary to an internal IT department that takes over 100% of its tasks itself.
First of all, the following three questions arise when designing IT organizations:
• Who is responsible for IT in the company and who makes the decisions regarding IT
in the management? This is followed by the question of decentralised or centralised
management.
• Who decides on IT resources?
• How is IT financed or budgeted? The options are cost, break-even, profit or invest-
ment center.
In addition to the purely organizational structure, the subordinate questions have an

important function in the implementation of the IT strategy in the company (see the fol-
lowing chapter “ITGovernance”):
• What role does IT play in the company?

• What role does the CIO have to take on to be able to implement the IT strategy
successfully?
191
• Which committees are needed (especially in terms of business-IT alignment and close
involvement of specialist departments in IT decisions)?
Overview of Different IT Organizational Forms
In general, four organizational forms for internal IT are prevalent in practice, which are
also relevant as a starting point for the design of the IT organization:
• The IT organization as a department within an area

• The IT organization as an independent area
• The IT organization as a staff unit
• The IT in a matrix organization as a central and at the same time decentralized IT
Figure 1 shows these four different types of IT organization.

For each of the listed IT organizational forms, the question arises as to its manage-
ment structure: To whom does the IT manager report and what are the consequences for
the tasks of the IT?
IT as a IT as a field
department
within a division
UN-Leadership UN-Leadership
Finance Purchase Production
Finance IT Purchase Production

Controlling
IT
IT as a staff unit IT in a matrix organization
UN-Leadership UN-Leadership
Finance Purchase Production

IT
Controlling
Finance Purchase Production Central
IT
Decentralised Decentralised Decentralised
IT Finance IT Purchase IT Production
Fig. 1  Overview of IT organizational forms

In order to describe the four typical organizational forms in more detail, to exam-
ine the management structure and at the same time the advantages and disadvantages,
Table 1 is used.
The Table 1 shows very clearly that all mentioned organizational forms have not only
advantages, but also significant disadvantages. Therefore, for IT in the past, often very
specific organizational forms have arisen next to the ones presented here, which are to be
presented and examined in more detail below.
Overall, it must be said that the field of IT organizational design has not been con-
sidered in detail in the literature and in scientific papers so far. However, the business
organizational forms as they are lived in practice today repeatedly reach their limits
when applied to IT organizations. Whether it is due to the complexity of IT, the clearly
required service orientation or communication problems between technicians and “oth-
ers” is left to be seen. Nevertheless, it seems important here to also look at other options
that have established themselves in practice.
The “Plan-Build-Run” model

In the early 2000s and partly even before, a completely new and different type of IT
structure emerged that was no longer oriented towards the typical organizational forms
from business administration shown above. Within the framework of the so-called “Plan-
Build-Run” concept, the internal IT is divided into three areas:
• PLAN: Planning, control and monitoring (in particular requirements management, IT

controlling, IT architecture, IT project office, IT processes)
• BUILD: Creating, further developing and maintaining applications/applications
(application development or customizing of all applications/applications as well as
test and quality management)
• RUN: Support and maintenance of the IT infrastructure and IT operations as well as
the IT hotline
After the model was established at the end of the last millennium, it became increasingly
popular in the following years and can still be found in IT organizations today in some
cases. It has evolved over time and has been absorbed into other organizational forms,
for example in the so-called “Source-Make-Deliver” concept by Brenner/Zarnekow [5],
which was developed at the University of St. Gallen in 2003. This concept has already
located the IT much more within the framework of a market mechanism and is therefore
a successful further development.
For further considerations on an optimal organizational form, the Plan-Build-Run
concept offers an important basis, but as with the approach by Brenner/Zarnekow, the
demand for more service mentality, more market mechanism, which was taken up in the
Shared Service concepts, came first.
193
Table 1  Advantages and disadvantages of IT organizational forms

Organizational Description Advantages Disadvantages
form
IT organization The IT organization is Due to the area IT is often strongly
as a department assigned to a specific area management (here controlled by the respec-
within an area (here finance) and is not finance), it may be tive area (in the example
directly managed by the that a clear focus finance); this often leads
executive management, on specific IT to the fact that other
but by the respective area tasks of this area specialist departments
manager (in this example the is important for are neglected (→ lack of
finance manager or com- the company. This overall view)
mercial manager as area would give a clear IT is often budgetarily
manager) centralization and oriented, especially when
management by the it belongs to the finance
area department; the objective
is often focused on cost
savings and not on goals
for the entire company
and for all specialist
departments.
IT organization In this case, the IT organiza- Greater customer Higher number of inter-
as an independ- tion is directly subordinate or specialist faces to other areas, thus
ent area to the executive management department orien- more complexity and risk
and not to a specific area tation, greater flex- of entanglement
such as finance or production ibility and speed of
decision-making,
more autonomy and There is a latent tendency
more responsibility towards area egoism
because this area takes
itself too seriously.
IT organization In this type of organiza- The IT gets clear High potential for con-
as a staff unit tion, the IT organization is standards set and flict with areas, because
assigned as a direct staff unit has to carry them informally through the
of the executive manage- out in the inter- advice and expertise as
ment. Staff units are formed ests of the overall well as the proximity to
in order to provide expert company the executive manage-
knowledge and to be advi- Clear focus on ment often decisions are
sory. Their independence expertise and made that would actually
and the fact that they have advisory function belong to the areas
no authority to give orders, without authority
i.e. they are only advisory, (no conflicts and
are important. As a result, competence struggle
they are only active as an with departments)
IT service point and are not
allowed to make decisions
themselves.
(continued)
Table 1 (continued)
Organizational Description Advantages Disadvantages
form
IT organiza- This form of organization Closer to the prob- Very complex due to
tion as a matrix combines the central and lems or wishes of high coordination
(central and decentralized function of the areas and there-
decentralized) IT in companies. There is a fore better regarded
central IT organization that (good business-IT
is directly subordinate to the alignment possible).
executive management and Promoting close Decisions are often made
sets the framework guidelines cooperation with the only slowly or half-
as well as the decentralized departments. heartedly, as central and
IT units that are assigned to decentralized institutions
the areas. These are mostly often contradict each
autonomous and only sub- other.
ordinate to the framework
guidelines and standards of Often associated with
the central IT, but can decide high costs, if central
individually for their area and institution does not set
function clear standards
Shared Service Models

The IT service function already mentioned in the middle of the 2000s led to IT organiza-
tions often being outsourced to so-called Shared Service Centers. Separate companies
emerged that offered IT as a service to the company and in some cases also served exter-
nal third parties with IT services.
IT organisations were not always directly outsourced into separate companies, but
were instead transformed into units that function as internal shared service centers, in the
form of internal outsourcing. It was important that, compared to the company’s special-
ist departments, a kind of customer relationship was created with the IT Shared Service
Center.
The following advantages were hoped for with this:
• Greater transparency regarding IT costs: For the first time, prices had to be estab-
lished for IT services
• Because of the market mechanism arising from this, IT should become more aware of
supply and demand for IT services, rather than just reacting to requests from special-
ist departments
• Entrepreneurial action should occur in IT management, rather than just administrative
work as before
• A stronger customer focus and, as a result, better service quality
• The greatest possible standardization of IT services
195
• IT services should be benchmarked for company management, in order to make trans-

parent for the first time how good or bad IT actually is
Shared service concepts can still be found today. They had a very large influence on the
further development of IT in the direction of a service mentality, transparency, and cus-
tomer focus, which today has been absorbed into the demand/supply concept. This con-
cept is to serve as the basis for this book with the current state of 2014, to which the
working questions will also be oriented. However, before the demand/supply concept is
examined in more detail, the current IT organisation of the example company is to be
examined. It very vividly shows the path from the typical IT organisation, which was
found in the 2000s to be more than 90%, to the demand/supply concept.
Three Speeds in IT Organizational Models

In classical IT organizational models such as PLAN-BUILD-RUN or the classical team
structure with applications as well as operations/support, it has been shown that IT is
often too slow in implementing requirements from the business units. Three speed levels
have emerged:
• classical
• agile
• bi-modal
Often, the transition to an agile way of working not only changes processes and work-
flows in IT, but also in the business units to some extent, but it increases speed, which
benefits both parties.
For Produktio weltweit GmbH, the transition to a demand/supply concept will already
represent a major change in the way of working. As described later, the demand manag-
ers will take over production/logistics tasks in the Industry 4.0 environment and already
try out agile methods there, so that a bi-modal IT organization can be spoken of. This
“trying out” and constant improvement is a good way to a really agile IT organization
that in the future may even bring the development and operations areas closer together in
the DevOps concept.
In our example company, the IT organization is anchored as an independent area in
the organizational chart, i.e. the reporting line goes directly to the company management.
In the example, it is the commercial manager as managing director of the company.
The IT Organization of Produktio weltweit GmbH (An example)

Our example company shows, in addition to the question of the integration of IT into
the company’s management structure, how the IT organization is typically structured and
divided internally in medium-sized companies.
At Produktio weltweit GmbH, the IT organization is anchored as an independ-
ent area in the organizational chart, i.e. the reporting line goes directly to the company
management. In the example, it is the commercial manager as managing director of the

company.
As Fig. 2 shows, there are three divisions in the IT of Produktio weltweit GmbH:
• IT Operations
• IT Applications
• IT Office
The IT Operations department is responsible for the support and maintenance of the safe
and always available IT operation and the entire IT infrastructure of the company. For
this purpose, three groups or teams were formed in the “IT Operations” department:
• Data center/provider management: This is responsible for ensuring the IT operation

and the entire data center and server landscape. Since a large part of this is outsourced
to an external provider, this department is mainly concerned with the control and
coordination of this external provider and leads this supplier via detailed contracts on
the basis of Service Level Agreements (SLAs).
UN-Leadership
Production &
Finance IT Purchasing
Logistic
IT operations IT applications IT Office
Data Center/ Project

Provider SAP FI/CO
Management
Management
IT-Security & SAP Logistics IT Controlling &

TK & Production Administration
IT Workstation / SAP Basis and

Network ABAP
Corporate
Systems
Fig. 2  IT organization of Produktio weltweit GmbH (Example)

197
• IT security and TK: Here specialists for the IT security and the telecommunications of
the entire company are active.
• IT workplace and network: In this group, experts are responsible for ensuring the IT
infrastructure. This includes all IT workplace devices including the operating system
and office software as well as the entire network (WAN/LAN/WLAN).
The second department is responsible for all IT applications. This includes the applica-
tions shown in the application strategy, such as SAP, portals, the CRM system, etc. Since
these are different applications that provide a very large range of functions and cannot
be operated by one group as a whole complex system landscape, three groups have been
structured with the following specialist activities that are oriented towards the processes
and tasks of the specialist departments:
• SAP FI/CO: Here the experts for finance and controlling are responsible for the SAP
FI/CO modules.
• SAP Logistics and Production: Here the specialists are responsible for the
IT-technical mapping of the logistics and production processes for the implementation
of the requirements from these areas, mainly in the SAP modules SD, MM, WM and
the MES system.
• SAP Basis and ABAP: Here specialists are responsible for the general support of the
SAP system including user concepts, master data, technical support and support as
well as ABAP programming for very special requirements that are not part of the SAP
standard.
• Corporate Systems: This group deals with all applications that have not been men-
tioned so far and thus represents a kind of “catch-all” for all non-SAP applications.
These currently include mainly the web tools, portals and the CRM systems as well as
the new and innovative products that cannot be IT-technically supported on the basis
of SAP.
The third department is called “IT Office” and is responsible for projects and all admin-
istrative matters of the entire IT organization.
• The first group “Project Management” represents a kind of pool of project managers
and assistants who are responsible for and accompany the introduction of applications
at national and international locations.
• The second group “IT Controlling and Administration” consists of IT controllers and
commercial assistants who take care of the internal cost accounting of IT, but also
business cases and economic calculations for IT projects, sourcing or other projects.
Overall, the IT of the Production world-wide GmbH corresponds to the typical con-
figuration of IT organizations of medium-sized companies. Advantages are the clear
structure and leadership as an organizational unit within the company. But what can be
disadvantages or problems?
• How is the proximity to the customer or department? This is given by the direct orien-
tation of the systems to the departments in the applications.
• How is the transparency of IT in management and departments? Transparency is
probably only partially given in the form of IT controlling, which, however, as an
area, is only reported to the UN management; whether and to what extent the depart-
ments really have insight into IT budget, project details, etc., is questionable.
• This leads to the question of the involvement of the departments: Who decides on
projects, system introductions, how are requirements transmitted to IT? Here it gets
more difficult, because the requirements management is probably decentralized in
the groups of the application department and thus not transparent or secured by com-
mittees. Is there a committee that decides how to deal with requirements? How and
by whom are requirements administered? This is all reserved for the departmental or
group leaders of the application departments and the project group at the Production
world-wide today. The department has little influence here.
It is precisely this last point that has led to much frustration among the departmental
responsible of the Production world-wide GmbH, which has been accumulating in the
management of the UN in recent years. Therefore, as part of the new IT strategy, it was
decided to change the IT organization in such a way that the departments have more
influence and transparency with regard to requirements and project management. This
has led to the concept of demand/supply, which is presented in detail in the following
chapter.
The Demand/Supply Organizational Model
The IT organizations of medium-sized and larger companies as well as corporations have

often gone the way of “plan-build-run” to subdivide the IT organization not into three
but into two large areas:
• The demand organization (called Demand)

• The supply organization (called Supply)
Therefore, one speaks of the so-called demand/supply organization (short for Demand/
Supply Organization), as exemplarily shown in Fig. 3 according to Gadatsch [18].
With the demand/supply organization model, IT can grow out of the technical role
and move much closer to the demand branch (formerly PLAN and/or department) and
the management in order to identify and satisfy requirements early and proactively in the
form of demand. Top management is also actively involved and sets the strategy on the
199
Demand (demand organization) Supply

(supply organization)
IT Management / IT service provider

Group Management CIO Office
Strategy (with framework contract)
Board
Tasks: • Internal IT
• IT strategy departments
• IT controlling • IT as a subsidiary
• IT company
Requirements • Outsourcing
Department management Provider
1 • IT
Service provider
management
Department
…
Department
n
Demand
Regulations
Demand
Independent IT service
providers (without
framework agreement)
Fig. 3  Demand/supply organization (Demand/Supply)
basis of which IT can map the procurement and demand structures in the company as a
kind of market. The performance branch (formerly BUILD and RUN) is the former tech-
nical core of IT, which provides IT services as supply according to the demand from the
demand.
This means concretely for the design of the IT organization that the following areas or
departments are mainly contained in the demand branch:
• Request and change management (requirements management)

• Cost/benefit and economic analyses
• Process management (this is either more in the department or in the demand IT from
case to case)
The supply branch can be operated both internally and externally, but also as a kind of
hybrid form between internal and external shares. Supply includes the provision of IT
services in the form of applications and its basis by infrastructure/operation. The follow-
ing areas or departments are typical in the supply branch:
• Application development and support

• IT quality and test management
• Operation and infrastructure
The key question is now: Who runs the Demand branch and who runs the Supply branch
or are both centrally managed? What happens to the “cross-sectional tasks” such as strat-
egy, project management or architecture: do they belong to Demand or Supply? Here are
three different models possible, which are also shown in Fig. 4 as a blueprint:
• Decentralized Demand-IT: Has a CIO office for the Demand branch and a CTO office
for the Supply branch (Note: CIO stands for Chief Information Officer and CTO
stands for Chief Technology Officer.)
• Centralized Demand-IT: just like in the decentralized Demand-IT, only the require-
ments and process management is directly with the Demand managers and not in the
CIO office
• Demand/Supply in a CIO office: both branches have a common CIO office
Decentralized Demand IT
IT Management / CIO Office CTO Office
• IT strategy, IT architecture
• IT Provider Management
• IT controlling and administration
• Service Management Processes
• IT Project Management
• Request & Change Management

• Application development and
Demand
• Cost/benefit and profitability

Supply
support
analysis
• System integration
• Process management (possibly also
• Operation & Infrastructure
specialist department)
Centralized Demand IT
IT Management / CIO -Office CTO Office
• IT strategy, IT architecture
• Request & Change Management

• Application development - and
Demand
• Cost/benefit and profitability

Supply
support
analysis
• System integration
• Process management (possibly also
• Operation & Infrastructure
specialist department)
Demand/Supply in a Management-Office
IT Management / CIO Office
• IT strategy, IT architecture, IT controlling and administration
• IT security and quality management
Fig. 4  Blueprint Demand-Supply Organisaton

201
In general, the following departments or areas are located in the CIO office of the
Demand branch:
• IT strategy, IT architecture (where the question of sovereignty over the IT architec-

ture is quite controversial and many companies see the IT architecture in the Supply
branch as well)
• IT project management
In the Supply branch of the CTO office, the following departments or areas are located,
which provide services across the Supply:
• IT provider management
• Service management processes (definition and standards for the competence centers
of the supply branch)
If there is only one CIO office for demand and supply, the above-mentioned areas are
jointly managed in this CIO office.
The areas “IT security” and “IT quality and test management” are also often found as
cross-sectional functions in the supply branch. However, many companies have also inte-
grated these into their own competence center in the supply branch or, at least in the case
of “IT security”, into the CIO office due to their importance for the company.
With this division into demand and supply, IT establishes itself as a two-part organi-
zation that is much more closely integrated into the business and the specialist depart-
ment through the demand part and can thus shape, control and moderate it in a more
proactive way. The supply part is the real “factory” in which IT services are developed,
adapted (customized), operated and maintained. This can be done by internal or exter-
nal partners or a combination of both, depending on clearly defined interfaces between
demand and supply.
Goals of the Demand/Supply Model

The following section lists the goals of the demand/supply concept:
• Business-IT alignment: IT services can be derived clearly and comprehensibly from

business requirements. A business case can be calculated for services.
• Separation of IT demand and IT supply: By separating demand and supply, the con-
flict of interest between the best possible individual IT solution and cost-reducing
standardization can be solved.
• Transparency with regard to costs, services and tasks.
• Improved efficiency through shorter decision-making processes and clear
responsibilities.
• Employee motivation through clearer task and role definitions and better delimitation
from the tasks of the specialist departments.
Integration of Demand/Supply into the Department or Business Area

of the Company
After the tasks of Demand and Supply have been outlined, the question arises as to how
the Demand/Supply function should be integrated into the company? There are three dif-
ferent types of integration according to Brenner et al. [7] (note: department and business
area are used as synonyms below):
• Business area-integrated
• Decentralized-coordinated
• Enterprise-wide centralized
As can be seen in Fig. 5, there is no dedicated IT Demand organization in the “depart-

mental IT” since it is directly anchored in the respective business area. However, when
considering the tasks of Demand IT, it is also clear that many IT-specific tasks such as
controlling and coordinating requirements are directly carried out by the department.
This often leads to the fact that the IT-typical governance functions cannot be sufficiently
fulfilled by the department and therefore have to be found again in the Supply branch,
where they actually do not belong.
In “Decentralized Demand-IT”, the demand tasks are taken over by dedicated IT
demand functions for each business unit. This is an ideal implementation of the demand/
suppy concept with demand managers or DIOs (Divisional Information Officers) per
demand function, which are directly assigned to the business units. However, the ques-
tion arises as to how the demand branch is managed and where the CIO is integrated as a
leadership institution. Often, the CIO is the central IT governance organization above the
Decentralized departmental IT Decentralized Demand IT Central Demand IT
Business
division
Demand IT
Supply IT
Fig. 5  Variants of the organizational design of Demand IT

203
demand branch. Then the CIO is the superior in terms of content and the business unit
manager is the superior in terms of discipline of the demand manager or DIO.
In the third variant, the “Central Demand-IT”, there is a central demand unit for all
business units. One speaks of a so-called centralization of the demand-IT according to
the principle of activity, since identical activities, such as requirements management or
supplier management, are carried out centrally for all business units. In the case of the
supply-IT, one speaks of the object principle instead of the principle of activity, since
here one is centralized according to an object (for example, according to competence
centers for ERP, CRM, etc.). With the company-wide centralized demand-IT, the ques-
tion of leadership also arises? This is taken over by a group CIO or possibly even a CPO
(Chief Process Officer) in this case, if the demand-IT is very closely oriented towards the
business.
The Roles and Interfaces between the Department, Demand and Supply

As just shown, a clear definition of the interfaces between the main actors department,
demand and supply is a key success factor. It is particularly important to clearly separate
the tasks between the department and the demand-IT, which can be carried out by means
of a new role concept based on three essential actors:
• Application or System Owner

• Process Expert
• Process Owner
Of these three functions, the two process roles are to be located in the specialist depart-
ment as an expert and owner, and the application or system owner is to be found in IT in
the demand branch as demand manager. Table 2 is used to define the roles concretely and
to demarcate them from each other.
These roles are very strongly business-oriented and show the new self-image of IT in
the demand branch: towards more entrepreneurial roles that think and act entrepreneuri-
ally, that know and understand both sides (department and IT) customer-oriented.
The Supply-IT
After it has been discussed in detail how the demand-IT is to be set up organization-
ally, this should now also be done for the supply-IT. The supply-IT is more technology-
oriented and is therefore usually led by a CTO (Chief Technology Officer), sometimes
also called Supply-CIO. A key feature of the supply-IT is the necessary orientation to
clear service management standards. Not the pure technology administration and support
is the guideline, but the “IT factory” of the supply, which serves the demand from the
demand in a market-oriented manner, which is organized according to clear rules.
Table 2  Task definition and demarcation between application owner, process owner and process
expert
Application Owner Process Owner Process Expert
• Technical responsibility for • Functional responsibility for • Functional expertise of the
the application the application processes belonging to this
• Development planning and • Decision on the implementa- application
conceptual architecture tion of requirements in the • Create specification (formu-
decisions application lation of requirements and
• Create specification • Release of applications after necessary changes)
• Project manager for new new installations • Functional tests of applica-
installations or upgrades tions during new installations
and control of HW and SW • First point of contact on
supplier (project planning, the specialist side for the
implementation, escalation) application for functional,
• First point of contact for functional questions (2nd
the application for technical level support for users and
questions (2nd level support How-to-questions)
for technical problems)
• Responsible for the applica-
tion budget including clari-
fication of licenses, SW and
HW costs
 ITIL: A Short Definition
ITIL stands for “IT Infrastructure Library” and was originally developed in the 1980s
by British authorities as a kind of collection of “best practices” for planning, monitoring
and controlling IT services. ITIL is particularly suitable for IT service providers, but by
now it has become an indispensable standard in almost all companies and is continu-
ously developed and updated by users, manufacturers and consultants.
When we talk about service-oriented IT or supply today, it is actually always about the
best practices from the ITIL toolkit. We are talking here about IT services that—starting
with the internal performance in the supply up to the customer interface in the demand
and in the department—have to be looked after throughout the service life cycle on the
basis of ITIL in the supply branch.
The ITIL-based IT Service Management has become such a powerful, but also impor-
tant instrument that there are numerous books as well as instructions and documentation
on the Internet. Therefore, ITIL and the design of the supply with best practices are not
explicitly discussed. This would also exceed the scope of developing an IT strategy.
It is only important in this context that the supply branch provides market-oriented
services to the demand branch, which are carried out on the basis of clear service level
agreements (SLAs). Only in this way can the performance be carried out and controlled
according to precisely defined rules in functionality, costs and quality.
205
Even though ITIL is currently a “quasi-standard”, responsible IT managers, CIOs or

CTOs should not only rely on ITIL, but should also take a look at the criticisms of ITIL
by Prof. Brenner et al. [5], p. 61 ff.:
• In practical terms, ITIL is currently only used in the more operational service support
and partly in service delivery. This means that for the development of the IT strat-
egy, ITIL does not represent a complete process or organizational model for the entire
internal IT, but only a collection of best practices for selected areas of the IT organi-
zation, such as service support. Areas such as application management, infrastructure
management and the entire business perspective are not or only very inadequately
represented in ITIL.
• ITIL focuses on describing “what” should be done to implement service-oriented
management processes; the “how” of implementation is only inadequately considered
in the original ITIL, although there are now many providers of implementation-ori-
ented process models that build on ITIL.
• ITIL is a generic model and does not contain any industry- or company-specific infor-
mation. This means that the adaptation of the best practice collection to the respective
company always has to be done individually and that the best practices should not
be taken over 1:1. There is also no differentiation of the application between small,
medium-sized and large companies, although this would certainly be very helpful.
Because not every medium-sized company needs the complete best practice collec-
tion, but could often work better and more efficiently with “trimmed” ITIL modules.
Introduction of the Demand/Supply Organization at Produktio weltweit

GmbH (Example)
After the explanations and definitions of the Demand/Supply concept, it should now
become more practical and, using the example of Produktio weltweit GmbH, it should be
checked how the Demand/Supply concept can be implemented.
Based on the variants of the organizational design of the Demand-IT (see Fig. 5), it is
checked which of the three variants (decentralized Demand-IT, centralized Demand-IT
or Demand and Supply under one leadership) is best for the Produktio weltweit GmbH.
The “decentralized Demand-IT” looks for the Produktio weltweit GmbH, as shown
in Fig. 6. The departments such as finance, human resources, logistics, etc. are repre-
sented in the left bar. Now the interface to the Demand-IT, which provides three demand
managers for the five departments, is exciting. Due to the similar or same applications,
the departments of finance and human resources as well as procurement and sales were
combined in one demand responsible. This demand responsible has direct contact to
the supply managers who are responsible for the applications in the competence centers
(CC). In addition to the three competence centers for the applications, there are two more
CC, which are responsible for operations (IT operation/data center) and infrastructure/
security.
Departments Demand-IT Supply-IT
IT Management / CIO CTO Office

Office
• IT strategy • Service management
• IT controlling • IT Provider Management
• IT
Requirements Management
Finance / Controlling / Competence Center

Accounting (CC) FI/CO/HCM
Demand Manager
FI/CO/HCM
Personnel /
CC WM/SD and MES
Administration
Demand Manager
Logistics / Production Logistics/Production CC QM/SD
Purchasing /
CC Operations
Quality Management Demand Manager
Purchasing / QM /
Sales
CC Infrastructure /
Sales
Security
Fig. 6  Example 1: Decentralized Demand-IT (Produktio weltweit GmbH)
For the Demand-IT there is a CIO as a management function, which reflects the cross-
sectional functions of the Demand-IT in his staff: IT strategy, IT architecture, IT con-
trolling and project management. For the Supply-IT, the CTO is responsible for service
management (specification of ITIL processes and standards for application develop-
ment and maintenance) and provider management. The Demand-IT is a purely internal
IT organization, whereas the Supply-IT has outsourced parts of the CC for application
maintenance in the SAP area and the data center.
Example 2: Centralized Demand-IT
The difference between the decentralized Demand-IT just introduced and the central-
ized Demand-IT shown in Fig. 7 is now interesting. The departments and the Supply-IT
are set up just like in the decentralized Demand-IT. In the Demand, however, there are no
direct Demand managers responsible for the departments, but there is a central Demand
area that is responsible for all departments and leads all CC of the Supply-IT. The central
tasks of the central Demand-IT are, like the individual Demand managers per depart-
ment, the requirements management as well as the cost-benefit analysis and the process
management, which in this example is carried out by the Demand-IT for Produktio welt-
weit GmbH. In many companies, process expertise is explicitly located in the depart-
ment, with the roles of process expert and process owner already presented. At Produktio
weltweit GmbH, the CIO is also CPO (Chief Process Officer), i.e. he is the first point of
207
Departments Demand-IT Supply-IT
IT Management / CIO CTO-Office

Office
• Service Management
• IT strategy, IT architecture • IT Provider Management
• IT-Controlling / Administrat

Demand management
Personnel /
CC WM/SD and MES
Administration
• Requirements management
(Change and request
management)
Logistics / Production • Process Management
CC QM/SD
• Cost-benefit analyses and
profitability analyses
Purchasing /
CC Operations
Quality Management
CC Infrastructure /
Sales
Security
Fig. 7  Example 2: Centralized Demand-IT (Produktio weltweit GmbH)
contact for all business processes of the company and is responsible for the optimization
and standardization of all processes in the company. In summary:
• In the decentralized Demand-IT there is a Demand manager per department who is

explicitly responsible for requirements and process management here. The advantage
lies in the direct support of the department. The Demand manager knows the needs
and requirements of this department very well and special applications are provided at
eye level.
• In the centralized Demand-IT there are no explicit Demand managers for a depart-
ment, but all Demand functions are responsible for the entire company. The advan-
tage lies in the creation of economies of scale through similar or identical applications
across departments.
The third example of the shared Demand/Supply branch with a CIO office is shown in
Fig. 8.
In the third variant, only the CIO has a leadership function. In his staff, he takes over
the cross-sectional functions of the CIO and CTO offices. The Demand-IT is set up
just like in the decentralized variant, i.e. direct interface of a Demand Manager to the
respective department. The Supply-IT Competence Centers are also controlled 1:1 by a
Demand Manager.
Departments IT Management / CIO Office
• IT strategy, IT architecture, IT controlling, IT project management

• IT Requirements Management
• IT Service Management
Demand-IT Supply-IT

Demand Manager
FI/CO/HCM
Personnel /
CC WM/SD and MES
Administration
Demand Manager
Logistics / Production Logistics/Production CC QM/SD
Purchasing /
CC Operations
Quality Management Demand Manager
Purchasing / QM /
Sales
CC Infrastructure /
Sales
Security
Fig. 8  Example 3: Demand/Supply with a CIO office (Produktio weltweit GmbH)
IT Governance: Role of IT and Guidelines and Rules for IT in the

Company
IT governance has the task of providing leadership and organizational structures as well
as processes that optimally support the company’s IT strategy. As a sub-area of corporate
governance, the design of IT governance lies with the company’s management and not
primarily with the IT responsible persons. A key task of IT governance is therefore to
define the role of IT in the company and to clarify the decision-making powers of the IT
responsible persons.
IT governance also has other functions that move in the area of compliance, for
example:
• Ensuring the security of all IT systems in terms of integrity, availability and confiden-
tiality as well as reliability (compliance with external requirements)
• Creating transparency—for example through strategic and economic evaluation of
projects—as a contribution to cost reduction in the IT sector
• The revision-proof structuring of the IT organization as well as the processes and pro-
jects according to general standards (e.g. ITIL, COBIT)
• Compliance with legal requirements
209
In the context of the fifth step, it is important that IT governance defines the role of IT in
the company and the IT roles (CIO and all IT management roles) in a clear way and thus
creates a framework that also takes compliance issues into account. This also includes
the definition of how IT should work in the form of committees that create and pre-
serve standards. The question of the involvement of top management and departments
in IT questions also belongs in this context, especially since this book wants to promote
exactly this topic of business-IT alignment.
The Role of IT in the Company
As already shown in the questions about the current problems of IT organizations at the
beginning of the book, IT in companies is subject to a great deal of change. No other
organizational unit has changed so much in recent years due to the ever-faster technology
life cycle. Always new technology hypes ensure that companies work even more effi-
ciently, processes are automated even more and information can be evaluated even better.
Of course, some technologies have now matured to the point where they can actually be
considered commodities according to Carr.
IT in companies is indeed often just where these commodities become manageable
in the sense of constantly and reliably available IT, similar to electricity or telephone.
This is the most basic role of IT in companies: ensuring IT operations, called business
continuity.
If that is achieved—and by now all IT organizations should have arrived there—then
it becomes exciting what role IT should play in the company in addition. There are very
pliable frameworks according to which the different types of IT organization are typified.
In this book, two of them will be introduced in more detail in order to determine the role
of IT in the company.
The first model for the classification of IT in the company comes from two profes-
sors from the USA, Ritu Agarwal and Vallabh Sambamurthy. In their article “Organizing
the IT Function” [1], they have typified three types of IT function, which are shown in
Table3 are shown. In addition to a description in column 2, which function the IT takes
over in the respective role in the company, the role of the CIO and his seat in the com-
pany management is also discussed (column 3). Finally, column 4 contains the consid-
eration in which company context this role can work best.
Another model of role typing of IT in companies is from Kienbaum in cooperation
with BITKOM in the study “IT organization 2016: Factor Human!” [22] emerged. There
are five different types of IT roles presented there, as they can be seen in Fig. 9.
The five roles of Kienbaum show very clearly the way the IT has to go in its develop-
ment phase: From the pure service provider, which ensures business continuity, to the
technology or even business innovator, which drives technical innovation and brings the
company forward. Most IT organizations (according to Kienbaum about 2/3) are still in
the role of the service provider today and take on the role of transformer of business
Table 3  The role of IT in the company (according to Agarwal and Sambamurthy [1])

Role Description/Strategic Role of the CIO and In which company
Positioning Responsibility in the UN context does this role
Management for IT work best?
Partner model IT is an active partner CIO reports directly to The company manage-
for business innovation the CEO ment has an IT back-
in the company ground or a deeper
understanding of IT
issues
Demand-IT in the busi- The business model
ness units (so-called requires constant inno-
“DIOs” = Divisional vation through IT
Information Officers),
which report directly
to the business unit
managers and the CIO
(matrix in IT: Functional
leadership by business
unit, disciplinary leader-
ship and sovereign IT
standards by CIO)
Platform model IT acts as a platform for The CIO does not report There are uniform IT
the provision of IT to directly to the CEO, but requirements across all
support the departments usually to the CFO or business areas
of the company in the COO
best possible way There is no explicit Very high IT back-
Demand-IT, but the ground in the business
connection to the areas, for example in the
department is made via high-tech sector
“Account Manager”,
who is responsible for
taking over the require-
ments and for the provi-
sion of IT services
Scalable model IT provides very scalable CIO reports directly to Strongly cyclical busi-
and flexible resources for the CEO ness models that need
the departments (sourc- IT supply is outsourced more or less IT depend-
ing model) to external providers and ing on the economic
only IT demand remains situation
in the company
The IT is closely linked
to the departments
through the pure demand
function
211
Role of IT
% of respondents for whom the IT organization plays the respective role
Business Innovator
49% Drivers of technologically supported business innovations
Technology Innovator
Business focus
49% Driver of technical innovations
Business Process Engineer

57% Drivers for standardization & optimization of business processes
Business partner
74% Transformer of business requirements into IT solutions
Service provider
88% Responsibility for the smooth running of IT
IT focus
Fig. 9  Roles of IT (according to Kienbaum)
requirements into IT solutions. However, just slightly more than half of the CIOs sur-
veyed in the Kienbaum study already take on the role of initiator of standardization and
optimization of business processes. And almost half of the respondents have already
made a name for themselves as a technology and business innovator, who actively brings
fresh innovation into the company.
The Kienbaum study shows very impressively that IT does not only play one role in
the company, but in almost all cases many different roles in everyday life. Nevertheless,
one role always crystallizes out as decisive and these order models provide a transparent
framework to look at where the IT is currently located and where it wants to go. There
is always a difference between the actual role and the desired role and it is this gap that
needs to be closed.
In addition, there are always different perspectives on the role. For example, while
the management sees the role of IT as a service provider, the CIO sees himself as a busi-
ness innovator. Then the difference in role understanding is great and trouble is pre-pro-
grammed. Therefore, it is very important for success—not only for that of the CIO, but
for the entire IT organization—to align perspectives and discuss the right positioning of
IT with the management. The development of the IT strategy is an ideal starting point
to discuss the role of IT in detail and to define a common way to its desired role in 3–5
years.
The Role of IT in the Produktio weltweit GmbH
What role does IT play in our example company? Based on the just-cited study by
Kienbaum, the focus would be on the service provider role with relatively little share in
the areas of business and technology innovator. This is because IT is still very tradition-
ally managed as a department in the finance sector on the basis of cost or budget guide-
lines and is mainly shaped by the finance sector. With the switch to the demand/supply
structure, however, the role will change gradually. Through the demand branch and the
demand managers, a closer relationship will be built up with the specialist departments
and they will be able to hold the IT more accountable. This creates a desired and positive
tension that slowly brings the IT into the driver’s seat. It is also important in this context
that the management of Produktio weltweit GmbH together with the IT managers con-
sider what role the IT should play in 3–5 years and what needs to be done on the way
there.
It is also essential to consider to whom the IT will report in the new Demand/
Supply construct in the future, or where the IT organization will be integrated into the
company. So far, it has been the divisional manager of finance who has been respon-
sible and responsible for IT as a department. In the Demand/Supply organization, IT
can now become an area on an equal footing with the finance department and other spe-
cialist departments, or a staff unit. The staff unit would facilitate the pursuit of strategic
approaches, but also entail a greater distance from the specialist departments. However,
this is precisely what is to be prevented, which is why IT could be integrated as its own
department. The advantage of its own department would be that it acted on an equal foot-
ing with the other specialist departments, which would be very contrary to the Demand/
Supply concept. That is why the Production world wide GmbH chooses exactly this
approach of the IT organization as a department in the form of a Demand/Supply organi-
zation for the production.
The question remains as to whom the IT reports to the management. In the manage-
ment there is a managing director as a speaker with a more strategic orientation than
the CEO and an operational managing director who is responsible for the technology as
the COO. The commercial manager of the Production world wide GmbH is not in the
management, but also structured as an area to which IT has reported so far. This is no
longer possible now that IT has become an area itself. Due to the fact that IT is to move
closer to the specialist departments through the demand and because the company wants
to bring many technical innovations to the market, it makes sense that the direct contact
person of the managing directors Technology/COO is.
Once it has been clarified who, as Direct Report, leads IT and thus the CIO from the
management (here the GF Technology/COO), the question arises as to who is respon-
sible for digitization. IT must first take the step towards a Demand/Supply organiza-
tion. But it should already be clear on this way which responsibilities for digitization are
taken over. According to the perspective presented in Chapter 1, a distinction is made
213
between Industry 4.0 as process optimization and product or business model innovation.
As already established, it also makes sense for the Production world wide GmbH to posi-
tion IT as a driver for process optimization in the sense of Industry 4.0. The topics of
product and business model innovation are the responsibility of Marketing/Sales at the
Production world wide GmbH.
For IT in the new Demand/Supply model, this means that the Demand Managers for
Logistics/Production will also assume Digitalization tasks in the direction of Industry
4.0. This responsibility initially refers to the role of a close sparring partner with the pro-
cess experts of Production/Logistics in terms of process optimizations for Industry 4.0
applications and in the next step to concrete projects such as the introduction of predic-
tive Maintenance or the linking of production lines by new MES functionality. In this
way, the Demand Managers Production/Logistics can very well develop into the drivers
of Industry 4.0 approaches and promote the topic of digitalization at Produktio weltweit
GmbH.
The Role of the CIO in the Company
After the role of IT in the company has been discussed and examined in more detail, the
reporting line in the form of the superior of the CIO has also been illuminated, the ques-
tion arises as to the role and task of the CIO in the company.
First of all, it should be mentioned that in the following the role of the CIO is used
synonymously with the also common terms in the market of the IT manager, the CTO
(Chief Technology Officer) or the EDV manager. As we have seen in the context of
the development of Demand/Supply structures, there is a difference between CIO and
CTO, since the CIO leads the Demand branch and the CTO leads the Supply branch
as “IT Factory”. This differentiation is important for the Demand/Supply structure, but
here we are talking about the person who reports directly to the management and that
is usually the CIO or the IT manager. It should also be mentioned that, in the context
of the Demand/Supply structure, the CTO reports to the CIO and the CIO in turn to the
management.
What are the main tasks of a CIO? Analogous to the cross-sectional functions as they
are described in the Demand/Supply construct, these are mainly the following areas:
• IT strategy (alignment of business and IT strategy, strategic orientation of IT)

• IT architecture (creation of standards and economies of scale within the framework of
zoning plans)
• Leading the IT organization (IT leadership and governance)
• Management of external suppliers (provider management)
• Portfolio planning and prioritization
• Risk management and IT security
In addition to this list of main tasks of a CIO, three roles can be distinguished, which are
accurately represented on Wikipedia and introduced in Table 4.
The approach presented in Wikipedia very nicely shows the transformation of the
role of the CIO from technician (“Run the Business”) to IT manager on an equal footing
with the management, who not only masters the technology, but also knows the busi-
ness and can therefore use IT even more efficiently as an innovation engine (“Change the
Business”) or even for the purpose of actual value enhancement as a strategic consultant
(“Engineer the Business”).
As already described, the CIO is on a direct path from the “technical implementer” to
the demand and information manager, who is seen as a partner of the business. This also
changes the role of the CIO in the overall context of the company. The Table 5 shows,
based on Brenner [4], this change in the role of the CIO very clearly once again.
The role of Chief Digital Officer (CDO) has emerged in many companies as a result
of digitalization. This role is responsible for steering all digitalization activities of a
company.
In particular, the question of interface to the CDO or task allocation arises for the
CIO.
For Produktio weltweit GmbH, the topic of Industry 4.0 would be ideal in this con-
text. This makes a lot of sense, especially since the CIO reports directly to the COO or
Managing Director of Technology and thus fits in perfectly with Industry 4.0. The Head
of Marketing/Sales is responsible for product and business model innovation. Here, the
CIO can position himself as a service provider for the technologies to be used and thus
further strengthen the IT position in Produktio weltweit GmbH.
Committees in IT
The setting up of committee structures is a key component of IT governance. The inter-

actions between demand and supply are already complex in themselves, and on top of
that there is the interface between the business unit and demand. A control and manage-
ment of this complex structure is only possible through clearly structured committees.
Typical committees in such IT organizations are shown in Table 6 with a description,
the respective goal and the members.
In addition to the committees shown, there are many other, useful committees within
the demand or supply branch or within the CIO or CTO office. As an example, the PMO
(Project Management Office) or Program Management Team may be mentioned here. It
has the following tasks:
• In many organizations, a PMO (Project Management Office) ensures that project

managers develop uniformity with regard to
• Terminology and glossary
• Methods used
215
Table 4  Three possible roles of a CIO (taken from Wikipedia [6])

Role Description of the role
“Run The Business” The basic tasks of an IT responsible: Ensuring the smooth operation of the
IT system and the support of the IT infrastructure. Due to the high depend-
ency and the influence of the IT on all other company areas, the guarantee
of the functionality of the IT system in the company is to be seen as a
basic task. This also includes that the IT system meets the requirements
of the users in terms of quality, service and availability. The CIO has to
coordinate and lead the use of technology capacities in order to improve
the operational processes and service processes. He is also responsible for
promoting the flow of information across companies and for the inter-
twining and data sharing within the company. At the same time, however,
it is also important to ensure the protection of data of each individual.
In general, the security of the entire IT system must be guaranteed at a
high level. He is therefore responsible for providing a reliable and secure
information technology system, which allows an efficient operation of the
business. This is particularly important in order to build trust in the IT and
to create transparency. All this has to be provided by the IT department at
reasonable costs
“Change The The CIO has to show the possibilities of modern ICT for the company and
Business” continuously drive innovations, so that the existing improvement potentials
(Innovation can be exploited. For this purpose, he has to observe the current develop-
Management) ments of potentially relevant technical innovations and then assess their
importance for the company. He then has to give the impetus for new tech-
nology projects. It is also the task of the IT manager to find the right tim-
ing for the introduction of technical innovations. All this has to be adapted
specifically to the own company, so that technical innovations can actually
be used value-adding. Subsequently, the right use of new technologies has
to be supported and monitored. He has to consistently integrate new, value-
adding technologies into the existing company portfolio
“Engineer The The IT manager is jointly responsible for the efficient design of the
Business” (Business company. He analyzes different options for the company based on IT.
Efficiency For example, the value retention of individual areas or processes in the
and Strategic company can be determined or the potential value added by new options.
Consulting) This can contribute to “Make or Buy” questions. For this, a CIO needs to
know the structures and relationships in the company well. He therefore
has a consulting function for the management. For this he needs exten-
sive understanding of the current market trends. He identifies opportuni-
ties for a competitive differentiation, so that future business areas can be
identified for the company. The existing sales and distribution channels
can be revised or newly developed if necessary. This allows him to show
future technology directions and priorities that are important for the value
enhancement of the company. The development and adaptation of IT strat-
egies must always be carried out in accordance with the corporate strategy,
whereby it is just as possible that business strategies only develop or refine
due to new ICT potentials. The necessary strategies, information, experi-
ences, methods and IT support must be made available for implementation
in the respective areas
Table 5  Change in the role of Old role New role

the CIO (Brenner et al. [4])
Technology-oriented Business process-oriented
IT as content IT as a means to an end
Technology-qualified Leadership-qualified
Specialist Generalist
Thinking in costs Thinking in results
Internally oriented Externally oriented
Knows technology Knows technology and business
• Forms, templates, tools

• Communication and reporting
• Other elements of project management
Responsibility for Process Management in IT or in the Department?
In most cases it is so that the process sovereignty lies with the department, since the pro-
cesses are the actual production factor of the departments. It is important here to differ-
entiate the companies according to the industry. With manufacturing companies from the
automotive or chemical environment, the processes in the departments are so extremely
important that they would never be outsourced to IT. Whereas in very IT-related indus-
tries, such as telecommunications or IT providers, the processes are sensibly accom-
modated in the corporate IT. Process sovereignty in IT or department could also be
imagined in the financial services industry, since the processes are now so automated that
they are best controlled by IT itself.
It is important in this context to delimit the responsibility between demand and
department. What exactly does process sovereignty mean for IT or department? What
does the department still decide for itself and which competences does IT have? This is a
large area that must be defined very precisely and individually.
Local versus Central Tasks of IT
In large corporations and companies that operate their own IT departments in branch
offices, the question inevitably arises: “Which IT tasks are centrally managed by the cor-
porate or group IT and which IT tasks can or should be decided and carried out locally?”
How is the differentiation between local and sovereign IT tasks of the headquarters
made in a demand/supply context? First, it seems to make sense from a business point
of view to centralize the operation and application development, the so-called “factory”
in the supply, in order to achieve economies of scale. The demand branch is typically
Table 6  Committee structures in IT
Committee Description/Frequency Goal Members
Architecture Committee Committee that sets and constantly Creating a uniform standard archi- • CIO
reviews architecture guidelines and tecture with economies of scale for • CTO and possibly CC Manager
standards the entire enterprise in Supply
1 per month • IT Architects
• Demand Manager (as needed)
• Department Heads (as needed)
Project Committee(s) Committee for controlling, leading Project status reports in order to • Project Manager
and escalation of projects take early measures and decisions • Department Responsible
The status of projects (time, budget, for the smooth implementation • Demand Manager
quality) is reported by the project • Supply Experts (as needed)
manager and measures are taken • CIO/CTO (as needed and size of
for the smooth implementation of the project)
projects
Demand Management Board A body for receiving, evaluating Transparency with respect to the • Demand Manager
and prioritizing requirements or current requirements or change • Business area responsible per-
change requests in the demand requests as well as, above all, sons (process experts and process
branch of IT evaluation and prioritization in a owner)
The frequency is strongly depend- body in which IT and the business • CIO
ent on the amount of new require- area decide together • IT architecture
ments or changes and the maturity
of IT; a cycle of 2 or 4 weeks
makes sense, in times of large roll-
outs also every week
(continued)
217
Table 6 (continued)
218
Committee Description/Frequency Goal Members

Portfolio Management Board A body for controlling and receiv- The goal is the joint evaluation • CIO/IT manager and CTO
ing projects in the IT portfolio and monitoring of projects in the • IT architecture
Every 2 or 4 weeks, depending on IT portfolio between the busi- • Business areas
the project situation of the company ness area and IT. In contrast to • Responsible persons
the project committees, this is not • Demand Manager
about controlling and escalation of
current project situations, but about
the overall evaluation of all projects
in the company with regard to ROI,
risks, dependencies and cost-bene-
fit aspects.
Provider Management Board Committee for controlling the The goal is to create transparency • CIO and CTO
(Sourcing-Governance) providers/IT suppliers about the services of the providers • Supply Manager
Cycle depending on need between 2 or IT suppliers; current problems, • Demand Manager
and 4 weeks new requirements or change • IT Provider-manager
requests are discussed internally. • IT-Controlling
The committee can also take place • Possibly the providers themselves
with the provider, depending on the (depending on need and project
project situation situation)
Step 5: IT organization and IT governance
219
not only structured according to the departments in the headquarters, but there are also
demand managers in the branch offices or local factories in and outside of Europe.
Therefore, there must be a clear definition of minimum standards that must be adhered to
globally and that serve as guidelines for all demand managers.
It is important that the cross-sectional tasks of the CIO and CTO office remain in the
corporate IT. This means that there can only be such tasks once in the entire company
and that no decisions can be made in branch offices or global factories. The following is
a list of the cross-sectional functions and departments of a corporate IT in the CIO and/
or CTO office:
• IT strategy and IT architecture

• IT controlling
• IT service management
• IT provider management
• License management
• IT security
Line versus Project
IT organizations are always project organizations as well. Since in most cases the project
organization leads a life in the shadow of the actual IT organization with the disciplinary
responsibilities, there is often a struggle for competence due to unclear responsibilities.
The differentiation between professional and disciplinary responsibility is only one
issue. Another issue in this context is the “loan” of employees from the disciplinary
line organization to a temporary project organization. Here, it very often leads not only
to problems between project manager and disciplinary superior, but also the project
employees suffer from unresolved conflicts on other levels.
This sketched everyday problem corresponds to the most common so-called line-cen-
tered IT organization. In contrast to this, there is the project-centered IT organization,
which is opposed to the line-centered organization in Fig. 10.
The line-centered IT organization is characterized by a clearly structured, often func-
tional organization form. Due to this imprint, the line responsible have more power
than the project manager and see their daily business as priority over the temporarily
created projects. Projects are mostly organized across lines, but the coordination of pro-
jects across line boundaries is always very difficult for the project manager due to the
rule of the line. A pronounced project culture cannot develop under these circumstances,
since every employee rather orients himself to his line organization in order to be able
to make a career in the long run. The topic of personnel development and qualification
is also more strongly shaped by the line in such cases. Not so much attention is paid to
temporary project knowledge, but rather to the own specialization of the line organiza-
tion. The responsibility for the projects lies with the line responsible, who commission
Line-centric Project-centered
IT organization IT organization
Project Line
Line Provision Project
ne tasks are resource of
Have Li er Projects oned and s Orientat
ov commissi by the line Qualificat for projects io
overarch n towards
Priority sks ed personne ion and
ta
project isional Project manag ment is through ing goals
manage developml Project
iv
Cross-d missing Project ate to line Vs. portfolio
o l is su b o rdin a view to ent with Project management
contr pronounced ment projects future w
Slightly lture manage Strongly ork has priority
cu
Project tion and Project cupronounced
a nt Cross-p lture
Qualific el developme lopment ro
n Resourc ject
Person ew to line deve e
a vi (matrix) Management
with
Fig. 10  Line- vs. project-centered IT organization
and monitor the projects. The project manager is therefore always subordinate to a line
responsible.
The project-centered IT organization is characterized by the fact that the line with
the daily business is not in the foreground, but the advancement of IT projects. For this
purpose, cross-departmental coordination is given in the form of project management
offices that are directly affiliated with the CIO. Here, the prioritization, evaluation and
commissioning of IT projects takes place with the support of project portfolios (see Step
6: Project Portfolio Management in detail). Business-IT alignment is in the center of
such organizational forms and is forced by projects with the departments. The line organ-
izations provide the personnel for the projects and coordinate and ensure the balance
between line tasks (daily business) and project tasks. Qualification and personnel devel-
opment is strongly oriented towards large project plans and is derived from the needs
and requirements of the department. In large projects, it is important that the project or
program manager is independent of line decisions, so they are often directly subordinate
to the CIO in a kind of project pool.
Developing a Personnel Strategy for the IT Organization
Determine Necessary Skills and IT Human Resources for the Internal IT

Organization The development of a personnel strategy for the IT organization com-
pletes Step 5. The question is: “How can the company place IT employees with the right
skills and potential in the right positions and how can it win and bind new ones?”
221
Necessary Decisions
The highest priority in personnel decisions lies in the correct placement of IT manage-
ment positions. This is important because IT management has the multiplier function
for the implementation of the IT strategy. IT managers must fit the IT strategy in the
sense that they represent it in front of subordinate employees and, through the IT strategy
cockpit to be created in Step 7, constantly work on keeping the strategic goals in focus
and implementing them. The function of the decision-maker for the selection and devel-
opment of IT employees is also subject to the leadership. They have the task of find-
ing, promoting and, if necessary, making decisions against IT employees who fit the IT
strategy.
The second most important decision is therefore in the just mentioned group of IT
employees in key positions for the implementation of the IT strategy. If, for example,
a result of the IT strategy is the outsourcing of IT infrastructure and IT operations from
step 4, then the tasks of the employees who have been working in this area so far will
change considerably. In many cases, these IT employees are even “transferred” to the
provider in the outsourcing contract. They now need other skills: For example, experi-
enced IT managers who can control the new provider, design the processes and inter-
faces to the provider transparently and optimally, or who are predestined by a more
commercially oriented background for the control and monitoring of SLAs, key figures
and billing prices.
The study “IT Organization 2016: Factor Human!” by Kienbaum in cooperation with the
BITKOM as background information on the personnel structure in German IT organizations
How personnel structures could look in an optimal way is shown by a study by Kienbaum in coop-
eration with the BITKOM called “IT Organization 2016: Factor Human!” [22] According to this
study, many companies have to rebuild their IT personnel structures considerably in order to be
prepared for future challenges. Currently, an IT organization is still dominated by application
developers and IT operations specialists (approx. 18%), according to Heinevetter, who initiated
this study as Kienbaum’s responsible person. IT governance is only 10%, while IT demand func-
tions are only 13%. However, these last two functions are essential for the control of the IT organi-
zation in the future.
“The importance of the classical IT supply functions decreases in the course of the industriali-
zation of the application landscape and the targeted use of standard solutions. Instead, employees
in the steering and coordinating functions such as IT governance and IT demand management are
required with pronounced business competence, because they are IT professionals who understand
how IT can best support the entire company,” says Thomas Heinevetter, Director at Kienbaum
Management Consultants and Head of the Study. [2]
Only 40% of study participants from IT departments of medium size and only six percent of
the surveyed employees in large IT organizations, according to the study authors, are satisfied with
their own competence in the field of IT governance. In the case of IT demand management, a sat-
isfied third in small and medium-sized companies is only 13% in larger organizations. “The gap
between the required and the actual skills of employees becomes more critical because governance
and demand are the areas that will need to build up staff in the future. This creates the question
for companies of how they can close the skills and competence gap as quickly as possible,” says
Heinevetter. [2]
Of the surveyed CIOs, 79% see the greatest need for competence building in the area of
change and transformation management. Through the integration of IT and business pro-
cess management, 77% of study participants would like to contribute to the optimization
and standardization of business processes.
Needs Planning with the “gap analysis”
The bottleneck or gap analysis serves to assess and optimally fill IT personnel in the IT
organization and is based on three phases, which are carried out in the following. They
are provided with a fictitious example to make the phases more transparent.
Phase 1: What are the Most Important Positions?

In the first phase, it is about rating each currently occupied position in the IT organiza-
tion. The criteria for this are:
• very important (1)

• important (2)
• less important (3)
As can be seen in Fig. 11, only a few positions in the Production World Corporation
are rated here as an example. As can be seen in the Kienbaum study, the positions that
are important for the future orientation of IT are also highly rated in our example: This
includes, for example, the demand manager or the CIO; However, the expert storage for
the data center has been rated as “less important” because the data center has been out-
sourced to a provider at the Production World Corporation and these activities will no
longer be needed in the future because the provider takes over. This also shows that in
Site Rating
CIO - very important
Head of Project Management - important
Demand Manager Logistics/Production - very important
Application developer portals - important
Expert storage for data center - less important
Consultant Project Management (Project Manager) - important
Fig. 11  Personnel strategy—Phase 1: Rating of positions

223
Good employees Top performers

→ Hold & Reward → Hold & Promote
MA4
high
MA2
Employee performance
MA6 MA1
MA5
MA3
low
Weak employees Potential carrier

→ give notice if necessary → motivate
low high
Potential of the employee
Fig. 12  Personnel strategy—Phase 2: Classification of employees (Portfolio)
this first phase it is not about the person behind the position that is being rated, but only
about the position.
Phase 2: Who are the Best Employees in the Company?

Now, instead of rating the position as in phase 1, it is actually about ranking the people
in the IT organization. There is a so-called classification of employees using a portfolio
analysis with the axes potential (X-axis) and performance (Y-axis).
As shown in Fig. 12, the portfolio consists of four quadrants with a number of
descriptions to which the employees should be assigned:
• Top left: Good employees → Keep & Reward

• Top right: Performers → Keep & Promote
• Bottom right: Potential performers → Motivate
• Bottom left: Weak employees → Possibly terminate/transfer
For example, Fig. 12 shows how MA1 and MA2 are classified as performers, while MA5
is on the verge of a good or bad rating because his performance seems to be very vola-
tile. In such cases, it is often helpful not to make such a portfolio analysis alone, but to
involve other managers.
Employees Rating
Hans Meyer (MA1) - Top performer
Franz Mustermann (MA4) - Good employee
Annette Schmidt (MA3) - Potential carrier
Juliane Musterfrau (MA5) - Weak employee
Daniel Düsentrieb (MA6) - Good employee
Marianne Senior Expert (MA2) - High performer
Fig. 13  Personnel strategy—Phase 2: Rating of employees
In the next step, the employees still anonymously classified in the portfolio analysis
are clearly displayed in a table with full name and their ranking or rating (see Fig. 13).
Note: The full name can already be used in the portfolio analysis. In this example this
was not done in order to have an evaluation which serves data protection and can also be
used for a first discussion with other executives or the works council. With regard to the
assignment, the full name is added in brackets to the previous MA designation.
Phase 3: Fit-/Gap-Analyse between Job Requirements and Employee

Performance Level: Are the High Performers in the Right Positions?
In phase 3, the two previous phases are now brought together and an evaluation is carried
out, i.e. the bottlenecks or gaps are finally shown with the goal: “The high performers in
the most important positions!”
The table shown in Fig. 14 contains the following columns (with a description of the
content and the rating):
• Location (all locations shown in phase 1)

• Employee (all employees from phase 2 who are currently sitting on the respective
position)
• Rating Location (The rating of the position from phase 1)
• Rating Employee (The rating of the employee belonging to this position from phase 2)
225
Fit-
Rating
Site Employees Rating place /Gap Measure
employees
Analyse
Hans ① - very ① - Power

CIO None
Chefchen important carrier
Head of
Franz ② - Good
Project ② - important None
Mustermann employee
Management
Annette ① - very ② - Potential MA

Demand Manager
Demanding important Performer develop
MA
transferred
Juliane ① - very ③ - Weak to less
Supply Manager
Sample important employee important
Woman job/ resign
Data center Daniel ② - Good

② - important None
manager Düsentrieb employee
MA
Expert Sys12
Marianne ③ - less ① - Top hock
(legacy system
Senior Expert important Performer on better
to be replaced)
terms
Fig. 14  Personnel strategy—Phase 3: Fit-/Gap-Analysis (Position/Employee)
• Fit/Gap Analysis (here the evaluation takes place to what extent the rating of the posi-
tion fits the rating of the employee; There are three possibilities:
– Arrow up: Rating position fits exactly to rating employee
– Arrow to the right: either rating position or rating employee does not fit;
– Arrow down: Rating position and rating employee do not fit)
• Measure (this column serves the direct derivation of measures from the fit/gap analy-
sis. Possible measures can be:
– MA promote (if rating position is lower than rating employee)
– MA move to less important position, possibly terminate (if rating employee is very
bad)
– MA move from better position (if rating employee is good, but rating of position
does not fit his skills)
– No measure necessary (if rating position and rating employee fit)
Work Questions and Implementation Step 5
It should be checked in the following whether your IT organization should remain set up
in this way or, for example, be transferred to the presented demand/supply construct. In
addition, the question of the role of IT in the company and the role of the CIO is in the
focus: Where should it go and which governance instruments and structures do you need
for this?
Make Basic Assumptions for the IT Organization
In the first step, in Worksheet 1, it is considered which organizational form is best for
your company and which departments, groups or teams you definitely need to implement
the application strategy and sourcing strategy from steps 3 and 4.
Worksheet 8.1 Making Basic Assumptions for the IT Organization
Does one of the four organizational forms presented fit your company (see Fig. 6.1)?
Does the demand/supply concept make more sense for you or do you want to build IT
according to PLAN/BUILD/RUN?
Your ideas for the design of the IT organization
Absolutely necessary departments (see example in figures 6.2 ff.)

227
Build a Demand/Supply Organization
Worksheet 8.2 Demand/Supply structure for your company
Please create a sketch of the demand/supply structure for your IT organization and check
whether it makes sense to fit it into the company.
Departments and/or functions of the Demand branch
Departments and/or functions of the Supply branch:
CIO Office Responsibilities:

Questions on IT Governance/the Rules of the Game
Role of IT in the Company
Worksheet 8.3 The role of IT in the company
How would you classify the current role of IT in the company based on the role model
shown by Kienbaum below?
Where would you see the role of IT in 5 years?
What is the current role of IT and why is that?
Where do you see the role of IT in 5 years?
What will it take for you to actually achieve the innovator role model shown below
in 5 years?
Role of IT
% of respondents for whom the IT organization performs the respective role
Business innovator
49% Drivers of technology-based business innovations
Technology innovator
49%
Business focus
Drivers of technical innovations
Business process engineer

57% Drivers for the standardization & optimization of business processes
Business partner
74% Transformer of business requirements into IT solutions
Service provider
88% Responsibility for the smooth delivery of IT
IT focus
229
Role and main tasks of the CIO
Worksheet 8.4 Role and main task of the CIO
This is about the clarification of the CIO's role, which directly follows the role of IT in the
company that has just been worked out. The basis for this is the three roles of the CIO
described in the book, which are shown below as a table ("Run, Change or Engineer
the Business").
What is the current role of the CIO and why is that?
Where do you see the role of CIOs in 5 years?
What will it take for you to actually achieve this CIO role model in 5 years?
For example, regular participation in board meetings, involvement in strategic issues, etc.
Role of the CIO Function
Run the Operational function ("technician image", who makes

Business sure that the IT works securely)
Change the The CIO as an innovation driver who always knows

Business what the latest technical innovations are that are useful
for the company and consistently introduces them in
the interests of the company.
Engineer the The CIO as an acknowledged part of top management,

Business on a par with senior management, with a strong focus
on strategic consulting and using IT not only to
innovate but also to add value to the business.
Committees in IT
Worksheet 8.5 Bodies in IT
Which committees do you need to manage the IT organization efficiently? Carry

Please enter the bodies in the table below.
Board Description / Frequency Destination Members
EXAMPLE: Committee, which defines Creation of a uniform CIO

the architectural guidelines standard architecture CTO and possibly
Architecture Committee
and -standards are set with economies of scale CC head IT architects
and constantly reviewed for the entire company Demand Manager,
Head of department
1 x per month
(as required)
231
Development of the Personnel Strategy with the “gap analysis”
Phase 1: Rating of the positions
Worksheet 8.6 Personnel strategy: Phase 1- Rating of jobs
Please list all jobs in your IT organisation and rate them in the column
"Ranking" according to the following legend: 1: very important | 2: important | 3: less important
Site Rating
Example: CIO / Head of IT very important

Phase 2: Classification of employees
Worksheet 8.7 Personnel strategy: Phase 2 – Classification of employees
Please do not rate the jobs now, but all persons or employees of your IT organization
(regardless of their job) in the portfolio below.
② Good employees Service provider ①

➜ Hold & Reward ➜ Hold & Promote
high
low
③ Weak employees Potential carrier ②

➜ give notice if necessary ➜ motivate
low high
Potential of the employee
233
Worksheet 8.8 Personnel strategy: Phase 2 - Rating employees
The following is an overview for deriving the rating just made in the portfolio. For this
purpose, all employees are now subjected to a rating according to the following legend: 1:
Top performer | 2: Good employee/potential performer | 3: Weak employee (for this, see the number
in the portfolio)
Employees Rating
Example: Hans Mustermann (MA2) Good employee (note: portfolio top left)
Worksheet 8.9 Personnel Strategy: Phase 3 – Fit/Gap Analysis
The complete overview with derivations: Now all jobs are shown with the employees currently on them.
The rating of the job as well as the rating of the employee is taken over from the previous worksheets
and then an evaluation is made in the column "Fit/Gap Analysis": Arrow up: rating job exactly fits rating
employee | Arrow to the right: either rating job or rating employee does not fit | Arrow down: Rating job and rating
employee do not fit.
Afterwards, measures are derived according to the following scheme: Promote employee (if rating of job is
lower than rating of employee) | Transfer employee to less important job / possibly terminate (if rating of employee is
very bad) | Transfer employee to better job (if rating of employee is good, but the rating of the job does not match his
skills) | No measure necessary (if rating of job and rating of employee match)
Fit/Gap
Site Employees Rating place Rating employees Measure
Analysis
Hans - Good MA
Ex: CIO - very important
Mustermann employee develop
Conclusion Step 5
The structure and design of the IT organization can be referred to as the personnel core
of IT. It is immensely important how IT is internally and externally facing customers,
i.e. departments and third parties, in particular suppliers or providers. With the Demand/
Supply concept, a modern organizational model has been detailed which can help to
establish business-IT alignment professionally and sustainably. This step 5 could have
gone “deeper” into the topic of IT processes in terms of ITIL, COBIT, project manage-
ment processes, etc. However, this would have exceeded the scope and there is already
enough good literature on these topics so that the reader can be encouraged to continue
235
reading if they feel that something is missing here. For the actual development of the
IT strategy, this approach is sufficient, but during the implementation of the IT strategy,
many questions will arise as to how to solve this or that issue. This can’t all fit into one
book and therefore references to further reading are given here.
It is important for the IT strategy to clarify the question of the role of IT and the CIO
in the company, because these questions are key factors for the successful management
of IT. If the role of IT or the CIO is not clear or everyone in the company understands it
differently, then it will not only be difficult, but almost impossible for the IT responsible
to successfully lead IT and all associated projects.
Your comments and questions on step 5:
Step 6: Implementation—The IT
Roadmap, Determination of the IT
Budget and the IT Project Portfolio
Abstract
In this sixth step, the implementation of the IT strategy begins. After the application
strategy has been defined and it has been decided which IT services will be provided
internally or externally by providers, the IT organization has been reviewed, put on
new legs and the corresponding governance structures have been set up. Now the
implementation of the IT strategy takes place in three stages:
1. Creating a roadmap that, based on the time horizon of approx. 2–3 years, shows
which projects in IT have to be carried out in the long term in order to implement
the IT strategy.
2. Determining the necessary budget and approval.
3. In addition, the creation or adaptation of an IT project portfolio is necessary in
order to be able to check at any time during the implementation whether all pro-
jects are economically sensible and meet the goals of the IT strategy.
Creating an IT Roadmap
The IT roadmap is to serve as a navigation aid in the implementation of the IT strategy,

providing a map of the terrain to be covered, which is in part still unknown. The IT road-
map maps out the projects and measures along the path to the completed IT strategy on
a timeline of approximately 3–5 years. The roadmap is used to prioritize correctly and
thereby helps to keep the focus in order to realize the IT strategy.
Roadmaps can be visualized in many different ways, for example as a network plan
(similar to a subway map in large cities), as a coordinate system, or simply on a timeline.
238 Step 6: Implementation—The IT Roadmap, Determination …
Tender for Data Center (sourcing)
Introduce IT controlling
Redefine roles & responsibilities
Personnel strategy: Detailed

needs and gap analysis
Introduction Demand/ Supply Roll-Out SAP Part 1
2014 2015 2016 2017
Fig. 1  Roadmap as a timeline (example)
For the sake of clarity and simplicity, we choose here the timeline, as exemplarily shown
in Fig. 1.
The creation of the IT roadmap combines two advantages:
• On the one hand, based on the results of the previous 5 steps, the collected knowledge
is reflected and mapped out clearly in the form of measure packages on a timeline.
• On the other hand, after completion, the IT roadmap provides a very good control
instance, because one can always look at it and check what is due when and whether
it is already done or not.
In the creation of the IT roadmap, two sections are now carried out, which are presented
in detail below.
Summarizing the Results in Measure Packages
Measures for Step 1: Current Analysis

The starting point is Step 1 with the current state analysis, in which the current state of
IT was developed as a maturity model (see Step 1 already processed for this). Based on
this, the target state is now being developed as a maturity model within the framework of
Creating an IT Roadmap 239
roadmap creation, that is, it is being determined in which areas improvements will take
place within the implementation of the IT strategy.
Again using the example of Produktio weltweit GmbH, the following fields require
an increase in the current state (see Table 1). These fields are mainly required in the area
of IT processes (project management, demand and service management), IT governance
(governance structures, sourcing strategy, roles and responsibilities) and finance with
regard to compliance and better IT controlling structures.
Figure 2 shows this target state by way of example (the target state is shown in dark
and the current actual state of the maturity of IT in light):
The reason why a 3 is considered sufficient as a maturity level in some fields while
others are supposed to have a 4 is due to the assessment of importance in the company.
In the case of the example company, it is precisely in the area of IT organization and
Table 1  TARGET-maturity of IT fields
Subject of investigation Points current state analysis Points target state analysis
IT processes
Project management 2 4
Demand Management 1 4
Supply Management 3 3
Service Management 2 3
Quality Management 4 4
IT Governance, IT Organization and
Employees
IT Governance Structures 2 3
Sourcing Strategy 1 4
Roles and Responsibilities 2 4
Business-IT Alignment 3 3
Employee Development 3 3
Technology
Architecture Management 4 4
IT security and business continuity 3 3
management
IT infrastructure and operations 3 3
Master data management 3 3
Software development 4 4
Finance
Optimal cost structures 3 3
IT controlling 2 3
Compliance 2 3
Project Management
Compliance Demand Management
IT Controlling Supply Management
Optimal cost structures Service Management
Quality Assurance and

Management
Master Data
IT Governance Structures
Management
IT infrastructure and Sourcing strategy

operations

continuity management Roles & responsibilities
Architecture Management Business/IT Alignment

Fig. 2  Target state of the maturity model
processes that there is still a lot to do. Since many applications are outdated and need
to be modernized or newly introduced, and there are many problems with the providers
in outsourcing, a very good maturity level must be achieved in these areas in particular.
Therefore, the topics of project management, demand management, sourcing strategy, as
well as roles and responsibilities are the fields in which the most work needs to be done
(partly from maturity level 1 to 4).
What are the right measures to achieve the maturity in the target? This is of course
an individual measure that depends on the company, the organization and the starting
situation. Therefore, only the example company is considered here. For Produktio welt-
weit GmbH, the measures, as shown in Table 2, are derived from the mentioned prob-
lem areas. It is important to realize here that there are often measures that came to light
in steps 3–5 anyway. Now, when creating the IT roadmap, it is important to make sure
that measures do not occur twice or multiple times, but are immediately subsumed in a
measure.
Measures for Step 2: Derivation of Challenges for IT/IT Vision

Step 2 serves the analysis of the starting situation at corporate level. At first glance, prob-
ably only few measures can be directly derived from the IT roadmap, as the challenges
for IT identified here should ideally be directly incorporated into the results of the appli-
cation, sourcing and organization strategy (step 3–5).
Table 2  Measures for step at Produktio weltweit GmbH

Subject of investigation IST → SOLL Measures
Maturity
Project management 2→4 • Trainings and certifications for all IT project manag-
ers according to e.g. GPM/IPMA or PRINCE2
• Definition of standard processes in project manage-
ment, which are valid for all IT projects and moni-
tored by a new instance (Abtlg. Project management
in the demand branch)
Demand Management 1→4 • Introduction of the demand/supply organization as
already foreseen in step 5 (caution: do not derive
duplicate measures, as step 5 will be elaborated in
detail below)
Service Management 2→3 • Introduction of ITIL best-practice processes for cer-
tain areas (within the given situation it was recog-
nized that there are especially problems in the area
of the hotline, so that at least the processes service
desk, incident and problem management have to be
introduced professionally)
• Trainings for the affected IT employees in ITIL
(ITIL Practioner o. ä.)
IT-Governance structures 2 → 3 • Here again step 5 is referred to and the similarity to
the point “roles and responsibilities” (do not derive
duplicate measures)
Sourcing strategy 1→4 • Two measures have been agreed in step 4, which are
clarified in detail there
Roles and 2→4 • see IT governance structures
responsibilities
IT controlling 2→3 • Introduction of IT controlling structures (which will
be presented in detail in step 7 on the basis of a bal-
anced scorecard)
• Establishment of an IT controlling organization in
the demand branch as shown in step 5
Compliance 2→3 • An IT organization compliant with compliance is
of particular importance to the management of the
company from a liability perspective. For the world-
wide GmbH, due to the lack of internal know-how,
a specialized consulting firm is commissioned to
implement corresponding compliance-compliant
standards
But take a closer look at the challenges identified in step 2 in Table 3 and think about
which measures can be derived from the identified challenges.
The following measures from step 2 have to be taken over into the roadmap:
• For each foreign location, a demand manager has to be planned

• By introducing cost and performance accounting and establishing professional IT
controlling in the demand branch, IT costs will become more transparent (possibly 1
or 2 IT controllers or reallocations necessary in the context of the needs analysis).
Measures for Step 3: IT Application Strategy/application roadmap

Measures and projects from step 3 can be directly taken over from the application road-
map into the IT roadmap (note: the difference between application roadmap and IT road-
map is that in the IT roadmap not only the projects for the application adaptations or new
introductions are considered, but all IT measures and projects, for example also organi-
zational restructuring, tenders for outsourcing, new governance methods or the introduc-
tion of ITIL, etc.).
Measures for Step 4: IT Sourcing

The basis for deriving measures from step 4. There all current outsourcing projects of
Produktio weltweit GmbH are listed and evaluated with school grades. Subsequently,
two current outsourcing projects were examined in more detail using a SWOT analysis,
namely the outsourcing of the data center and the SAP support.
Measures from the current SAP outsourcing (taken from the description in step 4):
• A good compromise could be to identify the processes important and value-adding

for Produktio weltweit, which are supported by SAP. The know-how must absolutely
go from the provider to the internal IT for these processes. This would be in this case
SAP WM and possibly MM, especially since the integration of the access function-
ality is pending. Then one should consider which processes or developments are
very important for the company. This is definitely the integration of the foreign sites,
which should mainly take place internally, in the sense of leadership and project man-
agement by internal personnel.
– The know-how for value-added core processes in SAP must go from the provider
to the internal IT organization of Produktio weltweit
– The support of the foreign sites is no longer carried out by the provider, but by
internal IT project managers or demand managers
• A final point that is not directly related to the provider, but became very clear through
the outsourcing, is the responsibility of the department for the processes. There is still
no clear process responsibility in the company today. These must be clearly defined
by new roles.
– Clarification of responsibility for process management in the company
Table 3  Step 2 measures
Challenges that were Measures that were derived from them
addressed in Step 2
Overseas locations: better The “better integration of overseas locations” sounds at first like an
integration, harmonization organizational issue that will be resolved by the introduction of the
of processes and systems, demand/supply structure in step 5; specifically, it is about ensur-
better service ing that overseas locations have a demand manager who explicitly
takes over the requirements of the overseas location and ensures
that, on the one hand, what the overseas location needs in terms of
IT services is understood, brought in to the demand/CIO office and
thus also flows into the standards in the supply with the aim that the
overseas location receives standard IT services that are adapted to
their specific requirements
The “harmonization of processes and systems” in overseas loca-
tions follows this theme of standards that need to be created by the
demand manager taking into account the specific requirements of
the overseas location
The topic of “better service in overseas locations” goes in the same
direction; behind it is the implicit accusation that currently only
standards are delivered without taking into account the specific
needs and requirements of overseas locations. That is why there is
currently a large proportion of “shadow IT” in overseas locations
because their requirements have not been “picked up”
This point can therefore be solved by the introduction of a demand
manager per overseas location
More and better qualified This is about the better qualification of IT staff with regard to IT
staff inhouse needed, pos- support for the very modern products of Produktio weltweit GmbH;
sibly also in-sourcing of this is about the development of apps or the in-house development
certain IT services of portal technologies that require new programming languages that
are not currently covered by the current staff
The topics of “innovation strategy” and “personnel strategy” play a
big role here. This means that, as part of the needs or gap analysis
(see Sect. 6.3.2), the positions that need to be filled must be defined
in order to fill them through external procurement or the recruit-
ment of qualified staff
More individual IT solu- This must be clarified in detail in Step 3 of the application portfolio
tions needed for innovative
products
Standardization/automation These are all hints at necessary software introductions, which must
in finance, personnel, con- be described in detail in Sect. 4.3. Therefore, only the hint here
trolling (SEPA, electronic that in the following package of measures 3 it is ensured that these
archiving, management standardization and automation projects are not forgotten
cockpit)
(continued)
Challenges that were Measures that were derived from them
addressed in Step 2
Check and make IT costs There is great pressure from the new boss who wants to reduce IT
transparent to prevent costs; it is therefore necessary that IT costs are made transparent in
savings a first step in order to understand at all for what the money is spent
and to identify possible cost drivers. The introduction of a cost and
performance accounting for IT as well as IT controlling would be
helpful. In addition, within the framework of the introduction of
demand/suppy in the demand branch, IT controlling is established
with business cases and economic calculations per project. This
should definitely be included in the roadmap as a measure
Measures from the data center outsourcing:
• One solution could look like this: a new tender is issued which focuses on the weak-
nesses and risks identified in the SWOT analysis. In this context, the current provider
could be given a new chance on the basis of different conditions. But it could also be
that a new provider actually comes into play who does not bring any of the above-
mentioned weaknesses and risks.
– new tender with focus on the problems identified in the SWOT analysis
Measures for Step 5: IT Organization/IT Governance

Many of the measures already identified are of an organizational nature and therefore
correspond to this step 5. The introduction of the demand/suppy structure for the produc-
tion of world GmbH in this step solves many of the mentioned problems.
Therefore, the details of the demand/suppy introduction are summarized once again
here, which include the measures from the previous steps:
• For each foreign location there is a demand manager (step 2 as well as step 4), who
explicitly deals with the concerns and requirements of the foreign locations and
brings them into the headquarters. In this way he ensures that the foreign locations are
supplied with standard IT, which is adapted to specific needs in individual cases.
• The responsibility for process management needs to be clarified (whether this is to be
integrated into the demand IT or into the department).
• A detailed needs analysis, as shown in step 5, is necessary for the production of world
GmbH in order to be able to exactly determine how the IT positions are to be repre-
sented in the demand and supply branches, where there is still a need which has to be
covered by new hires or consultants/providers and where positions and people have to
be exchanged or replaced (from step 1 and step 2).
• Roles and responsibilities need to be clarified, defined and delimited from each other
within the framework of the demand/supply introduction.
Deriving Measures into an IT Roadmap
Now all of the measures just mentioned need to be clustered, summarized, duplicates
recognized and removed, and then brought into a roadmap. It is important that after-
wards, a responsible party is named for each measure and a specific completion date is
set for the measure.
The measures are graphically represented in Fig. 3 and also show the timeline in this
context. For better clarity, the measures have been combined into packages or clusters
and color-coded; so all applicative measures are light gray and all organizational meas-
ures are dark gray. This also makes the dependencies within the applicative or organi-
zational measures, as well as between them, more clear. For example, it is very clear
that the measures regarding SAP, which also require organizational measures such as
the SAP support tender, are placed in front. The introduction of the document manage-
ment system also has a dependency on IT compliance issues, regarding the storage of

Replacing the Access Tool
and Integrating Functionality
SAP enhancements part 2: in SAP MM
HCM for all foreign locations and
Time recording

FI/CO Implementation Roll-out SAP and MES at all
Foreign Locations, SEPA, foreign locations
Tender for SAP Interface

support (sourcing) SAP/MES
Tender MES and introduction
Tender for data

center (sourcing)
New document management system

IT-Compliance (DMS) incl. archiving
Introduce IT controlling
Conduct personnel development
Personnel strategy:
Detailed needs and Redefine roles & responsibilities
gap analysis
Introduction Demand/Supply
t: 2014 2015 2016 2017
Fig. 3  Roadmap (Summary of measures for Produktio weltweit GmbH)

documents (not just pure IT compliance here, but compliance in general within the com-
pany, which are closely related). Within the organizational measures regarding the intro-
duction of Demand/Supply, it is also clear that there are some temporal dependencies.
For example, the personnel strategy must be carried out first, before roles and respon-
sibilities can be considered. The personnel development also only makes sense once
the strategy and roles and responsibilities are clearly defined. The introduction of the
Demand/Supply structure is a parallel process, which is fertilized by all of the measures
mentioned.
For the sake of clarity, the measures are summarized once more here, without taking
the temporal component into account:
• Introduction of the Demand/Supply structure (as described above)

• Detailed needs and gaps analysis
• Define, delimit and communicate roles and responsibilities
• Introduce IT Controlling including cost and performance accounting for IT and create
transparency for IT costs
• Establish IT compliance with the help of external experts
• Personnel development
– Training for IT project managers
– Define, introduce and communicate project management standards
– Introduce ITIL best practice standards
• New tender for the data center with a focus on the problems identified in the SWOT
analysis
• As part of the SAP outsourcing, resourcing the know-how for the value-added pro-
cesses back in-house, that is, returning it to the internal IT organization. Furthermore,
establish a demand manager for each overseas location
• Incorporate the application roadmap into the overall roadmap
– SAP Extensions Part 1
– Introduction of a document management system (DMS) including archiving
– Tender for new MES (Manufacturing Execution System) and introduction in order
to solve the problems identified in step 2 with the speed of innovation and support
for new production products
– Establish SAP/MES interface
– Roll-Out SAP and MES at all overseas locations
Determining the Necessary IT Budget
The most important core element for implementing the IT strategy lies in determining and,
above all, authorizing the necessary investments through management.
Determining the Necessary IT Budget 247
In order to get the investments necessary for implementing the IT strategy approved, the
following lists are required:
1. IT investment overview (determining the costs for the necessary IT projects from the
IT roadmap)
2. IT cost development for the next five years (possibly based on scenarios)
3. Savings potentials through the projects from the IT strategy
IT Investment Overview
For each measure just now determined from the IT roadmap, a cost calculation must now
be carried out with a subsequent cost estimate per measure or IT project, as shown in
Table 4 for the example company Produktio weltweit GmbH. Please note that all costs
mentioned here are fictitious numbers that do not have to correspond to reality.
This results in a total of approximately 3.18 million € for the implementation of
the IT strategy of Produktio weltweit GmbH (as I said: these are fictitious, exemplary
figures). Not all projects take place in one year, but extend over several years, as the
roadmap just created shows. This budget now has to be released by the company man-
agement and of course this raises many questions.
Identify Potentials and Synergies of Measures
The decisive question is why the measure or project should be carried out, that is to say:
• What is hoped for?

• What is better or more efficient afterwards?
• Does the respective measure serve the return targets of the company?
• Can this improvement be quantified in terms of savings?
The only project mentioned above that initially saves money is the outsourcing of SAP
support. In the first year, savings of around €300,000 and €400,000 from the second year
onwards can be achieved compared to the current situation. Now the exciting question
is where further savings can be found in terms of the IT strategy with regard to greater
standardization, more efficient processes and better cooperation with the department, due
to the IT strategy.
Table 5 shows the considerations regarding potential savings per project/measure and
attempts to quantify these savings potentials if possible. However, it should be noted that
some projects do not generate direct savings, but create efficiencies or synergies that are
difficult to quantify. In such cases, the top management must decide to what extent such
efficiencies or synergies are worth their investment, i.e. the budget required for this. It is
Table 4  Measures from the roadmap with cost estimation

Measures from the roadmap Cost calculation Cost estimate
Introduction of the demand/ Project duration = 1.5 years = 18 months 835 T€
supply structure (as described (including all foreign locations, training,
above) new committees, roles and search as well
as phased-in new employees)
Special features: 3 consultants, of which 1 consultant works
• For each foreign location, one full-time (on the basis of 13 months of
demand manager (step 2 and mixed calculation) and 2 consultants work
also step 4), who is explicitly part-time on a daily rate basis of 1300 €
responsible for the concerns
13 × 20 ×1 × 1300 = 338,000 €
and requirements of the foreign
locations, brings them into the 13 × 10 × 2 × 1300 = 338,000 €
headquarter and thus ensures
In total, about 675T €
that, on the one hand, the for-
eign locations are supplied with Search and hiring of new employees
standard IT, but on the other Assumption: 4 new employees = 40,000 €
hand, they are adapted to spe- per employee for search and hiring (mixed
cific needs in individual cases calculation)
• Clarification of responsibil-
ity for process management 4×40,000 = 160,000 €
(in demand-IT or in the Total costs = 835 T€
department?)
• Define, delimit and communi-
cate roles and responsibilities
Detailed needs and gap analysis The actual needs and gap analysis can be 15,000 € +
carried out internally with the help of an 160,000 € =
external consultant with approx. 15 days 175,000 €
x 1000 €
In this stage, it is questionable how many
new hires or severance packages will
result from this analysis. (Estimate based
on the current 40 IT employees, approx.
10% = 4 employees new hire (approx.
20,000 € recruitment costs per employee
= 80,000 €) and 4 employees severance
(approx. 20,000 € per employee = 80,000
€))
(continued)
Determining the Necessary IT Budget 249
Introduce IT controlling, Hiring of 2 new employees (Head of 50 T€ + 64 T€ =
including cost and performance IT controlling with experience and an 114 T€
accounting for IT and create employee for cost and performance
transparency for IT costs accounting) Recruiting and hiring of 2
new employees approx. 50,000 €
Creating the structures for IT controlling
and creating transparency in IT costs (2
consultants with a total of 80 days x 900 €
= 64,000 €)
Achieve IT compliance with the 2 consultants with a total of 60 days x 72 T€
help of external experts 1200 € = 72,000 €
Personnel developments • 5 IT project managers + 5 demand 120T € + 216T
• Training for IT project managers for project manager training € + 142.5T € =
managers (approx. 12,000 € per participant) = 478.5T €
• Define, introduce and com- 120,000 €
municate project management To define, standardize and introduce pro-
standards ject management standards, 2 consultants
• Introduce ITIL best practice with a total of 180 days will be purchased
standards at € 1200 = € 216,000
Introduction of ITIL best practice stand-
ards: This will be started together with
the new provider of the data center, which
charges € 950 for 150 days = € 142,500
New tender for the data center For the 5 phases of the tender (see 120T € + 300T €
with a focus on the problems Sect. 5.5), 2 consultants with a total of = 420T €
identified in the SWOT analysis 100 days will be engaged at € 1200 =
120T €
The transformation and transition costs
are calculated at around 300T €
Outsource the know-how for Currently, on average, 3 consultants of Potential savings
the value-adding processes to the SAP provider work 12 person days see left column
the internal IT organization per month at 1,100 € = 3 x 12 x 1100
within the framework of SAP = 39,600 € per month. This means that
outsourcing. this amount of just under 40 T€ could be
saved, but the know-how must first be
built up internally. Training is necessary
for this, which will cost 3000 € × 5 =
15,000 € for 5 employees.
Savings in the first year = 20 T€ × 6 +
30 T€ × 6q = 300 T€ minus training =
285 T€
In the second year = 40 T€ × 12 = 480
T€
(continued)
SAP Extensions Part 1: The project duration is 8 months (includ- 480,000 €
Introduction of FI/CO ing training and induction of internal MA)
3 consultants are needed at 1000 € per
day; 8 x 20 x 3 x 1000 = 480,000 €
SAP Extensions Part 2: The project duration is 9 months for 2 432,000 €
Introduction of SAP in foreign foreign locations (including training and
locations induction of the affected MA)
2 consultants are needed (the rest is done
internally) at €1200 per day 9 × 20 × 2 ×
1200 = €432,000
SAP Extensions Part 3: SEPA introduction is done internally and €32,000
Introduction to SEPA accompanied by a consultant on a part-
time basis: Project duration: 4 months; 10
days per month on the basis of €800 per
day (training and induction included)
4 × 10 × 1 × 800 = €32,000
Introduction of a document First, a tender must be carried out here Not currently
management system (DMS) to select the right software and the possible
including archiving processes affected by the automation by
the DMS must be defined (in-house and
possibly with the support of consultants).
Therefore, no specific budget planning is
currently possible
Tender for new MES Currently, only the tender costs can be €36,000
(Manufacturing Execution calculated here; the main tasks are car-
System) and introduction to ried out internally with the support of
solve the problems with innova- an expert who supports for 3 months at
tion speed and support for new approx. 10 man-days per month for €1200
production products identified per day: 3 × 10 × 1 × 1200 = €36,000
in step 2
Establish SAP/MES interface Project costs and duration not estimable as
MES must first be tendered and selected
(see above)
Roll-Out SAP and MES at all Project costs and duration not estimable,
overseas locations as MES must first be put out to tender and
selected (see above).
Costs for creation of IT strat- Project duration: 4 months 108,000 €
egy (external moderator and
15 days per month at 1800 € per day
consultant)
4 × 15 × 1 × 1800 = 108,000 €
Table 5  Potential savings per project/measure
Project/measure Costs (in €) Potential for savings or benefits/synergies/efficiency Savings quantified Generates enough added
effects value and meets the com-
pany’s return on investment
target
Introduction to the 835 • Business-IT alignment: IT services can be derived clearly Difficult to achieve at YES
demand/supply and understandably from the business requirements. A the current time
structure business case can be calculated for IT services
• Separation of IT demand and IT supply: By separating
demand and supply, the conflict of interest between the
best possible individual IT solution and cost-reducing
standardization can be solved
Determining the Necessary IT Budget
• Skills of employees: The comprehensive, holistic knowl-

edge of the business and the processes of the company
is no longer only in the specialist department, but also in
the demand and supply branch. They can formulate and
consolidate the demand and control internal resources
and external service providers in terms of content
• Transparency in terms of costs, services and tasks
• Efficiency improvement through shorter decision-making
processes and clear responsibilities
• Employee motivation through clearer task and role
definitions and better delimitation from the tasks of the
specialist departments
Detailed needs and 175 • Efficiency gains through the transfer of those employees Potential staff savings YES
gap analysis to the position that is best for them and the company are possible (currently
• All positions are optimally filled, which can lead to the not quantifiable)
elimination of some positions or the emergence of syner-
gies between positions that have not been recognized so
far
251
(continued)
252
target
Introduce IT con- 114 • Create transparency with regard to IT costs and in par- Cost reductions dif- YES
trolling, including ticular project and service management costs ficult to predict today
cost and perfor- • This makes potentials visible that cannot be recognized
mance accounting today
for IT and create • This makes cost reductions possible or synergies are
transparency for IT recognized
costs
Establish IT 72 • Ensure that possible follow-up costs can be excluded Ensure that follow-up YES
compliance with • How much is information security, data protection and costs can be excluded
the help of external constant availability of data worth to a company?
experts
Personnel 478.5 • Efficiency improvements in internal IT and in coopera- Efficiency topic YES
development tion with the departments
• Training for IT • Faster time-to-market for many IT services possible
project managers • IT services can be provided in-house and do not have to
• Define, introduce be purchased from external consultants
and communicate
project manage-
ment standards
• Introduce ITIL
best practice
standards
(continued)
Step 6: Implementation—The IT Roadmap, Determination …
target
New tender for the 420 • Actual savings potential given by new tender; the amount 250 T€ YES
data center with is difficult to calculate and depends on the redefinition of
a focus on the the service level and the catalogue of services; with the
problems identi- same catalogue of services and the same service levels,
fied in the SWOT but better performance of the provider, costs for change
analysis requests can be saved; assumption here: 20% savings =
As part of the Savings Calculation see Table 11: Savings in the first year = 20 T€ 285 T€ in the first year YES
SAP outsourcing, potential x 6 + 30 T€ x 6 = 300 T€ minus training = 285 T€
the know-how for see left
the value-adding column In the second year = 40 T€ x 12 = 480 T€ 480 T€ from the sec-
processes is to be ond year
outsourced again,
that is, returned
to the internal
IT organization.
Furthermore, a
demand manager
is to be established
for each foreign
location
SAP extensions 480 • The current bookkeeping is outsourced to an accountant; 250 T€ per year YES
part 1: Introduction the costs amount to approx. 250,000 € per year. These
of FI/CO costs can be saved
(continued)
253
254
target
SAP Extensions 433 • Accounting is done by local employees using Excel 240 T€ savings per YES
Part 2: • Production and logistics processes are not yet year
Introduction of IT-controlled to a large extent; here, personnel savings
SAP in Overseas are possible (approx. 5 FTE at 2 overseas locations =
Locations 10 FTE); i.e. 10 FTE x 2000 € per month = approx.
€240,000 savings per year
SAP Extensions 32 • The Europe-wide standardized bank code and account Efficiency topic YES
Part 3: Introduction number (SEPA) are a legal requirement and must be
of SEPA introduced
Introduction of a Not pos- • Many advantages can be created by a DMS, which are Efficiency topic YES
document man- sible at the listed below:
agement system moment • Faster access to information
(DMS) including • Acceleration of business processes
archiving • More transparency in all file operations
• Improved quality of process handling
• No distribution copies necessary anymore
• Improved document security, less document loss
• Cost reduction with increasing business volume
(scalability)
• Less space required
• Compliance with statutory regulations and agreed com-
pliance requirements
(continued)
Step 6: Implementation—The IT Roadmap, Determination …
target
Tendering 36 • The new MES will mainly increase the innovation speed Efficiency topic YES
new MES (increase in productivity) in production and can better
(Manufacturing support the new products of the production worldwide.
Execution System) Other advantages are:
and introduction • Shortening of cycle times,
(step 2) • Better traceability of products and components,
• Achieving a higher degree of punctuality,
• Easier procedure in the event of recall actions for defec-

tive products or components,
• Better utilization of production capacities,
• Recording and transmitting data in real time, which also
provide important information for other departments
Establish SAP/ Not pos- • Direct data and information transfer between the systems Efficiency topic YES
MES interface sible at the without manual data transfer. This eliminates errors in
moment data transfer, faster and more reliable data transfers
Roll-out SAP and Not pos- • Same standard processes at all sites; this significantly Efficiency topic YES
MES at all over- sible at the more transparency, less error-prone, higher quality, better
seas locations moment productivity, single change of new requirements, change
requests and error correction instead of multiple systems
Costs for the 108 • Expert know-how for the development of the strategy Efficiency topic YES
development of the • Process knowledge in the conduct of workshops
IT strategy (exter- • Neutrality in the analysis, decision templates
nal moderator and
consultant)
(continued)
255
important that column 3 shows the actual benefits, synergies or efficiency gains that will
be achieved through this measure. Because this is the decision-making basis for the top
management to release the measure or project.
The decisive question for top management is ultimately: “Which are the right invest-
ments in IT in order to achieve a higher return on investment for the company as a whole
and which investments in IT are rather to be neglected?” For this purpose, column 5 has
been deliberately inserted in order to get a clear “YES” or “NO” for each measure (title
of the column: “[The measure] generates sufficient added value and corresponds to the
return on investment goal of the company”).
The column for the savings potentials in Table 5 shows very clearly that it is very dif-
ficult to deal with quantified numbers. There are two ways to deal with this problem:
• Either one completely omits savings calculations and decides on the basis of the
potentials per measure or
• Target savings values are set before the project starts. Then the target can be taken up
in the form of target values per project and there is a clear target line for the imple-
mentation of the IT strategy.
In general, projects can now be set up according to the top management decision in the
last column of Table 5. How to proceed with these projects during their implementation
and execution can best be decided on the basis of the IT project portfolio presented in the
following.
The IT Project Portfolio
The IT project portfolio includes all current and planned IT projects of a company or
division or business unit. It serves the purpose of analysis, control and management on
the basis of monetary and/or strategic considerations.
Project portfolios have developed into one of the most important control instruments
of IT management, as the following figures very clearly demonstrate (according to [36]):
• 15–20% of the IT projects in the portfolio can be abandoned because they do not con-
tribute measurably to corporate success.
• Another 25% of IT projects do not have to be carried out in full, but also fulfill their
tasks in reduced form.
• Approximately 30% of IT projects do not support the departments and are pure IT
projects whose efficiency for the company is often only insufficiently quantifiable.
• Between 40–50% of all e-business initiatives do not support business goals and do not
lead to measurable added value.
The IT Project Portfolio 257
Definitions and Delimitations
Before starting with the creation or adaptation of the project portfolio, a delimitation
should be made to related topics that are often subject to confusion. These are the project
and program management topics described below:
• Project management is the smallest unit and describes the leadership and management
of a project. The project manager is responsible.
• For larger projects, sub-projects occasionally arise, which deal with specific topics or
content. These are led by sub-project managers who report to the project manager.
• Program management is defined as the management of more than one project; in this
case, projects are bundled into a program as the highest unit from a thematic or con-
tent perspective and managed authoritatively by a program manager.
• Project portfolio management is defined as a management instrument that considers
all projects and programs at the same time from the perspective of strategic prioriti-
zation. It is a permanent task in contrast to the project or program, which is always
limited in time. Project portfolio management provides a project-wide overview for
the analysis, control and management of all projects and programs. Here you are in
the bird’s-eye view and can quickly and easily evaluate, prioritize and make decisions
on all projects and programs from a strategic perspective. This also makes synergies
between the projects quickly recognizable. The question is: “Which are the <right>
projects for our company at this time?” In the context of project portfolio manage-
ment, strategic and financial evaluation aspects such as ROI or alignment with the UN
strategy are the key reference points. Therefore, project portfolio management is an
ideal tool for CIOs and IT leaders to strategically lead the IT organization.
Figure 4 shows the described boundary between program and project portfolio manage-
ment schematically and clearly:
Another boundary to the multiproject management appears to be necessary. Because
this has great similarities to the project portfolio management and is often confused.
The difference lies in the perspective: The project portfolio management has a view of
the projects from the bird’s eye view and checks synergies and the strategically correct
orientation of the projects, whereas the multiproject management is characterized by a
strong operational character, that is, it acts more on the content level of the individual
projects. Multiproject management describes more the operational action of the leader-
ship and management of a large number of projects, whereas the project portfolio man-
agement has more of a strategic character in the sense of the examination, assessment
and monitoring of projects.
Project portfolio
Project Project
Program
Project Project
Partial Partial
project project
Project
Project Project
Fig. 4  Boundary project—program—portfolio
Areas of Application of IT Project Portfolios
Areas of application of IT project portfolios are (In-Scope):
• Prioritization, categorization and evaluation of new and ongoing projects and

programs
• Control and monitoring of the value added of projects and programs
• Redundancies between projects can be detected more quickly
• The project goals can be better coordinated with each other
• Ideal basis for discussion of objectives with the departments
• Basic tool for developing an IT strategy
• Basis for Make or Buy decisions (answering the question: “Should the project or
the software or IT infrastructure component behind it be created or provided by a
supplier?”)
What an IT project portfolio cannot do (Out-of-Scope):
• It cannot replace demand and requirements management

• It cannot replace an IT strategy,
• It does not replace the detailed tracking and monitoring within a project (project con-
trolling), but is a strategic instrument for the selection and monitoring of all projects
in the company.
It thus shows the overriding objective of project portfolio management: The optimization
of the objectives of the individual projects from a holistic perspective in order to achieve
the greatest possible qualitative and quantitative synergy effects.
With the help of a professional project portfolio management, it is possible to very
quickly identify where IT budget has been used optimally for the purpose of the com-
pany and where not. This results in action and decision-making processes that are often
not transparent. In addition, it is quickly apparent when IT projects are no longer stra-
tegically meaningful. In such cases, an IT responsible person should not continue to
“throw good money after bad”, but rather end the respective IT project immediately and
simply have the resulting “ruin” demolished.
Goals and Tasks of Project Portfolio Management
In this context, three essential tasks of project portfolio management are distinguished
(based on [18]):
Evaluation phase
• Evaluation of project applications and projects according to chances, risks, economic

efficiency and strategic importance for the company
• Analysis of dependencies between planned and ongoing projects
• Prioritization of project applications on the basis of these evaluations and analyses
• Approval or rejection of project applications
Progress control
• Monitoring of ongoing projects (multi-project controlling)

• Coordination between ongoing projects in terms of resources, synergies and conflicts
• Ongoing review of the project portfolio in terms of its alignment with corporate goals
Evaluation and “lessons learned”
• Final evaluation of completed projects

• Securing of experience values from ongoing and completed projects (knowledge
database)
• Definition of specifications for new projects
• Initiation of new projects
The goal of the IT organization through portfolio management is to create capacity for
innovation topics that allow IT to be creative and thus increase the value of the company.
This can only happen if, through analysis and proper prioritization based on a project
portfolio, the large maintenance and operational projects are thoroughly examined and
put to the test. Are there other maintenance options? Where can money be saved? Which
projects create no value or benefit in relation to the costs?
The Approach Model for Creating and Monitoring a Project Portfolio
The range of tasks for portfolio management is very large. So in many IT organizations,
portfolio work already begins with collecting and introducing project ideas, goes through
the portfolio creation and monitoring process, and ends with the post-calculation of com-
pleted projects. This variety of tasks would map the portfolio process holistically. Often,
many of the tasks mentioned are not counted as part of the portfolio process and are
more part of project management. Here, however, we will turn to the holistic portfolio
process, as shown in Fig. 5.
The holistic portfolio process consists of four main processes, each with four sub-
processes. Before a detailed description of the portfolio process, it makes sense to think
about the life cycle of projects as a kind of excursion.
Admission and evaluation process
1 2 3 Project Evaluation: 4
Prioritization of
Collect project ideas Differentiation of the • Effort, costs/benefits
Projects
submit project Projects: Target / Must / • Profitability
• Define criteria
Can projects • Suitable for the IT
• Perform prioritization
Strategist?
Portfolio creation process
1 2 3 4
Plan and coordinate Assessment of projects Communication of the
Creation of the portfolio
resources Making decisions Portfolio decisions
Portfolio monitoring process
1 2 3 4
Checking of budget, Decisions and
resources and time Making portfolio
Monitor projects Communicate and
create report decisions
coordinate measures
End of project: Acceptance & Evaluation
1 2 3 4
Project to department "Lessonslearned"
Official project Measuring deviations
handed over: Communication of the
completion and successes
Acceptance & Release project acceptance
Fig. 5  Overview of the portfolio process

Excursus: Project Life Cycle

Every project is subject to a life cycle, similar to the products in the product life cycle of
the BCG analysis in step 2. Before starting the portfolio process, it should be clarified in
which cycle phase a project is currently or can generally be.
In summary, there are, as can be seen in Fig. 6, the following project states:
(a) Projects before being included in the portfolio

– Project idea (on the horizon)
– Requested project
– Postponed project
(b) Projects in the portfolio monitoring process
– Approved project
– Ongoing project
– Interrupted project
Projects before inclusion Projects in portfolio Projects accepted

in the portfolio monitoring process and inactive
Recording and
Project Acceptance and Completed
evaluation Approved project
applied for completion project
(portfolio
of the project
creation)
Ongoing
project
Project
not started
Project idea Monitoring of

the portfolio
Cancelled
project
Interrupted
project
Deferred
project
Fig. 6  Overview of project states

(c) Delivered and inactive projects

– Delivered projects
– Not started projects
– Abandoned projects
Phase 1: The Inclusion and Evaluation Process

The first main process begins with the reception of projects in the form of project ideas,
which then lead to a project application, if the project is considered to have a certain
probability of realization. For the first time, some project information is summarized in a
structured form in the project application, for example:
• Project name
• Project number (if available)
• Department or department responsible for the project
• Cost center (internal assumption of project costs)
• Project goal
• Project focus: In-Scope and Out-of-Scope
• Possible project start
• Approximate project duration
• Project risks
All projects that are officially applied for must then be evaluated and prioritized by a
committee responsible for the portfolio process and thus filtered in some form according
to certain criteria.
It is important to differentiate between the evaluation of projects and the prioritization
of projects. The evaluation of projects serves the purpose of whether a project is carried
out or not. The prioritization of a project serves to develop an execution sequence and
thus only applies to the projects that did not fall through the filter in the evaluation as a
must-project.
The criteria for evaluating projects are individually defined and relate to monetary
factors, risk factors, economic or cost-benefit factors. The criteria for prioritization are
often more difficult to capture and in many companies this evaluation is subject to the
subjective decisions of the committee leaders. In the next phase 2, the project portfolio is
created or brought up to date for the first time and three possible perspectives for assess-
ing the prioritization of projects are presented.
As an example for the Produktio weltweit GmbH, some IT projects from the just-
created roadmap are checked here and included in a project portfolio (see the following
chapter for Fig. 7 ff.). The following projects of the Produktio weltweit GmbH are exam-
ined in more detail:
• SAP extensions part 1

• SAP and MES roll-out at foreign locations
Cost-cutting IT projects with little Cost-reducing and

impact on UN strategy value-enhancing IT projects
Return on investment (cost reduction)
P2
DMS
high
P 1.1
SAP
Abroad
P 1.2
SAP
FI/CO
low
P 1.3
SEPA
IT projects with low cost impact and Value-added IT projects

little support for UN strategy with a low ROI
low high
Contribution to supporting the corporate strategy (value enhancement)
Fig. 7  IT project portfolio: contribution to the support of the UN strategy
• SAP/MES interface
• Introduction of a document management system (DMS)
• Introduction of IT compliance
Phase 2: The Portfolio Creation Process

After the projects have been roughly pre-filtered in the first phase, they are now included
in the portfolio. In this phase, an existing project portfolio is brought up to date or cre-
ated for the first time.
First of all, in addition to the project data recorded in phase 1, the following informa-
tion must be determined in particular:
• The economic viability of the project in the form of an ROI (Return on Investment)
• The risk of the project (usually a more subjective than a mathematically derivable
size)
In order to prioritize the projects according to the three criteria just described, there are
different views of the portfolio:
The axis values used for the IT portfolio are located on the ordinate of the “Return
on Investment (ROI)” as a quantitative value of the respective project or qualitatively
expressed if the ROI is difficult to determine: The benefit of the project for the company.
On the abscissa, the used values can vary to obtain different statements about the pro-
jects. Possible statements could be:
• Contribution to supporting the company strategy (so-called “benefit and strategy-ori-

ented IT portfolio”)
• Realization risk or “benefit and risk-oriented portfolio”
The Benefit and Strategy-oriented IT Portfolio

In the benefit and strategy-oriented IT portfolio it is evaluated how much the project
serves the company strategy (see Fig. 7). Note: The examples listed below are all based
on projects of Produktio weltweit GmbH, as they were included in the roadmap in the
previous section. Four projects have been selected that will be examined in more detail in
the respective portfolios:
• P1: P1 is the project “SAP Extensions Part 1: FI/CO, Overseas Locations, SEPA”,
which was divided into three sub-projects (P1.1–P1.3) in order to be able to assess
their contribution to strategy or their risk.
– P1.1: The SAP introduction for the overseas locations is depicted in the sub-project
P1.1
– P1.2: The sub-project P1.2 includes the SAP introduction FI/CO
– P1.3: Sub-project P1.3 stands for the introduction of SEPA
• P2: A project for the introduction of a document management system (DMS)
It is in Fig. 7 It is clearly visible that all 4 projects in the portfolio have occupied a differ-
ent place. Thus, the sub-project P1.1 for the introduction of SAP at the foreign locations
is classified as a “cost-reducing and value-increasing project” in the upper right quad-
rant. In contrast to P2 (DMS introduction), which is also represented in this quadrant,
the benefit for the company or the RoI is not as high as with the DMS introduction. This
classification can be based on clear calculations, but when introducing portfolio manage-
ment, this can also be based on subjective opinions of the committees, which of course
must be argumentatively recorded. In this case, it is so that the portfolio committee has
decided that the DMS introduction has a greater benefit than the SAP introduction at the
foreign locations. This is because all documents are currently stored manually in folders
and the bookings are available in SAP, but still have to be physically stored. This can be
automated and thus workstations can be saved and a much more efficient structure for
finding and finding documents can be made possible. The sub-project P1.3 (introduction
of SAP FI/CO) goes hand in hand with the two sub-projects P1.1 and P1.2 and is also
still sorted in the upper right quadrant. However, the value increase and the cost sav-
ings are not quite as high as with thezusammenhängenden Teilprojekten, da die aktuel-
len Aufwände nicht direkt durch die Einführung von SAP FI/CO verringert werden
und damit kein direkter RoI sofort erkennbar sein wird. Allerdings muss aufgrund
der Abhängigkeit der drei Teilprojekte gesagt werden, dass sie sich gegenseitig unter-
stützen und daher nicht weit auseinander im Portfolio klassifiziert werden. Das Projekt
P2 (Einführung SEPA) ist im unteren, rechten Quadranten einsortiert worden, da es dem
Unternehmen strategisch keinen Vorteil bietet, da die bisherige Abrechnung genauso gut
funktioniert hat und auf der Kosten- oder Return-Seite ebenfalls keinen Nutzen bringt,
sondern nur Geld kostet. Es ist als gesetzliche Anforderung zwar durchzuführen, bringt
aber im Grunde nur Mehraufwand, der keinen strategischen Nutzen liefert. Projekte,
die in diesem Quadranten landen, sollten nach nochmaliger Prüfung möglichst schnell
beendet werden, da sie keinen Nutzen liefern und nur Kosten verursachen. In solchen
Fällen ist ein Portfolio sehr hilfreich, da es sehr schnell visuell aufzeigt, welche Projekte
wirklichen Nutzen liefern und welche Projekte schnell beendet werden können, da sie
nur Kosten produzieren, aber keinen Nutzen liefern.
The Use- and Risk-oriented IT Portfolio

The risk of IT projects is often considered in the respective project, but often not in the
overall context of all running projects. Unfortunately, this often leads to a high propor-
tion of failed IT projects. Therefore, a risk assessment of all projects is recommended. In
our example in Fig. 8, the RoI is again given on the ordinate and the risk of the project
on the abscissa, based on the use- and strategy-oriented portfolio.
Cost-cutting IT projects with low risk Cost-cutting IT projects with

high risk
P2
DMS
high
P 1.2
SAP
Abroad
P 1.2
SAP
FI/CO
low
P 1.3
SEPA
IT projects with low cost IT projects with low ROI

impact and low risk and high risk
Low (0-50% risk of failure) High (50-100 % risk of failure)

Project risk
Fig. 8  IT project portfolio: risk assessment of the projects

It becomes visually very clear in this portfolio that all projects indeed involve a risk
that is greater than 30%. Therefore, a detailed risk and quality management must be
introduced for all projects in order to keep the risks under control. However, only one
project with a risk of failure of more than 50% is to be found in the portfolio: the intro-
duction of SAP in the overseas locations. It is important in the classification and evalu-
ation which type of risk lies at the basis of the project. Here it is not so much the actual
technical implementation of SAP in the overseas locations, but the training and subse-
quent use of SAP. The problem is the low qualification in the overseas locations in the
departments that then have to work with SAP. The best SAP installation is of no use if
the operation and the functions are not used correctly. Therefore, a close and direct coop-
eration is recommended here with the relevant departments at headquarters and in the
overseas locations, so that the project can be successful.
Phase 3: The Portfolio Monitoring Process

After the project portfolio has been created or brought up to date, it is time to analyze
and monitor the projects. The following tasks are part of the project monitoring:
• Checking the projects against the usual project triangle factors of time, cost and
quality
• Checking and classifying the projects according to the three portfolio levels presented
in phase 2
– Contribution to supporting the corporate strategy
– Realization risk
– Probability of realization
• Making decisions about reclassifying or continuing or stopping projects in the project
portfolio (see the decision matrix in Fig. 9 based on Gadatsch [18]).
After the decisions have been made, they must be communicated to all those affected,
including all those involved in the department who were not part of the decision-making
process.
Phase 4: Project End: Acceptance and Evaluation

In the last phase of the project portfolio process, it is about the completion of projects.
Here, too, four partial steps are considered:
• The official transfer of the project to the department.

• The official project completion: The project must be finally evaluated and accepted by
the department; only then can the project be considered officially completed in IT and
it goes into operation, which is regulated by a maintenance contract the further sup-
port of the underlying application.
0 - 5 years
review Execute
Set project
risks project
Break-even (in years)
Check the
> 5 years
economic
Set project Set project
viability
of the project
0 – 50% > 50 – 75% > 75 – 100%

Probability of realisation (in %)
Fig. 9  Making decisions in the IT project portfolio
• Measure deviations and successes: After the official completion, outstanding devia-
tions must still be recorded.
• Lessons learned: In addition, a kind of “lessons learned” is always very helpful, in
which helpful findings and measures for further projects can be derived openly by all
project participants.
This completes the process of portfolio consideration of IT projects.
Organizational Involvement
The responsibility for the project portfolio management process should be directly
assigned to the CIO or IT manager and function as a staff unit. Only by the direct con-
nection to the CIO can the efficiency be ensured and political trench warfare can be pro-
actively excluded.
In addition to the direct CIO responsibility, the close involvement of the depart-
ments is crucial for success. This is done by a committee or committee that must meet
regularly.
It is important that the decisions from the portfolio committee are communicated and
transparent. Every employee must know which projects were prioritized for what reason.
This is the daily work and motivation basis in the project business of an IT organization.
It is important for working on the tasks in Step 6 that you review all previous results
again to derive all measures. In addition, budgeting is very important, which preferably
comes with argumentation chains and, if possible, also with savings potentials. The IT
portfolio should then be developed in a new working group, together with the depart-
ment, and all projects should be jointly evaluated therein.
The Roadmap for the IT Strategy
In the first step, the measures from the respective steps 1–5 are derived to create the
roadmap.
It starts with step 1, for which an actual-desired comparison of the maturity levels
of all processes is carried out (based on the results from step 1). In worksheet 1, you
can now use all objects of investigation from step 1 in which a delta between actual and
desired is gaping.
Worksheet 9.1 Deriving measures from step 1 (ACTUAL-TARGET comparison)
◾ Please enter the ACTUAL maturity level and the TARGET maturity level in the network
diagram below (see step 1). All processes in which a delta of at least 1 or 2
klafft, müssen mit Maßnahmen in der Tabelle im Buch versehen werden.
Project Management
Compliance 5 Demand Management
IT-Controlling Supply Management

4
Optimal cost structures 3 Service Management
2 Quality Assurance und

Management
1

Continuity Management
In order to derive measures for the areas in which there is still a difference between
actual and desired, the following worksheet 2 is used. There you enter the areas with the
too large deltas between actual and desired in columns 1 and 2 again and then you have
to decide which measures are to be derived from them.
Worksheet 9.2 Deriving measures from step 1
◾ Please enter in column 1 all areas from step 1 that have a too large delta to the
TARGET, in column 2 the ACTUAL and TARGET maturity level and in column 3
the measures that are necessary to achieve the TARGET.
ACTUAL → TARGET
Object of investigation Maturity Measure(s)
Training and certification for all IT project managers

according to e.g. GPM/IPMA or PRINCE2 Definition of
EXAMPLE: standard project management processes that are valid
2→4
Project Management for all IT projects and are monitored by a new instance
(project management department in the demand branch).
In the next worksheet 3, the measures from step 2 are derived from the challenges for IT:
◾ Please enter in the table below in column 1 the challenges that were identified in
step 2 and the measures that are derived from them in column 3
Challenges identified in step 2 Measures derived from this
EXAMPLE: Review IT costs and make them Great pressure has arisen from the new supervisor
more transparent to avoid savings who wants to reduce IT costs; it is therefore
necessary that, as a first step, IT costs are made
transparent in order to understand at all what the
money is spent on and to identify possible cost
drivers. It would be helpful to introduce cost and
performance accounting for IT as well as IT
controlling. In addition, as part of the introduction of
Demand/Suppy, IT controlling will be established in
the Demand segment with business cases and
Profitability calculations per project. This should
definitely be included in the roadmap as a measure.
The following measures are generated for the next steps. First for step 3, the application
strategy. Here the application roadmap can be used as a basis (see Worksheet 9.4) and no
worksheet is required for this. For step 4, the sourcing strategy, the measures should be
prepared in the form of a table, as you will find in Worksheet 4:
◾ Please enter in the table below in column 1 the challenges identified in step 4
(Sourcing) and the actions derived from them in column 2.
Challenges identified in step 4 Measures derived from this
Many of the measures already mentioned are of an organizational nature and therefore
fit into step 5 (IT organization/IT governance). Therefore, all measures that fit into step 5
should be listed here again:
◾ Please enter in the table below in column 1 the identified issues and problems from
step 5 (e.g. revise organization or redefine IT role) and then the measures in column 3
(e.g. project "New role of IT").
Identified issues and problems from step 5 Measures

(organization / IT governance)
All measures now determined must be summarized and clustered again according to
organizational and technical measures, which is done in the work package 6.
Worksheet 9.6 Summary of all measures
◾ Please enter in the table below in column 1 all organizational measures found
so far (e.g. "Define new role of IT" or "Introduce Demand/Supply") and next to
it the technical measures (all from the application roadmap and other technical
measures)
Organizational measures Technical / applicator measures
As a last step, these measures must be brought into a time context, which is done with
the help of the roadmap. For this purpose, the following worksheet 7 is used, in which
all measures are brought into a chronological order. In addition, the measures are sum-
marized here into bundles that are thematically and temporally matching and colored
according to organizational and technical measures.
Worksheet 9.7 The IT Roadmap
◾ Now all discovered measures need to be clustered, summarized, duplications

identified and deleted, and then brought into the roadmap prepared below.
◾ Clustering with the aid of colour can be carried out according to application/technical
or organisational measures.
t: 2015 2016 2017 2018
Determining the IT Budget
After the IT roadmap has been created and it is therefore clear what should be done ide-
ally, the evaluation of all measures is carried out on a monetary basis. Because only if it
is clear what the measures cost, can management release them and make a budget avail-
able for this. The following table serves to monetarily evaluate all measures.
Worksheet 9.8 Determining the IT budget
◾ Please transfer all measures from the roadmap into the table below in column
1 and then make a cost calculation per measure in column 2. Column 3 shows the
calculated total amount.
Measures from the Cost calculationtion Cost

roadmap estimate
In the following worksheet 9, the savings can be determined or at least the potential for
savings can be argumentatively mentioned and it can be estimated whether the measures
are sufficient for the company’s goals of return and value added.
Worksheet 9.9 Saving potentials and return decision per measure
◾ The following table serves to check which savings potential which measure
offers and whether this measure corresponds to the company's return target.
Columns 1 and 2 can be taken from worksheet 9.8. Column 3 describes the savings
potential by way of argument. Column 4 quantifies these (if possible) and
column 5 states whether this measure corresponds to the company's return target.
Project/ Costs Potential for savings Savings Generates

Measure (in T€) quantified sufficient added
value and
meets the
company's
return target
The Project Portfolio
At least all technical measures are derived from IT projects, but also the organizational
measures should be set up as a project and then checked in a portfolio. The following
two work packages serve this purpose, in which all measures are mapped as projects in
a portfolio and thus a decision can be made which project offers which strategic value as
well as ROI, which projects involve greater risks and which projects should be carried
out in any case at the end, because the strategic value, the ROI is very high and the risk is
very low and which projects should be postponed or canceled better at first.
Worksheet 9.10 The IT Project Portfolio (Strategy/Benefits)
◾ Please place the identified measures or projects in the portfolio below and
note the conspicuous placements of projects and the resulting consequences.
Cost-cutting IT projects with little Cost-reducing and

impact on UN strategy value-enhancing IT projects
high
low
IT projects with low cost impact and Value-added IT projects

little support for UN strategy with a low ROI
low high
Contribution to supporting the corporate strategy (value enhancement)
Worksheet 9.11
◾ Please place the projects you have just placed in the risk-oriented portfolio below
and consider which projects are now so high risk that it may not make sense to
complete them.
Cost-cutting IT projects Cost-cutting IT projects with

with low risk high risk
high
low
IT projects with low cost impact IT projects with low

and low risk ROI and high risk
Low (0-50 % risk of failure) High (50-100 % risk of failure)

Project risk
Conclusion Step 6
The creation of the roadmap summarizes all the statements and measures taken in a
clear manner. It thus becomes clear what all is included in the implementation of the IT
strategy and which task packages need to be bundled. The temporal relationships and
dependencies between the measures and projects become transparent and show the com-
plexity which can be somewhat alleviated through the graphical representation in the
roadmap. The important step that follows is budgeting and preparing for the presentation
to top management for the release of the 3–5 year plan. If this is accomplished, a steering
instrument can be used in the form of the project portfolio to monitor the projects under
different strategic aspects and lead them to success.
Your most important thoughts and findings for Step 6:

Step 7: Monitoring and Control of the IT
Strategy with the IT Strategy Cockpit
Abstract
In addition to the measures determined from the first five steps and the incorpora-
tion into an IT roadmap as well as the evaluation of IT projects in the portfolio, an IT
strategy cockpit is now designed on the basis of a Balanced Scorecard, with which the
control of the measures from the roadmap always succeeds.
Basics of the IT Strategy Cockpit
The IT Strategy Cockpit is modeled after the cockpit of an airplane, in which all essen-
tial details for controlling the airplane are visually displayed and adjustable at a glance.
Such a cockpit is not only needed by the pilot, but also by the IT responsible person
for controlling the IT organization. The results of the Capgemini CIO study, which are
shown in Fig. 1, however, show that there is still a large gap between what should be
measured and controlled and what is actually measured. For example, according to com-
pany management, the customer satisfaction of IT should definitely be measured (almost
70%), but only just under 40% of IT organizations in companies do this.
The following will use the IT Strategy Cockpit to show that it is not difficult to
develop a measuring instrument that is based on the measures from the IT strategy deter-
mined in the previous step. This way, all these measures can be constantly checked and
adjusted.
282 Step 7: Monitoring and Control of the IT Strategy …
Measuring the success of IT - Business-KPls

What are the main ways you measure the success of IT?
What do you think it should be measured by?
76.5%
Contribution of IT in reducing the processing time
44.6%
IT's contribution to increasing 69.8%

customer satisfaction 42.4%
61.4%
Contribution of IT in reduction of production cost
40.4%
Contribution of IT in market launch (Time to market)* 58.1%
20.9%
52.3%
IT's share of revenue growth*
15.6%
41.9%
IT's share of profit growth*
13.0%
33.3%
Share of IT in gaining market share* Target
11.4% Actual
Basis: Alie respondents measuring IT success (n = 59)

* Basis: Alie respondents without Offentlicher Berelch, the success ofITmeasen (n - 47)
Fig. 1  What is the success of IT mainly measured by?
The Foundation of the IT Strategy Cockpit: The Balanced Scorecard
The Balanced Scorecard (BSC) was developed in the early 1990s by R. S. Kaplan and D.
P. Norton as a new instrument for (general) controlling.
Until then, available performance measurement (performance assessment at the cor-
porate level) indicators were insufficient because they only considered financial variables
and thus led management to misbehavior. The BSC, on the other hand, is a strategic-
operational key figure system for balanced corporate governance.
The idea behind it is the following: The company strategy is linked to operational
planning through cause-effect chains. This is made clear in Fig. 2, which shows by way
of example which effects the causes can have in the different perspectives.
Basics of the IT Strategy Cockpit 283
Learning &
Processes Customers Finance
Growth
Customer
Competence satisfaction
Better process Increase in

quality earnings
Information Customer
supply loyalty
Fig. 2  Cause-and-effect principle of the balanced scorecard
Goals of the Balanced Scorecard
The following three main goals can be achieved by using the BSC:
1. Elimination of the purely financial perspective

The BSC takes into account four balanced perspectives (financial and non-financial)
(finances, market and customer, internal processes, learning and innovation).
2. Integration of strategy and action planning
Linking strategic corporate planning with short- and medium-term action planning.
This is to ensure that short-term measures serve long-term strategic goals.
3. Strategic future-oriented framework
Traditional key figures were more oriented towards the past. The BSC is a future-
oriented interdependent key figure system for coordinating management systems. A
permanent management loop is created through communication of the scorecard and
incorporation of feedback.
The 4 Perspectives of the Balanced Scorecard
The BSC is divided into 4 so-called perspectives:
1. Finances
2. Internal Processes
3. Learning and Development
4. Market and Customers
Goals, key figures, target values and measures are defined for all four perspectives. A
schematic structure is shown in Fig. 3.
Finance
How should we approach

stakeholders in order to
have financial success ?
Targets Key figures Specifications Measures
Customers & Market Internal processes
In which business processes do we have

How should we appear to our customers,
on the market, in order to realize our vision
Vision & to be the best in order to satisfy our
& strategy? Strategy shareholders and customers?
Targets Key figures Specifications Measures Targets Key figures Specifications Measures
Learning & Development
How can we foster our potential for

change and growth to realize our
goals?
Targets Key figures Specifications Measures
Fig. 3  Schematic structure of the 4 perspectives of the balanced scorecard

The Structure of the IT Strategy Cockpit in 4 Phases 285
The Structure of the IT Strategy Cockpit in 4 Phases
 “If you can’t measure it, you can’t manage it”. This key statement from the
Balanced Scorecard concept of Kaplan/Norton is still as relevant today as it
was in the 1980s and is the basis for an IT strategy cockpit to be created now.
The structure of the IT strategy cockpit is carried out using the example of
Produktio weltweit GmbH.
The previous work on IT strategy development is now operationalized so that a con-

stant check and control of target achievement is possible. For this purpose, the central
statements of the IT strategy must be broken down into figures or so-called KPIs (Key
Performance Indicators).
The procedure for setting up the IT strategy cockpit is shown in Fig. 4.
The background for using the IT strategy cockpit is not only that you have an instru-
ment and tool for monitoring and tracking the goals once a month in the management
circle, but above all that the goals of the IT strategy flow into everyday business. This
can only happen if the essential statements of the IT strategy are included in the cockpit
and these goals are constantly in front of all managers in the form of key figures. Only
in this way can it be ensured in the hectic everyday business that the often autonomous
decisions and developments made and carried out find their way into everyday decision-
making and considerations.
In the following, the IT strategy cockpit is created in 4 phases and filled with life by
means of examples from Produktio weltweit GmbH.
Phase 1: Identifying the Right Key Figures (KPIs) Per Perspective
In this first phase of developing the cockpit, the goals of the IT strategy that have been
elaborated so far are broken down into the four perspectives and linked together. It is
important that the relationships between all perspectives are clear and unambiguous,
because all perspectives influence each other and one perspective cannot be considered
independently of another. The BSC is therefore one of the few tools in management that
takes a holistic view and does not consider financial key figures or processes in isolation.
Procedure for setting up the IT strategy cockpit
1 2 3 4
Identification of the right Determination of target Determination of the Deviation analysis:

key performance indicators corridors or target values persons responsible Derive measures in
(KPIs) per perspective per key performance per key figure (KPI) case of deviations
indicator (KPI)
Fig. 4  Procedure for setting up the IT strategy cockpit

This makes it possible to quickly see which key figures from one perspective have an
effect on key figures from another.
For example, process efficiency in a certain area, such as project management, can be
directly correlated with success in complying with IT project budgets (financial perspec-
tive) or employee satisfaction in projects (employee perspective) as well as success of
the IT product as a result of the project in the specialist area (customer perspective).
 The key figures defined here must be known and anchored not only in the IT
organisation, but throughout the company and by all employees.
Examples of key figures for an IT strategy cockpit can be:
1. Finances
– IT costs per employee,
– IT project costs and benefits,
– Profitability growth after IT project implementation (e.g. after introduction of an
ERP system),
– TCO (Total Cost of Ownership) per IT workplace/per employee
2. Internal processes
– Number of complaints, complaints, escalations to top management,
– Number of interventions by managers in operational IT processes,
– Number of process innovations from the ranks of their own employees,
– Process speed from input to output
3. Learning and development
– Number of improvement suggestions/number of publications,
– Number of activity-related side activities (lectureships at universities, speakers at
external or internal training courses, membership of research working groups)
– Number of participants in further education courses, company parties or company
meetings,
– Overtime quota,
– Compliance with deadline processing.
4. Market and customer
– Processing time for enquiries, change requests, requirements, complaints/incidents
or problems, troubleshooting etc.
– Share of deliveries on time,
– Number of SLA violations
 In order not to get tangled up and to keep an overview, only take the real
“must-haves” of all strategic goals or measures as a key figure in your IT strat-
egy cockpit. There should be a maximum of 10–15 key figures in total.
The Structure of the IT Strategy Cockpit in 4 Phases 287
In the specific case of Produktio weltweit GmbH, the key figures are shown in Table 1
per perspective. A third column has been inserted, which provides a description of which
strategic measure the respective key figures are derived from.
Table 1  The key figures of the IT strategy cockpit at the example of Produktio weltweit GmbH
Perspective Indicator(s) Description (From which strategic measure is the
indicator derived?)
Finances • Project costs • Professionalization of project management
• Detailed SLA report per (closing the delta from the actual analysis step
sourcing project (here costs 1)
per month, number of change • Professionalization and transparent tracking of
requests/incidents) providers in the area of sourcing (step 4)
• IT costs per employee on • Reduce IT costs (requirement from the board of
TCO basis directors from the challenges for IT in step 2)
Internal • Establishment of IT • Establishment of IT compliance as found in the
processes compliance actual analysis in step 1
• Establishment of demand/ • Establishment of D/S structure as specified in
supply structure step 5
• Establishment of IT • Establishment of IT controlling, service man-
controlling agement and project management (see deltas in
• Establishment of service step 1)
management processes Note: The KPIs of the internal processes are
• Establishment of project quantified with respect to time (in time), quality
management processes (school grades) and costs (in budget)
Learning and • Project management training • Improvement of results from step 1 in project
Development courses management and service management (here
• Service management training you can also see the link between the perspec-
courses tives of project and service management: In the
• Sick leave “internal processes” perspective, the structure is
• Overtime quotas tracked and the necessary training is carried out
in the “learning and development” perspective)
• Sick leave and overtime quotas are derived from
steps 2 and 5 due to the current poor morale of
the staff
Market and • Number of SLA violations • The first key figures result from the sourcing
Customer • Number of complaints from problems with the suppliers identified in step 4
the department • The complaints and customer satisfaction are
very important for the D/S structure and give
many hints on what to pay attention to when
setting up and structuring the project
• In addition, the project portfolio should be
checked monthly together with the department
Phase 2: Determination of Target Corridors or Target Values per Key

Figure
This stage is the operationalization of the IT strategy cockpit. This allows you to see at
any time where you stand and serves as a kind of early warning system. For this purpose,
corridors must be defined in which the key figures defined in phase 1 may move. If you
deviate from this, the traffic light goes to yellow or even red. “Green” means that the
figure is in the ideal range, “yellow” means a deviation that is still tolerable and serves
as a warning (for example, 3% deviation), but “red” means that immediate action must
be taken. This means that you define an exact target value and the deviation corridor for
“yellow” and “red” for each key figure. It is helpful to calculate current actual values and
to consider how the corridors should look; for this purpose, a two- to four-week test or
trial phase can be helpful when defining actual values and corridors for the first time, so
that realistic values can be defined.
Table 2 shows the key figures of Produktio weltweit GmbH defined in the previous
chapter and, on the one hand, defines the calculation of the actual value and the target
corridor for each key figure.
Phase 3: Determine Responsible Persons for the Key Figures
It is important that you name a responsible person for each key figure. If nobody feels
responsible, the best key figures are of no use and the early warning system cannot work.
Table 3 lists all responsible persons per key figure at Produktio weltweit GmbH as an
example.
Phase 4: Deviation Analysis: Derive Measures in Case of Deviations
This stage is the concrete work process in which the key figures are checked on a regular
basis and—if necessary in case of deviations—corrections are made. These corrections
are basically the strategic challenges in the form of changes in direction, new decisions
or organizational interventions on the way to the goal.
Install Necessary Committees

In order to be able to carry out this phase regularly, a regular appointment and a commit-
tee must be installed to control and monitor compliance with the target corridors and any
necessary escalation. Members of this committee must be all key figure responsible per-
sons as well as the CIO or IT manager who has the chairmanship and decision-making
power. This committee is prepared and moderated by a referent or head of IT controlling.
The frequency of the committee corresponds to the frequency of the collected key figure
data. In the case of weekly frequencies, an email is usually sufficient, otherwise these are
one- to two-hour regular appointments.
Table 2  Definition of target corridors or target values per key figure
Perspective Key figure Calculation and actual value as an Target corridor and target values
example
Finances Project costs Project costs are represented A target value is set up to completion of the project (= project budget); this is
as current total expenditure per then broken down to the reporting frequency
project Example:
P1.1 SAP introduction for overseas sites
Target value to completion = project budget = €750,000
Time to completion = 9 months for 2 overseas sites
Reporting frequency = every 2 weeks
750,000/9/2 = €41,667 per reporting frequency (this is more of a theoreti-
cal value here, as project expenditure will fluctuate greatly in reality and, for
example, be higher at the beginning due to investments in licences and greater
involvement of external parties. Therefore, it makes sense to specifically plan
The Structure of the IT Strategy Cockpit in 4 Phases
how high project expenditure will be per reporting frequency and then provide
these with deviation corridors)
After 2 weeks: €25,000 (green = max. + 3%, yellow = > 3% and < 8%, red = >
8%)
After 4 weeks: €70,000 (same deviation corridor)
After 6 weeks: €80,000 etc.
(continued)
289
290
example
Finances SLA report The outsourcing project for the Monthly costs:
data center is used as an example Green = < = 47,000 €/month
here
• Monthly costs correspond to
Yellow = > 47,000 € – < 50,000 €/month
actual monthly costs (actual value Red = > 50,000 €/month
= 47,000 €/month) Number of incidents:
• Number of incidents (actual value Green = < = 18 incidents/month
= 18 incidents/month)
The actual values must be deliv- Yellow = < 18 and < 22 incidents/month
ered by the providers on time Red = > 22 incidents/month
after the end of the month
Finances IT costs per First, a definition and delimita- The target size in terms of IT costs per employee of the board of directors is
employee tion must be made as to which IT 8000 € per employee
services will be included in these The target corridors are set here:
key figures. This can, for exam- Green = < = 8000 € IT costs per employee
ple, only be the workplace costs
(laptop/desktop, monitor, keyboard, Yellow = > 8000 € and < 8300 €
mouse) + network costs + printer Red = > 8300 €
costs or the total IT costs. Since
reducing IT costs is important for
the board of directors of Productio,
the total costs are taken here. The
calculation then looks as follows:
Total IT costs/number of
employees
Example actual value:
3,500,000 €/400 = 8750 €
Step 7: Monitoring and Control of the IT Strategy …
(continued)
example
Internal Establishing Determining actual values for on Target corridors:
processes IT time, on budget, on quality
compliance On time = completion by 09/2015 On time and on budget
On budget = 72,000 € Green = max. + 2% deviation
On quality = at least grade 2 Yellow = > 2% and < 5% deviation
Red = > 5% deviation
On quality:
Green = < = 2
Yellow = 3
Red = > 3
Internal Construction Same scheme as in construction of Target corridors just as in construction of IT compliance
processes of demand/ IT compliance
supply Actual values:
structure In time = 12/2016
In budget = 835 T€
In quality = 2
Internal Construction Scheme as above Target corridors just as in construction of IT compliance
processes of IT Actual values:
controlling In time = 09/2015
In budget = 114 T€
In quality = 2
(continued)
291
292
example
Internal Construction Scheme as above Target corridors just as in construction of IT compliance
processes of service In time = 09/2015
management
processes In budget = 114 T€
In quality = 2
Internal Establishing Schema as above Target corridors as with establishing IT compliance
processes project In time = 09/2015
management
processes In budget = 114 T€
In quality = 2
Learning Training Number of employees who have Target corridors with target values:
and courses completed the project management Green = 10 employees by end of 2014
development in project training at level C
management Actual value = 2 employees in Yellow = 8 employees by mid-2015
mid-2014 Red = 8 employees by end of 2015
Learning Training Number of employees who have Target corridors with target values:
and courses completed the service management Green = 6 employees by end of 2014
development in service training as practitioners
management Actual value = 1 employee in Yellow = 5 employees by mid-2015
mid-2014 Red = 3 employees by end of 2015
(continued)
Step 7: Monitoring and Control of the IT Strategy …
example
Learning Sickness rate Calculation of how high the rate of Green = < = 5%
and sickness reports per week is
development Example: 40 employees, of which Yellow = > 5% and < 8%
2 employees reported sick for 3 Red = > 8%
days and 4 employees reported sick
for 1 day in the past week
= 40 employees * 5 days = 200
(2 * 3) + (4 * 1) = 10
5% sickness rate
Learning Overtime Calculation = number of overtime Green = < = 12,5%
and rates hours/ number of total work hours
development * 100
Actual value = 200/1600 * 100 = Yellow = > 12,5% and < 20%
12,5% Red = > 20%
Market and Number Reported by the provider and Green = 0 SLA violations
customer of SLA tracked internally by IT controlling
violations Actual value = 2 Yellow = < = 2 SLA violations
Red = > 2 SLA violations
Market and Number of Tracked by IT controlling Green = < 3 complaints
customer complaints Actual value = 6 Yellow = 3 to < 5 complaints
from the
department Red = > 5 complaints
293
Table 3  Responsible persons for the key figures

Perspective Key figure Responsible Frequency with
respect to provision
Finances Project costs Each project manager, Weekly
IT controlling collects
every Friday
Finances SLA report Provider Monthly
Finances IT costs per employee IT controlling Monthly
Internal processes Establishment of IT IT controlling Monthly
compliance
Internal processes Establishment of Referent IT strategy: Monthly
demand/supply IT controlling gets
structure report 3 days before
the end of the month
Internal processes Establishment of IT Head of IT controlling: Monthly
controlling IT controlling receives
report 3 days before
Internal processes Establishment of Head of IT supply: IT Monthly
service management controlling receives
processes report 3 days before
Internal processes Establishment of Head of project man- Monthly
project management agement: IT control-
processes ling receives report 3
days before the end of
the month
Learning and Conducted training Head of project man- Monthly
development project management agement: IT control-
ling receives report 3
days before the end of
the month
Learning and Conducted training Head of IT supply: IT Monthly
development service management controlling receives
report 3 days before
Learning and Sickness IT controlling Weekly
development
Learning and Overtime quotas IT controlling Weekly
development
Market and customer Number of SLA Provider Monthly
violations
Market and customer Number of complaints IT controlling Monthly
from the department
Implementation of the Strategy 295
Implementation Possibilities of an IT Strategy Cockpit
List of Key Figures with Excel
The simplest and quickest way to set up an IT strategy cockpit is to use a spreadsheet
program, for example MS Excel. No significant investments are required and you can
ask your IT controller or—if not available—a controller to set up a list of key figures in
the form of a balanced scorecard. The disadvantage is that in most cases there can only
be one person who maintains this list, as otherwise it is not immediately clear who has
made which changes. A visualization of the balanced scorecard and the cause-and-effect
principles in the form of a causal network is hardly possible in Excel. Therefore, this
implementation option is certainly good for a quick start, but not recommended in the
long term.
A Simple Isolated Solution
There are now web-based solutions for displaying balanced scorecard systems that can
be relatively easily adapted or extended to an IT strategy cockpit. These are so-called
isolated solutions, as they are usually stand-alone, i.e. without interfaces to other systems
in which the figures may already be available. In most cases, certain key figures can also
be visualized in so-called dashboards, which provide a good overview for management
and the executive board and can therefore promote greater acceptance and use.
Implementation of the Strategy
The strategy cockpit serves to monitor and track the implementation of the IT strategy.
In addition to purely quantitative monitoring, this chapter will also take a closer look at
the qualitative management of the implementation of the IT strategy with the possible
pitfalls on the way.
Change Management: Organizational Adjustments
The development and implementation of an IT strategy is always associated with ups and
downs. As in many other IT projects, the process often resembles the typical course of
the change or change curve as shown in Fig. 5 (Note: The change curve can be found in
many variations in the literature).
Often, the IT strategy project begins with a kind of “shock” among the partici-
pants. They ask themselves why an IT strategy is needed and what this could have to
do with themselves. Are there any layoffs or salary cuts? The next logical step is then
Denial Commitment
Recognize
Shock
Check out
"Valley of Tears"
Resistance Adaptation
Time
Fig. 5  The change curve
the “denial”. The participants do not want to admit their “involvement” in this project
and often tend to overestimate their abilities. Often in this phase, the employees simply
continue as if nothing had happened and think: “This is just another typical project. I’d
better stay out of it!” This phase is characterized by excuses, denial of facts and mere
minimization.
But the IT strategy project continues and the denial and minimization become more
and more difficult. First, this can lead to anger, frustration or despair among the par-
ticipants. But this resistance is not sustainable forever and the realization comes that the
impending change must be accepted if one wants to stay in the company and not com-
pletely lose one’s career opportunities. This resistance phase is very important for the
managers and initiators of the IT strategy project, because here it is about the later suc-
cess or failure of the IT strategy. It must be conveyed that an IT strategy is essential, that
there is no turning back and that the advantages and added value must be made clear.
After it was recognized in the so-called “valley of tears” that further resistance is
futile, the third phase follows: the adaptation to the impending change or the change.
However, the participants realize that they are still on unknown terrain. A lot changes
through the IT strategy: IT services that were previously provided and maintained inter-
nally are outsourced to external service providers, there are changes and adaptations to
the organization. New roles and responsibilities, new committees and everyone tries to
find their way again. This means great effort under uncertainty for all participants.
Implementation of the Strategy 297
The more the new structures establish themselves and the old patterns of behav-
ior slowly disappear, the more the realization arises that one can feel quite comfortable
in the new environment. Routines arise in the new everyday life and the change or the
change has arrived with each participant. This is the phase in which there is a clear com-
mitment to the new structures, procedures and roles and responsibilities for the first time.
Self-confidence and satisfaction increase again and some will ask why this was not done
earlier. Then the change is done and the new IT strategy is established.
Involving Stakeholders
Not only the IT staff is important for the implementation of the IT strategy, but such
a project usually affects the entire company. In the course of the stakeholder analysis
already carried out in the preparation (see step 1), all important persons who are closely
associated with the project of the IT strategy were worked out. It was also analyzed how
to deal with the respective persons so that they do not hinder, but support the project.
These tasks are now: How can those stakeholders who—for whatever reason—do not
fully support the project be brought to the point that they at least do not disturb the pro-
ject if they are not positive towards it?
Furthermore, it should be analyzed why some stakeholders do not fully support the
project. Were they not involved closely enough in the preparation or in one of the steps
or were they forgotten? Do they not want to make decisions and if so, why not?
Strategy Implementation as a Leadership Task
As CIO or IT manager, do not completely delegate responsibility for the IT strategy to

the project manager selected for the IT strategy, but be present yourself and show that
you are fully behind this IT strategy. Only if direct top management support is available
will all employees realize that this is an important matter that must be followed. This can
also better meet the resistance phase in the change curve.
It is important for a leader to always be willing to self-reflect in challenging projects
like IT strategy development. It is necessary to constantly question whether the process
is going in the right direction, whether everyone is “on board” and where there are still
problems. This should not lead to constant brooding, but show that the leader can assess
the project on a meta level and knows what is necessary to continue driving it to suc-
cess. A portion of calm and confidence in one’s own abilities in this difficult situation for
almost all participants helps to take this meta level and thus to see the project from a dif-
ferent perspective than all participants.
It is also important to treat all participants respectfully and respectfully during this
challenge. Especially in the resistance phase, when many participants arrive in the
“valley of tears”, the leader must be able to deal with it professionally. Organizational
adjustments, outsourcing of services to external providers and the creation of new roles
and committees are challenges that not everyone can deal with well. Here, self-reflec-
tion is important, the courage to show transparency and the already mentioned respectful
treatment of all participants.
Communication of the IT Strategy
Leadership also includes communication. Not every decision needs to be communicated,

but there should be communication of (interim) results of the IT strategy in an appropri-
ate context. This also includes that there are transparent and clear statements about possi-
ble personnel changes. However, this must always be coordinated with the works council
and the management before it is communicated to everyone.
Clear and easily understandable communication is important. A detailed PowerPoint
presentation can be useful in a small group of project participants, but should never be
shown to all those affected in the same way. Here it is a matter of filtering the infor-
mation so that the essential information is compressed and transmitted simply. This
includes, for example, the IT vision and—if available—the mission statement (see step
2).
Pitfalls in Implementing the IT Strategy

In the context of communication, there are some pitfalls to avoid in implementing the IT
strategy. Problems that can arise are:
• An incomplete IT strategy that is not completely or thought through to the end or

coherent
• Wrong expectations on the part of the management, the management or the employ-
ees (here it is early in the context of the stakeholder analysis to clarify which stake-
holders have which expectations and interests)
• Insufficient implementation by the management/management, by completely keeping
out or insufficient communication
• Excessive perfectionism that results in pages-long documents and presentations that
no one is willing to read.
Working Questions Step 7 299
Working Questions Step 7
Procedure model:
• Go through the results of the IT strategy together with all the IT organization’s man-
agement as well as the management from the relevant departments (see measures and
projects in Step 6).
• Identify the key elements and statements of the IT strategy.
• Summarize these concisely in the form of a keyword or a goal (in order to derive the
indicators for the IT strategy cockpit from them in the following worksheets).
Creating the IT Strategy Cockpit
First, as in the example shown above in phase 1, it is about identifying the right key
figures for each perspective. You will find the corresponding table for filling in your key
figures in the following worksheet 8.1, which can be derived from the measures for your
IT strategy.
Worksheet 10.1 Phase 1: Definition of the indicators
◾ For each perspective, please develop your metrics that relate to the outcomes
and measures of the IT strategy you just developed and briefly describe
those metrics in column 3
Perspective Reference number Description
Finance
Internal processes
Learning &
Development
Market &
Customer
After the key figures have been defined and set, phase 2 follows with the definition of the
target corridors for each key figure. The worksheet 8.2 serves this purpose, in which you
transfer the key figures just set and then calculate the actual values in the third column
and set the maximum deviations for the traffic light in the fourth column (please use one
key figure per line for better overview):
Worksheet 10.2 Phase 2: Determination of target corridors / target values
◾ Please take over the just defined ratios from worksheet 10.1 incl. The perspective
(column 1 and 2) and then define the actual calculation for this ratio in column 3. Then
you still have to define the target corridor in traffic light form with the fixed predefined values
Perspective Reference number Actual calculation Target corridor or

Target values
Finance Finance=
Yellow=
Red=
After the target corridors have been set, only the responsible persons (entry in column
3) and the specification of the frequency with which these key figures have to be made
available by the responsible persons are still missing (column 4):
Worksheet 10.3 Phase 3: Determining the responsible persons
◾ Now it is a matter of determining the responsibilities for each indicator, which you should
enter in column 3. Column 4 is used to determine the frequency with which the actual
values are to be presented to the management by the respective person responsible
for each indicator. must be
Perspective Reference number Responsible Frequency of the

Provision
Checklist Implementation of Strategy
A small checklist serves as a reminder of communication and a final stakeholder analy-

sis. This should help to identify supporters and refuseniks in the implementation of the
IT strategy in advance. The worksheet 8.4 shows the last worksheet with the stakeholder
analysis.
Worksheet 10.4 Strategy Implementation Checklist (Stakeholder Analysis)
◾ Please carry out a stakeholder analysis again (use worksheet 1.7 from the preparation
chapter) and consider whether the assessment at the time was correct, how the
respective stakeholder actually behaved and what still needs to be done now in order to
involve all stakeholders as part of the implementation.
◾ Communication preparation
Commitment /
Influence of the Attitude of the
No. Name Function / Role interest in the
stakeholder stakeholder
project
1 = very low 1 = very low 1 = very positive
2 = low 2 = low 2 = positive
3 = medium 3 = medium 3 = neutral
4 = large 4 = large 4 = negative
5 = very large 5 = very large 5 = very sceptical
5
Communication:
• Which communication tools can you use to best reach which
stakeholders?
•
•
•
• When and at what intervals are which communications necessary

for the implementation of the IT strategy?
•
•
•
Conclusion and Outlook
Abstract
What stays behind? What were the key points on the way to the IT strategy? Which
measures could already be implemented and which ones are difficult and why?
Answering these questions is the final chord of this book in the form of a summary
and outlook.
Carr’s opening thesis in the preface was “IT doesn’t matter!” This statement was
rephrased throughout the book in the sense of “What is IT really important for the
respective company and how must IT be organized so that it creates added value for the
company?”
The pure technology, such as the data center, the infrastructure and the telephony have
actually become commodities, as Carr predicted back in the mid-2000s. The key ques-
tions ten years later are in the information that is produced by the technology (can): Big
Data is not just a hype, but essential parameter for IT!
It is always about the information being optimally prepared for the company and
being available to every target group and every department on a permanent basis. The
user is not interested in how and through which these information reach him, because this
is now commodity business and must be provided by IT without noise and as a matter
of course (this is mainly served by the sourcing strategy in step 4). However, the discus-
sion of which information must be made available to whom and when must be carried
out intensively together with the departments in the company. This serves the optimized
governance and organizational models as shown in step 5 and above all the joint discus-
sion with the information and process responsible persons with regard to the application
strategy in step 3. For the efficient control and management of the whole IT orchestra, the
tools such as roadmap, portfolio and IT strategy cockpit were designed in steps 6 and 7.
306 Conclusion and Outlook
The seven steps may not all be of equal urgency in their current situation, but cer-
tainly some topics have given the necessary impetus to think more carefully about the
current situation and to get things moving. The author deliberately refrained from known
standards, best practices and standardized IT processes. This has been described in detail
in other books. Here, the tools are in the foreground, which you can also discuss with the
top management and the executive board. And when presenting them, every inclined cor-
porate leader should find himself again. Because almost all used tools have their origin in
business administration and not in computer science.
Because when developing an IT strategy, it is indeed about IT and its technical mani-
festation, but the decisions are so decisive for the company that they must be made and
decided not in the form of technical details, but consciously in management language.
This should pave the way for closer integration of IT with the specialist departments and
the business and thus enable more effective cooperation.
It is important that IT adapts, transforms and becomes a service provider within its
own company with the aim: out of the technical corner, out of the budget discussion,
towards more togetherness with the same language and on an equal footing!
The topic of digitalization has also and in particular shaped IT. Answers are needed
as to how far IT is responsible for digitalization and, if so, for which topics in particu-
lar. The delimitation between the digital responsible persons or a CDO must be clearly
regulated and the role of IT and the CIO in this context must be clearly formulated for
everyone in the company.
The IT strategy is deliberately not a digitalization strategy. However, it has to provide
content for this in the form of new technology standards, scouting for new technologies
and process optimization in the sense of Industry 4.0.
I wish you every success with all strategic decisions around IT and a good sense of
delimiting the digitalization topics for IT.
References
1. Agarwal R., Sambamurthy V.: „Principles and Models for organizing the IT-Function“, MIS
Quarterly Executive, Vol. 1, No. 1, March 2002
2. AutomotiveIT: „Paradigmenwechsel im Personalmanagement“,http://www.automotiveit.eu/
paradigmenwechsel-im-personalmanagement/news/id-0038968, abgerufen am 28.05.2014
3. A.T. Kearney: „Winning with an IT M&A Playbook“, PDF-Dokument, abgerufen am
19.06.2013
4. Brenner W, Witte C, Erfolgsrezepte für CIOs, 1. Auflage, Hanser, 2007
5. Brenner Walter, Pilgram Uwe, Zarnekow Rüdiger: Integriertes Informationsmanagement,
1. Auflager, Springer, 2005
6. Brenner, Walter: Interview mit Volker Johanning zum Buch „IT-Strategie in 7 Schritten“,
24.05.2013
7. Brenner, Walter, Wulf Jochen, Winkler Till: „Organisationsgestaltung der Demand-IT“,http://
warhol.wiwi.hu-berlin.de/aigaion2/index.php/attachments/single/58, abgerufen am
14.04.2014
8. Broadbent M, Kitzis E: The New CIO Leader, Harvard Business School Press, 2004
9. C4 Consulting und Zeitschrift „IT-business“:http://www.it-business.de/index.cfm?pid=2419&
pk=69155&p=1, aufgerufen am 10.06.2014
10. Carr, Nicholas, „IT Doesn’t Matter”, in: Harvard Business Review. May 2003. pp. 5–12.
Abgerufen im Internet unterhttp://www.roughtype.com/?p=644(abgerufen am 28.02.2014)
11. Capgemini: „IT-Trends 2013“,http://www.de.capgemini.com/resource-file-access/resource/
pdf/capgemini-studie_it-trends_2013.pdf, abgerufen am 28.05.2014
12. Capgemini: „IT-Trends 2014“,http://www.de.capgemini.com/resource-file-access/resource/
pdf/capgemini-it-trends-studie-2014.pdf, abgerufen am 28.05.2014
13. Capgemini: „Application Landscape Report 2014“,http://www.de.capgemini.com/resource-
file-access/resource/pdf/capgemini_application_landscape_report_2014.pdf, abgerufen am
04.07.2014
14. Computerwoche:http://www.computerwoche.de/a/applikationen-werden-zur-last,1232020,
abgerufen am 04.07.2014
15. Cunningham, L:http://www.linkedin.com/in/lewiscunningham, abgerufen am 22.04.2013
16. Fenwick, Neigel, in Forrester Blog: „It’s time to kill your IT-strategy“,http://blogs.forrester.
com/nigel_fenwick/12-03-09-its_time_to_kill_your_it_strategy, 09.03.2012 (abgerufen am
06.02.2013)
17. Friedrich K, Malik F, Seiwert L: Das große 1 × 1 der Erfolgsstrategie, 18. Auflage, Gabal,
2012
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer 307
Fachmedien Wiesbaden GmbH, part of Springer Nature 2022
V. Johanning, IT Strategy, https://doi.org/10.1007/978-3-658-38772-3
308 References
18. Gadatsch, A.:IT-Controlling, Praxiswissen für IT-Controller und Chief Information Officer,
1. Auflage, Springer Verlag, 2012
19. Gartner Executive Program, Januar 2013
20. Gartner Website:http://www.gartner.com/it-glossary/it-strategy/abgerufen am 06.02.2013
21. Gartner Website:http://www.gartner.com/newsroom/id/2575515abgerufen am 22.03.2014
22. Heinevetter, Thomas:„IT-Organisation 2016: Faktor Mensch!“, eine Studie von Kienbaum
unter Kooperation von BITKOM,http://www.partnering.org/fileadmin/Event/BPC/2012/
Vortr%C3%A4ge/Studie%20IT%20Organisation%202016%20-%20Faktor%20Mensch_
Thomas%20Heinevetter_Kienbaum.pdf, abgerufen am 28.05.2014
23. Heinrich, L.J.:Informationsmanagement: Planung, Überwachung und Steuerung der
Informationsinfrastruktur. 7. Auflage. München, Wien, Oldenbourg, 2002.
24. Hodel M, Berger A, Risi P:Outsourcing realisieren, 2. Auflage, Vieweg, 2006
25. Hofmann J, Schmidt W:Masterkurs IT-Management, 2. Auflage, Springer, 2010
26. Holtschke B, Heier H, Hummel T:Quo vadis CIO?, 1. Auflage, Springer, 2009
27. Huber, A:Strategische Planung in deutschen Unternehmen. Empirische Untersuchung von 100
Unternehmen, Berlin, 2006
28. Keller W: IT-Unternehmensarchitektur, 2. Auflage, dpunkt-Verlag, 2011
29. Heinrich, L.J.: Informationsmanagement: Planung, Überwachung und Steuerung der
Informationsinfrastruktur. 7. Auflage. München, Wien: Oldenbourg, 2002
30. Malik, Fredmund:Führen Leisten Leben, 6. Auflage, Campus Verlag, 2006
31. McKinsey Quarterly, Januar 2011:„Understanding the strategic value of IT in M&A“,http://
www.mckinsey.com/insights/corporate_finance/understanding_the_strategic_value_of_it_
in_m_and_38a, abgerufen am 19.06.2013
32. Mintzberg, Henry: Strategy Safari: Der Wegweiser durch den Dschungel des strategischen
Managements, FinanzBuch Verlag, 2012
33. Rüter A., Schröder J., Göldner A., Niebuhr J.:IT-Governance in der Praxis, 2. Auflage,
Springer Verlag, 2010
34. Schawel, Christian/Billing, Fabian:„Top-100 Management-Tools“, 4. Auflage, Springer
35. Seidl, J:Multiprojektmanagement, 1. Auflage, Springer Verlag, 2011
36. Süß, G.M.:Methoden und Techniken im Projektmanagement, WEKA 2004
37. Tiemeyer E.:Handbuch IT-Management, 1. Auflage, Hanser, 2009
38. University of Oxford:One in six IT projects ends up ‚out of control‘,http://www.ox.ac.uk/
media/news_stories/2011/110822_1.html, abgerufen am 06.02.2013
39. Wagner et al.Wie erfolgreiche Veränderungskommunikation wirklich funktioniert?!,
1. Auflage, ProBusiness, 2010
40. Ward J, Peppard J:Strategic Planning for Information Systems, 3. Auflage, Wiley, 2002
41. Weissman, Arnold:Die großen Strategien für den Mittelstand, 1. Auflage, Campus Verlag,
2010
42. Welch, Jack:Was zählt, Ullstein. 2003
43. Witte C:Interview mit dem CIO der Deutschen Bahn, Herrn Kruse: „Ohne Architektur-
Management geht nichts“, Computerwoche Ausgabe 11/2013 vom 11.03.2013, Seite 34/35

IT Strategy - Making IT Fit For The Digital Transformation in Industry

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Strategy - Making IT Fit For The Digital Transformation in Industry

Uploaded by

Copyright:

Available Formats

Volker

ISBN 978-3-658-38771-6 ISBN 978-3-658-38772-3 (eBook)

Responsible Editor: Petra Steinmueller

Marl am Dümmersee, Herzliche Grüße

Introduction and Basic Information on IT Strategy

7 Steps to a Sustainable IT Strategy

The Economic Efficiency of an IT Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Step 6: Implementation—The IT Roadmap, Determination

Introduction to the Topic

Step 2: Analysis of the Corporate Strategy and Derivation

Fig. 3 Demand/supply organization (Demand/Supply). . . . . . . . . . . . . . . . . . . . 199

Volker Johanning is an expert on IT and digitalization strategies to increase the pro-

© The Author(s), under exclusive license to Springer Fachmedien Wiesbaden GmbH, 3

Goals for the

Creating innovative IT solutions for value- Generating added

(e.g. production, logistics, distribution, etc.) Increase efficiency

Automation of standardizable processes Increase efficiency

Fig. 1 Three levers for optimizing the performance of IT

1. Providing innovative and competitive IT solutions for value-added processes

No IT Strategy Without Existing Corporate Strategy

Changes Through an IT Strategy

How Can this be Successfully Realized?

Most Common Reasons Why IT Strategies Fail

Areas of Application, Benefits and Target Group of an IT Strategy

• Before or after company purchases or acquisitions (Mergers & Acquistion)

The Benefits of an IT Strategy

• Ensuring that IT sustainably supports the corporate strategy

Target Group of an IT Strategy

• The management/executive management/board: For the optimal linking of IT objec-

Strategic Planning and Management of IT

In order to “keep an IT strategy alive”, it requires the leadership of all IT responsible

Doing the right things! Doing things right!

What do we do? How do we do it?

Fig. 2 Difference efficiency (operational leadership) and effectiveness (strategic leadership)

Delimitation of IT Strategy to Digitalization Strategy

Level 1 Level 2 Level 3

Objectives: Objectives: Objectives:

Examples: Examples: Examples:

Fig. 3 The three levels of digitalization

An example of a real product innovation through digitalization is the transition from

Fig. 4 Digitalization strategy vs. IT strategy

Worksheet 1.1: Basics of IT strategy

◾ What are the three levers for optimizing IT performance?

◾ When and in which situations (company phases) is an IT strategy particularly needed?

◾ In your opinion, what are the three main benefits of an IT strategy?

◾ What is the difference between effectivity and efficiency?

◾ What is the difference or distinction between an IT strategy and a digitization strategy?

Fig. 5 The success of M&A depends heavily on IT

Working Questions for Chapter 1

The Role of IT in the Company

IT is usually considered as a service provider in most companies. Traditional tasks

© The Author(s), under exclusive license to Springer Fachmedien Wiesbaden GmbH, 17

The IT organization is thus transformed from a “commodity” despised department to

The Role of the CIO in the Company

• CTO as technical responsible on the supply side as well as

Tab. 1 What IT responsible consider important (in 2013) [19]

Business-IT Alignment and Improvement of Customer Benefits

Participation in Management Board meetings

5.2% Survey 2012

Basis: All respondents (n = 167); in percent

Fig. 1 Participation in Board Meetings

Tab. 2 Change in the role of Old role New role

the company. What do marketing specialists or production or logistics departments actu-

Introduction to the Topic

Step 2: Analysis of the Corporate Strategy and Derivation

Fig. 3 Demand/supply organization (Demand/Supply). . . . . . . . . . . . . . . . . . . . 199

Fig. 1  Three levers for optimizing the performance of IT

Areas of Application, Benefits and Target Group of an IT Strategy

Strategic Planning and Management of IT

Fig. 2  Difference efficiency (operational leadership) and effectiveness (strategic leadership)

Delimitation of IT Strategy to Digitalization Strategy

Fig. 3  The three levels of digitalization

Fig. 4  Digitalization strategy vs. IT strategy

Fig. 5  The success of M&A depends heavily on IT

Working Questions for Chapter 1

The Role of IT in the Company

The Role of the CIO in the Company

Tab. 1  What IT responsible consider important (in 2013) [19]

Business-IT Alignment and Improvement of Customer Benefits

Fig. 1  Participation in Board Meetings

Tab. 2  Change in the role of Old role New role

Sourcing Problems: Management of the Supplier Portfolio

Fig. 2  Typical cost structure

Project Management Skills and Better Time-to-Market

Fig. 3  The ten most common barriers in change processes [9]

Compliance and Risk and IT Security Management

Fig. 4  Requirements for IT in 2013

Fig. 5  The success of M&A depends heavily on IT

IT as an Enabler for Digitization and Industry 4.0 in the

Fig. 6  The role of IT between IT industrialization and digitalization

Working questions for Chapter 2

The 7 Steps to the IT Strategy at a Glance

Preparations: Developing the IT Strategy as a Project

Fig. 1  The 7 steps at a glance

Step 2: Analysis of the Company Strategy and Derivation

Step 5: The IT Organization and IT Governance

Step 6: Implementation—The IT Roadmap, Determination of the IT

Methodical Structure of the 7 Steps to IT Strategy

Theoretical Part with Practical Examples

Working Questions and Implementation

Introduction to the Example Company

Goals of the IT Strategy