Table of Contents
Introduction Context of IT at PoliceWhat Represents Value to the Police?Overall Governance Results Thus FarConclusions
Val IT™ was released by the IT Governance Institute® (ITGI™) in March 2006. There has been considerable interest in Val IT, and an increasing number of organisations are adopting it, but there has not yet been enough experience to gather specific Val IT case studies. However, the principles on which Val IT is based, and the supporting processes and key management practices described in Val IT, have been proven effective over many years in supporting effective value governance. This case, that of a medium-sized police service, illustrates the effective use of many of these processes and practices to realize value from IT investments—recognising that the key issue is managing IT-enabled organisational change, not just the technology; understanding all the complementary initiatives required to achieve desired outcomes (the Val IT programme view); managing the investment through its full life cycle; and ensuring clear accountability and measurement.
Fujitsu Consulting, whose experience with value governance goes back more than 10 years, and whose generous sharing of its many years of experience with enterprise value management contributed significantly to the development of the Val IT management practices, supported the police service in implementing value governance. The material herein is provided with permission from Fujitsu Consulting and the police service on which the case was base.
Context of IT at Police
This case study is based on five years’ experience with value governance at a medium-sized police service (‘the Police’). In 1999, the Police undertook a large programme of IT-enabled change to upgrade its aging infrastructure and better support its new business directions. The programme was a big investment for the governing political body and a considerable investment in time and effort by the Police. The Police had to work within strict constraints—seeking renewed funding every four to five years, and returning to the government annually to request funds for the following year. The Police instituted value governance from an early stage to select the right projects within the tight funding and resource constraints, and to report back to the government on the business
outcomes of investment.
What Represents Value to the Police?
As a government agency, business value to the Police is not about financial return on investment (ROI)—it is about:
- Contribution to strategic outcomes (e.g., reduced opportunity to commit crime, improved resolution of crime, safer driver behaviour, improved community safety)
- Streamlining business processes (i.e., taking police officers away from administrative tasks and getting them back to the front line)
- Systems not failing in critical situations (e.g., aging infrastructure replaced, unsupportable applications replaced)
This presented a clear challenge—how to define success and how to recognise it through specific measurement.
Measurement of Value
Since financial ROI was not the goal, it was inappropriate to use net present value (NPV) or other discounted cash flow measures of the value created. Value had to be measured in ways relevant to policing outcomes.
To this end the decision was made to relate the IT initiatives to the strategic plan of the agency and to measure its contribution to the plan outcomes. The strategic plan was analysed, in conjunction with the Strategic Services Division, and represented as a business outcomes map1 (see figure 1 for a summarised version). In this map, circles represent those outcomes that are strategic to the Police, and arrows represent the causal contributions of one (lower level) outcome to another (higher) one. For example, an improvement in the outcome ‘Better Intelligence’ would, in turn, contribute to the next outcome in the chain ‘Improved Investigative Quality’, which would, in turn, contribute to ‘More Apprehensions’, ‘Better Quality Briefs’ and ‘Improved Resolution of Crime’. All outcomes ultimately contributed to the Police mission, ‘A Safer and More Secure Community’.
It was recognised that this sequence of contributions would not happen by itself—it would require other, complementary, initiatives to effect the improvements in the outcomes. For example, implementation of the crime management system made a major contribution to ‘Better Intelligence’. However, turning that into a contribution to ‘Improved Investigative Quality’ required further initiatives, such as training the investigators in best practice use of the intelligence. Turning that into ‘More Apprehensions’ required changes in business organisation whereby a new section was set up to allocate the leads created to police stations for appropriate follow-up.
For this reason, each project also contained the necessary complementary initiatives required to achieve the benefits of the investment—including the necessary change management initiatives required for users, supervisors and managers to adopt the new system. In cases where these complementary initiatives stretched beyond the completion of the IT project, the project governance body was charged with supervising their completion.
The IT projects initiatives (represented as squares in figure 2) were also mapped and linked to their associated business outcomes to show their contribution.
From figure 2
, the contributions of projects to the strategic outcomes were identified. The overall contribution of any project to Police strategy was assessed by:
- Its contribution to its immediate outcomes, each ranked according to 1-None, 2-Minor, 3-Appreciable, 4-Significant, 5-Major
- An overall ranking of the outcomes according to their importance to the Police
- In addition to contributing to strategic outcomes, projects introduced process efficiencies that did not previously exist. This contributed to another strategic outcome, ‘More Streamlined Business Processes’. Process efficiencies typically came in three forms:
- Time savings from specific business processes where the process takes a shorter time after the implementation of the IT system, and the improvement can be measured as the time difference between the new business process and the old—multiplied by the number of times the process occurs per year
- Staff savings where complete jobs are saved
- Dollar savings
Value Governance Life Cycle
The value governance life cycle at the Police is described in figure 3.
The cycle is split into three parts:
Pre-project—Where ideas are received, assessed and qualified. If the idea is good enough, a business case is prepared and put to the value governance body. If the business case meets the value governance body’s criteria, it goes into the programme schedule according to its dependencies and the availability of resources and funds.
Project—Where a project team will design, build and implement the system, including the associated change management initiatives that are required to achieve the business outcomes
Post-project—Where the benefits are vigorously pursued (harvested), and a reconciliation of the benefits achieved against the business case is performed
The life cycle is characterised by five ‘stage gates’ where the investment is scrutinised and rescrutinised by the value governance body. The business case, once assembled at governance gate 2, is updated at gates 3 and 4 to check if it still holds and the project is in good shape to progress—scope and cost changes over the course of the project may render the original business case void. Finally, at governance gate 5, the actual benefits and costs are reconciled to the last business case, and the result is reported to the value governance body for feedback, forwarding to the government, and lessons learnt for future projects.
The entire programme is typically reassessed every four to five years, with an audit of progress thus far and a request to the government for more funds.
The overall value governance body consists of senior officers who oversee all investment decisions. This is a generic term as, in practice, this responsibility has been assumed by different groups as the organisation has changed over the years since the programme began.
Specific Governance Gates
This section describes each of the block arrows in figure 3, in the context of each governance gate.
• Decision to be made: Is the candidate project worth putting forward for business case assessment?
• Submission of Ideas: Good ideas for projects are accepted from across the agency. In addition, all departments within the agency are interviewed periodically to determine their future IT requirements. Good ideas from other police jurisdictions across the world are also monitored, and discussion of the major strategic initiatives within the agency takes place regarding their required IT support.
• Opportunity Qualification: Ideas are de-duplicated, rationalised, grouped, and candidate projects designed. Good candidates (in the view of the value governance body) are put forward for business case assessment.
Business Case Approval
• Decision to be made: Does the investment make business sense for the Police?
• Business Case Assessment: If the project is deemed ‘imperative’ (e.g., critical to the business, a legislative requirement, or central to Government policy) it moves forward by default. If not, the opportunity is deemed ‘discretionary’ and is fully assessed. The assessment involves scoring the project from 0 to 5 according to its benefits, cost and risk:
• Benefits are assessed largely through the contribution of the project to Police strategic outcomes as outlined above.
• Cost is represented as the overall NPV of the upfront investment and ongoing costs, as well as the level of Police resources required to deliver and maintain the system—all assessed against the lifetime of the investment.
• Risk is assessed in three forms:
– Risk of the technology—Is it new to the Police? Are the vendors dependable? Etc.
– Risk of not delivering the project
– Risk of not delivering the benefits
Once scored in this way, an overall score (also 0-5) is determined through a weighted average of the individual scores. All projects are then ordered by their (descending) overall score, and the top projects selected until the available capacity (costs and Police resources) is filled—as in figure 4.
This technique ensures that the best value projects within the dollar and resource cap are selected for implementation. Variations on this principle are used to handle portfolio balancing and new projects that emerge during the year. The scoring and selecting is done by the value governance body itself, which also has a view of the other strategic initiatives going on at the agency.
Gates 1 and 2 have not been used continually for large projects, but mostly in three separate instances when the overall programme needed reviewing. Once reviewed, selected projects were inserted into the programme schedule (next section and figure 5) for subsequent initiation and execution. Lower-level activity between instances helped keep the programme schedule current.
Project Scope Approval
• Decision to be made: Does the investment still make business sense for the Police?
• Scheduling: Because of dollar and resource constraints and interproject dependencies, it is not possible to execute all projects at the same time. Before implementation, all projects are scheduled so that the overall costs and resources fit within predefined limits, and so that benefits and change impacts are spaced out. Other scheduling considerations include project priorities and deadlines as well as project interdependencies.
• Project Initiation: At the appointed time in the schedule, the project is initiated, i.e., located, resourced and funded.
• Scope Definition: The project goes through requirements and design phases, progressively refining scope, while trying to fit within the time and budget constraints. Key benefits can be easily lost in this period through ill-informed scoping decisions. Good scope decisions require an understanding of the contribution made by each of the functional components to the strategic outcomes. The table in figure 6 maps the contribution of each functional component of the system to each strategic outcome. Each contribution is assessed as one of: None, Minor, Appreciable, Significant or Major. Contributions are then weighted and an overall score assessed for each functional component (right-hand column). Scoping decisions can then be made on an informed basis.
Once the scope has been finalised, ready for construction or award of contract, the business case is reviewed to ensure that the project still makes business sense.
Project Go-live Approval
• Decision to be made: Does the investment still make business sense for the Police?
• Benefits Planning: Realisation of the business benefits is planned in parallel with the project construction. This involves mapping the sequence of intermediate outcomes that have to be achieved for the project to achieve its strategic outcomes (figure 7). This is done using an outcomes mapping technique that is similar to the strategic outcomes map shown earlier—only at the more micro level. The technique requires the identification of the other (complementary) initiatives that are required to achieve the strategic outcomes. For example, business processes may have to be redesigned, or parts of the organisation may have to be restructured. This planning has to be completed in time to execute the complementary initiatives. The resulting map helps clarify the expected benefits, shows how to achieve them and sets the framework for the necessary measures, targets, and timescales. All measures are baselined (i.e., their preimplementation state is measured) prior to system go-live.
• Decision to be made: Did the Police realise the expected value from the investment? If not, why not?
• Benefits Harvesting: The key to benefits harvesting is active management of the postimplementation phase by the specific part of the business. To this end, the Police have set up a number of business system owners groups (BSOGs)—groups of senior officers from relevant areas of the business who take full responsibility for achieving the benefits. The groups monitor progress toward benefits using a specific reporting mechanism (see figure 8) that tracks progress from system stabilisation through people change to delivered benefits. Where outcomes are offtrack, the BSOGs take remedial action as necessary to bring them back on track.
The reporting mechanism is in the form of a scorecard of outcomes (see figure 8) representing desirable postimplementation results in the areas of:
– System stabilisation and ongoing enhancement (e.g., ‘all critical faults fixed’)
– People change (e.g., ‘users confident using the system’, ‘best practice usage shared across user base’)
– Business benefits (e.g., ‘improved investigative quality’, ‘more crimes solved’)
These are structured into five levels, and progress is measured upward, as outcomes are achieved at the bottom level first and the top level last. The result is a visual ‘staircase’ to monitor progress toward the ultimate goal of achieving the benefits for the agency. This scorecard forms the basis of BSOG reporting.
• Reconciliation: Finally, once the BSOG is satisfied that all the benefits have been achieved, the benefits and the costs/resources expended are assessed and compared to the last business case (at governance gate 4). This reconciliation completes the picture of how and why the business case has changed since the original one was submitted. This information is reported back to Government, and fed back to the value governance body for lessons learnt for future projects.
Results Thus Far
While the programme has been underway for some time, it is still early for the Police in terms of benefits harvesting. This is because a lot of the early projects simply laid down the infrastructure for the later business applications. Also, even with active management of the postimplementation, it takes time to fully realise benefits—up to two years in most instances. However, a number of positive results have been achieved at the Police during that time.
The IT projects initiatives have significantly improved support to general duty officers, crime analysts, prosecutors and call-takers, resulting in:
- Appreciable time and effort savings—equal to 89 staff so far
- Better targeted patrolling, leading to more crimes prevented
- Better quality court briefs, leading to more successful prosecutions
- More property returned to its rightful owner
- More timely information for officers-in-charge
- More crimes solved and perpetrators dealt with—Property crime (e.g., burglaries, vehicle theft) in the community has dropped considerably since the introduction of the crime management system (see figure 9)
Figure 9 shows the trend in property crime since 2001. The considerable reduction is due to a combination of interrelated factors:
- DNA analysis capability was appreciably stepped up in 2002, with new legislation, better training of officers and a DNA database, enabling the Police to better match suspects to crime scenes.
- The crime management system was available to the Police from January 2003 to help manage the samples and linkages created as part of the overall intelligence piece of the agency.
- The linked crime unit (LCU) was set up within the Police to manage the DNA-driven and other (e.g., fingerprint) linkages created, bring the linkages together with other intelligence, and pass on clear leads to investigators using, among other tools, the crime management system.
Just as important as the business outcomes, value governance has created a culture within the Police that respects the business value to the agency of the new systems. The culture has taken some time to build up, and the key components are:
- Recognition of the need for an independent value governance body
- Executive sponsorship of projects
- Independent, objective evaluation of all candidate projects
- Joint business/IT project teams
- Recognition of the need for the management of people to change to achieve benefits
- Recognition of the need for measuring the benefits created
The culture is ongoing within the Police and ensures that IT project selection is objective, thorough and aligned to agency strategy; that ‘structuring for business success’ is embedded into the IT project delivery process; and that the relevant area of the business is accountable for the delivery of benefits. Another benefit of the culture change is that this thinking is also being applied to non-IT projects in the agency.
Despite being unable to evidence any financial ROI, the Police were able to set up a framework for selecting, executing and realising the value of IT projects. The real value to the Police from new IT systems is about doing things better with fewer staff. Value governance is very effective in helping achieve this outcome.
1 Outcome maps are based on the Results Chain which is a proprietary technique of Fujitsu Consulting, and the term and descriptions of the technique are provided here with permission of Fujitsu Consulting.
IT Governance Institute®The IT Governance Institute (ITGI) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers electronic resources, originalresearch and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities.
ITGI (the ‘Owner’) and the author have designed and created this publication, titled Value Governance—Police Case Study (the ‘Work’), primarily as an educational resource for control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information procedures and tests or exclusive of
other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, controls professionals should apply their own professional judgement to the specific control circumstances presented by the particular systems or information technology environment.
© 2007 IT Governance Institute. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written authorisation of ITGI. Reproduction of selections of this publication for internal and noncommercial
or academic use only is permitted and must include full attribution of the material’s source. No other right or permission is granted with respect to this work.
IT Governance Institute3701 Algonquin Road, Suite 1010Rolling Meadows, IL 60008 USAPhone: +1.847.590.7491Fax: +1.847.253.1443E-mail: firstname.lastname@example.orgWeb site: www.itgi.org