The IT Supply Chain

Reposted, original on the “IT Governance, the Kapteyn’s view” blog on Computerworld UK in July 2009

One of my favorite books is The World is Flat from Thomas L. Friedman. In this book he describes a number of technological developments and how they lead to globalization. Though you might disagree with some of his conclusions, the (technological) developments are undeniable and so is the general trend towards globalization. What the effect of the current financial/ economical crisis will be on this trend is uncertain, but if we steer clear of the threat of protectionism this trend will probably continue. One of the driving forces for globalization he describes is ‘supply-chaining’. According to Wikipedia, “A supply chain is the system of organizations, people, technology, activities, information and resources involved in moving a product or service from supplier to customer.” This brings me to the topic of this article: the IT Supply Chain.

One economic rule says that a specialized economy where entities use their resources to produce goods and services that they can produce efficiently, and then trade the surplus for items they need but that others can produce more efficiently, will have a larger overall production than an economy where each entity produces everything it requires by itself. This is the underpinning argument for globalization advocates; global trade will benefit the entire world in the long run. This law however also applies on a much smaller scale: for each required product or service, an organization needs to decide to “make or buy”. Often buying will be more efficient but will have a number of negative side effects (including risks) that the organization needs to be aware of and manage. For example the product/ service offered by an external party might not fit the organizational specifications 100%. Furthermore there is always the risk of a supplier defaulting on his promises. All this should be reflected in the corporate sourcing strategy which sets the rules and guidelines for the “make or buy” decision process and for deciding on who should be an external supplier or partner. In turn the corporate sourcing strategy should be “operationalized” for the IT function in the IT sourcing strategy. For the clarification of this term please read the article “Operationalizing” strategic goals in this blog. Examples of guidance from the IT Sourcing Strategy might be: IT technology systems, services and/ or knowledge that are part of the Corporate Unique Selling Points shall be developed, run and maintained in house. We want to work with a limited number of (preferred) IT suppliers. We always want to work with the best of breed technology that matches our requirements; who supplies that technology is a secondary concern. As these examples already show, some of these strategic statements might be mutually exclusive, so it is important that an individual organization really looks at its culture and requirements when developing its sourcing strategy. This also means that an (IT) sourcing strategy is as unique as the organization it was developed for.

If we have a good overview of the IT services required by the business and how they can be broken down into their sub-services (IT systems, infrastructure, components, etc.), we can apply the sourcing strategy to each of the components and describe the overall IT supply chain for the complete set of IT services offered to the business. Not only does this help decide on the internal structure of the IT function, but more broadly, it shows the complete IT environment including the external suppliers and partners, their importance, risks, etc. Once we have an overview, we can start managing it to improve efficiency, effectiveness, performance. We can look at the IT-related risks, not just for the internal function but for the entire environment, and manage it. Basically we can apply all knowledge and experience available on the topic of supply chain management to the IT environment of the organization.

One of the most important rules of supply-chain management is to ensure a common language, with well defined terminology, to be used by all parties in the supply chain so to minimize the risk of misunderstanding. This drives the development of open standards for a wide range of topics, ranging from technical specification for the smallest components to standard government approaches towards import duties etc. In the same way, open standards for IT organizational models would help to improve the efficiency and effectiveness of the IT supply chain. If we have a common understanding of the basic definition, goal, purpose of the incident management process, say, it will be that much simpler to transfer the operational maintenance of IT systems to an external partner (outsourcing), should this be in line with the sourcing strategy. It will make the IT supply chain more flexible and agile to change should circumstances require it. This is one of the reasons why I advocate the closer alignment (if not integration) of the leading IT Organizational Models (ITIL, CobiT, ISO 20000/ 27000/ 38500, etc.). Having said this, I subscribe to the view that “on implementation a model should be adjusted to the need of the individual organization not the other way around”. As a result, each individual implementation of any of the industry standards might differ from one organization to the next. So as usual a careful balance has to be struck between customization versus standardization, also when designing and implementing IT organizational structures according to industry standards and best practices. Both the internal organizational situation and culture and the external IT environment relevant to the organization should be considered. A well established and managed supply-chain is so much more than the sum of its parts, as Dell and Walmart show.