Application Portfolio Management, Risk and Impact
The vision of product development is clarity. It’s not only about clinical research and development; however, that sector houses the perfect example. The bio/drug/device clinical life cycle can be neatly partitioned according to milestones; similarly Information Technology must partition and allocate its value according to the same. Is IT’s application portfolio structured with a commensurate level of clarity and specificity?
Sub-optimal application portfolio management (APM) or, worse -- absent APM, can exacerbate a journey that takes years. From drug candidacy to approval by FDA, EMA, TFDA… the development process is a winding road of precision, trial and (hopefully not too much) error. The time duration for clinical trials in just Phase I to III, on average, is a decade-long story. This is excluding pre-clinical activities and post-new drug approval (NDA) marketing.
Consider the costs of a decade-long engagement. Think of the extremely varied supply chain, nursed by health institutions and hospitals, practitioners and statisticians and… why do I even try to list them? The participation levels and the diversity of skills and tools are innumerable -- not to mention auditors, regulatory bodies, and investors. Shortening the window of drug development is the advantage that pharma firms and outsourced clinical providers seek. The cycle reminds, yet again, of a foundational expectation in health, medical-device handling, blind studies management, trial management, sanitation, assurance of sterilized instrumentation. It’s about hygiene.
And it’s not just in life sciences.
Hygiene as Environmental Discipline
The term “hygiene” is used too infrequently in Information Technology. Usually it’s cited in information security and commensurate cyber behavior, but it applies to all information domains. Your data and asset hygiene have enormous impacts to the cost of development, and the speed at which analysis occurs. There’s no hygiene without holistic insight into an expensive component of the product life cycle – software applications. In product management and delivery, there is no short-cut to shortening; at least not without thorough, explainable, application portfolio insight. We’re not simply discussing a rudimentary, itemized sheet of software configuration items (CI’s).
As IT Leader in health Sciences or manufacturing, communications or professional services, transportation or R&D, you should manage your applications much like Finance manages its portfolio of investments -- with an ability to drill down to pennies, and to roll up to millions. You should have the distinguishing eyes of a microscope as well as the landscape vision of a cinematographer. Manage your application portfolio from an engineer’s perspective to the board's introspective. Demonstrate the connection of the portfolio to the various steps in your product or service value chain. The mature firm can cost its services and business processes, because they demand hygiene. Moreover, without fully understanding your IT foundation (especially technology assets), the TCO of your firm’s processes will remain elusive.
Application portfolio management is not an Excel sheet of subscriptions or licenses, ostensibly used to control the cost of programs, be they a coder’s API or a subscriber’s cloud. APM is a business means to evaluate software investments, improve cyber security, reduce costs of technology, streamline software support, accelerate business processes, and enhance the bottom line.
Painstakingly consider those objectives. In an executive steering meeting, listen to the questions, which offer opportunities to educate (or which can be disconcerting calls to action). When one hears the ask, “What do we pay for Oracle?” or “How many applications do we own?” or “ Isn’t our subscription cost too high?” your constituents and partners, be they Finance or Sales, Biostats or Manufacturing, deserve confidence that applications are controlled, and understood. They are not a cluster of entropy but, rather, the elegance of the double helix. If this sounds a strained metaphor then ask yourself, “Am I running IT with a scientist’s thoroughness or as a bazaar merchant’s grab-bag?” Are we organizing and forecasting our application needs with an executive view and associations to business processes, or is our application mass just that – a garage sale mess of source code and versions, updates and one-offs, subscriptions and licenses.
The astute leader of technology can answer the business question: why do we have that application? But she must answer it according to the business’ value chain.
Applications Reconcile to Business Processes
Like Sir Alexander Fleming’s penicillin discovery, I accidentally encountered ‘the-scientist.com’ drug development illustration. With its clever icons, the journey of the compound makes its way from candidacy to approval. I’m very familiar with the process, but the image’s simplicity provokes a challenge to all IT leadership. This is an inspiration, to see our environment according to our businesses offerings, aligned to steps in product creation, development and fulfilment. Toward each of those product milestones are a myriad of business processes. Is your application portfolio as straightforward and comprehendible as your business processes diagram? Are your applications (internal or cloud) simple to explain, and reconciled to your business processes? More fundamentally, have we formalized our processes across the enterprise, viewing them from a shared lens?
There are best-in-class applications employed for drug development, and there is no shortage of choices: statistical analysis programs, such as SAS; Clinical Trial Management Systems, such as ClinCapture; Patient Recruitment of iConnect; software and automation from startups to blue chips. I mentioned about three when there are probably thirty-three thousand. And within each are compatibility requirements, regulatory standard mandates, nuances with versioning, even aligned molecular schematics software for some.
Further, your company has administrative systems with less (but still moderate) validation requirements -- utilities for proposal writing, submission packaging, messaging and communications, and standard MS Office suites.
By the way, who’s selling our services?
How many licenses have we obtained for our CRM application?
Are we governing our environment to assure that software version control and our security leaders are satisfied?
Are our tens, hundreds, thousands of applications updated, patched, virtually impenetrable?
Can we slice and dice our application costs and parse them against business services and processes?
Are these questions innocuous, simple to address and administer?
There are formidable application service leaders who respond to those questions fast. But others may reply, “Well, we can get those answers.” That means, “Give us some time, and I don't know how much.” Would a client auditor or regulatory agent be satisfied to sit around your office waiting, staring at your wall poster that ironically lists "Responsiveness" as a corporate value? Meanwhile you scramble through hallways, seeking Sourcing contracts, or a hurried Data Analytics’ CMDB report?
And if you achieve the Archimedian “Eureka” moment, ready to respond to the compliance request, are you prepared for the next question in the list? Now without a sense of shock, please set aside “regulatory” for a moment. What is the purpose of an organized, up-to-date, up-to-date, up-to-date(!!!) view of our complex and distributed applications? How well are we tracking? We do it because it’s the right thing to do, not because an auditor will post a finding. It effects our firm performance.
Application Portfolio Graphics and Communication
Do we have insight into our enterprise-owned, or enterprise-subscribed, applications? Is it a portfolio perspective, that can be pivoted and graphed? Can we immediately, with drill-down capability, review our application costs? Measuring costs of processes, assigning TCO to our services, is at the pinnacle of Information Technology financial insight. Rather than a glob of stuff, our programs, software labor, cloud subscriptions, your maturity as an IT leader (and your credibility as a fiscal steward of your enterprise) all depend on your executive view of the application portfolio.
For bio-pharma, healthcare, and patient management, the grilling scrutiny on IT is warranted, one expects. However, across all sectors there is complexity, in both the hard sciences and social sciences. The care and feeding of your information environment has ramifications from the bottom line to the customer’s care. I heard a clinical sciences manager talk of the urgency and expected perfection in the life sciences sector, the potential danger of error and its impact on each soul: “In our business, we are about human life. Nobody is going to die if an airplane reservation is lost.” Well, perhaps not, but in the airline industry, someone is certainly going to die if the traffic control applications are infected, miscommunicating, or defective. Your governance processes will certainly define proximate risk and its applicability to your business model.
This is also a required view in APM: risk and impact. There is hardly a sizeable business that isn’t dependent on an application portfolio that isn't sanitized and governed.
Applications and the Value Chain
Among your scores, hundreds, maybe thousands of applications, are they housed and structured in your corporate source of truth? If everyone shouts, “Yes,” then I need a celebratory glass of wine from Pasteur’s desk. But in too many companies, the view of applications is siloed. Each silo might be controlling, best it can, the apps to which its responsible.
The Operations leadership will ensure that the CMDB understands all applications and who the primary consumer is. Yet, perhaps it’s just me and I underestimate applications management maturity. I haven’t seen a >1,000-employee enterprise with 99% accuracy in its applications environment. Do we chronicle and control versions, instances, cloud subscriptions (which are also applications(!), integrated hooks and API’s, internally developed code, enterprise administrative systems, client management systems, internal support utilities…. in that list we’ve not even addressed the product development cycle, or manufacturing, or the external service arena.
Sounds daunting, but your corporate value chain is your map forward.
The value chain of your organization should be etched in stone or, rather, a very firm clay.
Assign your IT Business Services to your firm’s Business Processes in the value chain.
Assign your IT Technical Services to the Business Services.
And assign your Applications to those Technical Services.
Ultimately you should have line-of-sight between your application portfolio and your product (or service) life cycle.
As IT manager or leader, ensure that your application portfolio can be defended and articulated at the highest levels of executive management, without listeners requiring degrees in computer science. Without that insight, your competitiveness is at a disadvantage. Your firm’s reputation is an exposure, as are your customers’ lives. This is not hyperbole.
If we consider that what we create, develop, output has a tangible and significant bearing on our customers, then we become part of their success, their families’ well-being.
Application portfolio management is a core deliverable in technology business management. It is the antidote to waste and errors, and a requirement for optimal product delivery.
Expect APM of your CIO and your IT teams.