Companies that provide services to their paying customers tend to know a lot about those services, end-to-end across their value chain. They know how much it costs to deliver them, how to price them, the risk and reward of bringing in new services, and the costs of providing customer support.\n\n\n\t\n\tRobert Kuppens\/Boston Consulting Group\n\n\nWhy should IT, which provides a whole array of services to its internal customers and in many instances, also external customers, be any different?\n\n\nThat\u2019s the approach that Robbert Kuppens, global CIO of management consulting firm The Boston Consulting Group (BCG), takes.\u00a0 He recently introduced a new services operating model for his IT organization.\n\n\n"IT can learn from what manufacturing figured out years ago," Kuppens says. "If you deliver a product that is composed of different components, you know the total cost of goods sold (COGS). Why should we treat IT any differently?"\n\nAlign business value and IT costs\n\nWhether we are talking about hardware, software, or labor, IT is a chain of different components, each with a specific cost. The more known and predictable those costs, the better CIOs and their colleagues can manage them and align them to the company\u2019s strategy and the value IT brings.\n\n\n"Historically, it was, 'I'll give you a laptop and you can send an email with attachments and access applications via a Web browser'," says Kuppens. "Today, as the whole world moves to 'as-a-service,' IT does so much for its business that we need to be more predictable about how we deliver value against costs. Our operating model has to reflect that change."\n\n\nWith the complexity of the IT services supply chain and the importance of IT to business strategy, says Kuppens, "IT organizations would be well advised to move to an IT-as-a-service model. Like it or not, more and more of the services we deliver as IT will be a combination of our own 'as-a-service' capabilities and services that we obtain from SaaS, DaaS, PaaS and IaaS vendors. Our challenge is to plan and architect these services, devices and data so that they are aligned to the overall strategy of our business. We need to and provide the right services, apps, and data to the right people and devices at the right cost with the right experience."\n\nClassify IT capabilities\n\nThe first order of business when shifting to a services model is to develop the ability to delineate between commodity and differentiating IT capabilities. "If we are going to deliver the right IT services at the right cost," says Kuppens, "then we have to know (1) which services need to be world-class, meaning our service is better than anyone else\u2019s; (2) which need to be best-in-class, comparable to other professional services firms, and (3) which are next-in-class or commodity."\n\n\nFor most of their IT capabilities, BCG uses a "smart follower" strategy, but as a high-end consulting firm, knowledge and experience management has to be world-class. "Any time an employee joins BCG, we start capturing their area of expertise and the content they create in a knowledge management system, so that we can manage and enrich the knowledge and experience of the very bright people we attract," says Kuppens. "In order to compete and keep attracting the brightest people, we need to be better at that than everyone."\n\n\nHow BCG goes about securing their information may be a best-in-class capability, for example. They do not need to spend as much as, say, the NSA, for whom securing information must be a world-class capability. Provisioning laptops for new employees is non-differentiating; it\u2019s a commodity, but the type of laptop provided needs to be best-in-class.\n\nIT service capabilities roadmap: Standard, alternate, exception, prohibited\n\nOnce you categorize services across your value chain, you are ready to build the roadmap for each service to validate that categorization with the business. Perhaps you are best-in-class at customer engagement, but your business goals require you to be world-class. Maybe you spend too much on network performance which, for your firm, is a commodity. Finally, to drive scale and flexibility the BCG IT team defines for each service what offering is standard, alternate or exception. Thus allowing for agile innovation to happen whilst maintaining scale for manageability, serviceability and overall cost.\n\n\nWhile you are busy developing that roadmap, you should also take a hard look at all facets of your IT organization. "If you want to be an IT-as-a-Service organization, you have to look at your governance, operating model, people, technology platforms and the key metrics that measure the success of those services. You need to view these as the five areas of your balanced scorecard to keep track of progress," says Kuppens.\u00a0\n\nChanging your IT team\u2019s mindset and composition\n\nKuppens and his team leveraged both BCG\u2019s Technology Advantage (TA) methodologies and frameworks, as well as his experience from Cisco and other best practices across multiple industries.\u00a0Leveraging the IT Capability Maturity Framework (CMF), developed by the Innovation Value Institute, the team looked at 40+ core processes and assessed their level of competence for each, on a scale of one to five. This helped the team to figure out how they were performing against the roadmap.\n\n\nAt the same time, Kuppens delivered a new message to his team. "I told them that their job description was about to change," he says. "Instead of being the provider of the laptop, you are the provider of that service." This meant that his team would learn to conduct a new kind of analysis of their services and also increase their own digital maturity.\n\n\nWhat is the cost of the laptop including all software and time needed to secure the device at the level required for BCG? What does it cost to provision the service? Based on that, what is the total cost of delivering a laptop to a new employee? What is the quality of the laptop against its cost? What would be the total cost of ownership if we outsourced laptop provisioning, whilst delivering the high level of service and security our consultants and clients expect?\n\n\nAdopting a service mentality for a team that has traditionally thought of IT as projects, systems, or products can be a hurdle, and requires some education about what service ownership means.\n\n\nAll service owners, the framework suggests, should take a "3x3" view and understand the following about their IT service:\n\n\nVertical (or stack) 3: \n\n What is the user experience? What devices will the service be used on? How will it be used, by whom and where?\n What application or middleware does it run on?\n What is the infrastructure involved? Has it been dimensioned for the expected number of users or devices? How does it scale?\n\n\n\nThe horizontal 3: \n\n Is it appropriately secure to the standards we use at BCG to secure ours and our clients\u2019 intellectual property?\n Is it serviceable? Or is it a one off point solution without any required service?\n What impact does it have on the architecture? What are the dependencies across the services? Is there a committed roadmap for this service?\n\n\n\n"If you don\u2019t ask these '3x3' questions about every IT capability and service, you risk getting siloed," says Kuppens. "Your architecture person might think about the architecture, but not about security; the security person might not think about the end-user experience." The new approach ensures that people across the organization started connecting the dots themselves as they become a key part of the overall end-to-end service.\n\n\nBeginning in 2017, all service owners use the "3x3" analysis as a performance metric. "My IT team and I have quarterly service reviews and the service owners report on quality, user experience, risk profiles, cost metrics, scalability, and architectural requirements," says Kuppens.\n\n\nKuppens offers some advice to CIOs on the journey to a services model: "Don\u2019t underestimate the mindset shift that your IT team will go through to get to the new model," he says. "Me telling them they will have a new performance metric on the first day of 2017 would not be fair if I hadn\u2019t educated them or updated our overall career framework reflecting the new roles and responsibilities." Kuppens provides ongoing training to get people acquainted to the new culture and operating model and the career framework is step-by-step updated whilst also bringing in new people with ITaaS operating model experience.\n\n\nThe next step is to ensure everyone at BCG understands this new model, not just IT.\u00a0"We have some smart people across the company who will ask someone they know in some startup to develop a new app for them," Kuppens says. "We tell them, 'Fine, but make sure to do the 3x3. Is it secure and serviceable? Will it break our architecture? What is the user experience? Can we run this on AWS or Azure? What is the expected uptime?'" If the new application or data business case passes the basic 3x3 demand-clearing assessment, the business can move forward with IT\u2019s oversight.\n\n\nHaving now adopted the services framework, BCG\u2019s IT organization is finding a reduction in shadow or stealth IT, but more importantly a higher level of understanding throughout the firm that not having the right level of security isn't an option. According to Kuppens, "The services model and the 3x3 check helps us work together to innovate at scale while keeping us secure."\n\nAbout Robbert Kuppens\n\nRobbert Kuppens joined BCG as the global CIO in January 2014. In this role, he is responsible for driving both IT innovation and operational excellence, and collaborating across the BCG operations team to optimally enable BCG's strategy consultants and BCG's customers. Prior to joining BCG, he was the CIO of Cisco Europe, Middle East, Africa and Russia (EMEAR) from 2007, and before Cisco he was a KPMG partner responsible for e-Strategy in the Netherlands. Kuppens received a Masters in Computer Science from the University of Utrecht where he is a regular guest lecturer.