U of T Information Technology Services (ITS) Review 1. Introduction a. Background b. Vision c. Assumptions 2. Findings: Description of ITS at U of T a. Scope of investment in IT services and operations b. Duplication and redundancy c. Opportunities for cost-savings d. Access to existing systems and services e. Risks f. Finding the balance between central and local service delivery g. Current governance and management structures h. Talent and innovation 3. Principles a. Mission and Governance b. Strategy c. Leadership and Management d. User-oriented Services 4. Organizational and Management Structure a. Need for a central IT unit b. Leadership – Creation of CIO position c. Mandate of CIO d. Process owners e. Service oriented operation 5. Committee Structure 6. Summary of Recommendations APPENDICES APPENDIX A: PDAD&C#46, 2006-07 - Information Technology Services Organizational Review APPENDIX B: Terms of Reference APPENDIX C: IT Services Self Study Questionnaire APPENDIX D: Compilation of Self-Study Material APPENDIX E: Executive Summary of the IT Survey APPENDIX F: Report of the External Reviewers _____________________________________________________________________________________________ ITS Review Report October 2007 Page 2 1. Introduction (a.) Background In March 2007, the Office of the Vice-President and Provost undertook an administrative review of University information technology services (ITS). The centrality of information technology services to the University’s activities – educational, research, administrative – warrant a clear articulation of the priorities and objectives of these services. At this juncture in the institution’s history, information technology services are delivered both centrally, across a wide range of portfolios, and also at the divisional and departmental level. This division of labour has arisen incrementally, in a somewhat ad-hoc manner, resulting in a lack of clarity around the process for governance, organization and accountability of these services. A main focus of the ITS Review Committee1 was the extent to which the governance and organization of ITS could be rationalized, in a way that best meets the needs of the users – students, faculty and staff. The following were the two core questions at the heart of the ITS Review (as articulated in the terms of reference2): 1. What functions, today and looking to the future, are needed by students, faculty and staff to interact, communicate, study, perform research, manage operations and support services? 2. Based on these requirements, what kind of governance and organizational structure is needed to ensure that these services are efficiently deployed and maintained at an appropriate level of service? Importantly, the goal of the ITS Review Committee was to provide recommendations for the organization of IT services at the University of Toronto. As part of the overall review process, academic and central administrative divisions participated in a self-study exercise. The self-study questions are outlined in Appendix C. Appendix D is a compilation of the responses submitted as part of this exercise. In addition, an internal survey and focus groups on ITS at the University of Toronto were undertaken in support of the work of the Committee. The main purposes of the survey were to (1.) ask users what IT tools are now being used and if these tools are doing their job; and (2.) find out which tools will be needed in the future.3 Following the completion of the survey, a number of focus groups were conducted to dig deeper into the survey results. An executive summary of the findings of the survey can be found in Appendix E. The committee also commissioned an external review. Two reviewers, Professor Anthony Masi [Provost (and formerly CIO), McGill University] and Ms. Annie Stunden [retired CIO, University of Wisconsin (Madison)], visited the University on June 7 and 8, 2007. The reviewers met with administrative systems staff, divisional IT leadership, senior library staff 1 See Appendix A for Committee Membership. See Appendix B. 3 The process to develop the survey was undertaken in part by the Techknowfile.07 (TKF.07) Steering Committee and AMS staff with support and advice from the Office of the Vice-President and Provost. The survey itself was done in conjunction with TKF.07. A third party was contacted to develop an on-line survey. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 3 2 (including the Chief Librarian), registrarial staff, student life staff, RCAT staff, as well as with the Vice-President and Provost, and members of the ITS Review Committee. A copy of the review report is included as Appendix F. (b.) Vision The Committee determined that it will be necessary to first articulate where we want to be in regard to the delivery of these services before launching fully into the discussion and analysis of what potential changes are required to the organization of ITS at the University of Toronto. To this end, we propose that a clear vision statement for information technology services at the University of Toronto be adopted. For example, the Committee suggests that a statement might be: Information Technology Services will be developed and deployed so as (i) to enable the research and teaching mission of the institution as a whole, and (ii) to support the academic and intellectual goals of all individual and collective members of the University of Toronto community. Final wording on such a statement is beyond the mandate of the Committee. This statement is presented for illustrative purposes – the task of developing such a statement should be a priority for the leadership of ITS at the University as the recommendations below are implemented. (c.) Assumptions The Committee also recognized that its work and its subsequent recommendations are rooted in some core assumptions about information technology services at the University of Toronto. The first, and most fundamental, assumption is that since the University’s core mission is inherently information-based, the management of its information technology services must be considered as part of, not just support to, the University’s core mission. In order for information technology services to effectively advance the University’s mission, it is necessary to have an appropriate balance between central and distributed services, together with integrated management. We need to optimize delivery of ITS to improve the student experience, support divergent local needs, facilitate data collection and analysis, and ensure overall support of the mission of the University. Our ITS structures, and our delivery of ITS, must be able to respond to the relentless pace of change in the information technology world. It is essential that we have the ability to look ahead and be able to adopt and implement new innovations in a timely, effective and efficient manner. In addition to being a consumer of ITS, however, the University’s role as a producer and purveyor of knowledge means that there is also a role for the institution in reflecting upon the use of IT and its impact on society. The University and its divisions should be able to examine, evaluate and implement new services and serve, where appropriate, as a model for other institutions and organizations. Finally, given the restrictions on the University’s budget, it is all the more important that any spending on ITS be done in the most cost-effective manner. It is also important to recognize that appropriate ITS investments have a tremendous impact on other parts of the institution. Silobased budgeting and decision-making can hinder recognition of this. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 4 2. Findings: Description of ITS at U of T a. Scope of investment in IT services and operations ITS represent a significant part of the operations of the University. The University spent at least $68 million in ITS-related salaries, hardware, software, and services in 2005-06. Of this, about $24 million may be attributed to the central IT services, the balance being spent at the divisional level. There are 509 ITS staff with ITS related job titles4 in central and divisional departments. These estimates show that information technology services, in terms of the involvement in business processes, expenditures, and number of staff, represent a considerable and essential aspect of University operations. It is important to note that these figures as presented are almost certainly understated, since many ITS expenses will not be coded as such, and ITS duties are performed by individuals who do not have ITS-related job titles. Given the proportion of the University’s operating budget related to ITS, and the fact that ITS functions are now an essential part of virtually all other business functions, the governance, management and accountability for these services deserve close attention. [For more details on the scope see Appendices C, D, and E.] b. Duplication and redundancy A broad array of IT services and supporting hardware and software applications exist at divisional and departmental levels. Examples of the ITS diversity, complexity, breadth, and at times, duplication, were illustrated in the responses to the Self-Study questionnaire. For example: • 128 identified e-mail systems are provided across the departments. Policies, archiving and recovery methods, delivery and uptime service levels are not consistently defined. • Departments, central and divisional, and application providers, provide help desk services. Some are specific to their department or application, others provide general support. Many services use Web-based, help-desk ticketing systems, but the systems are not connected to other groups, and/or the applications are sourced from different vendors. We are far from a one-stop point of contact. c. Opportunities for cost savings Web-site content management systems (such as IronPoint, Joomla, Plone, Contribute, the UTSC Intranet) permit non-technical users to publish to the Web which is an exceptional efficiency. There are, however, still dozens or hundreds of sites that are manually coded. Ideally, one or a smaller number of implementations, could be made available to the community. Standards and style guidelines need to flow across the university. High-performance computer (HPC) arrays require power, space, and specialized operators. There are dozens of clusters. Opportunity for cluster sharing, or grid computing configurations, could be provided to support those not having access to HPC, and would reduce the energy and space requirements of standalone clusters. The Committee understands that needs for research computing are specific to individual areas and that these should be managed at the local level. However, the impact of research computing on infrastructure is significant and these infrastructure needs should be centrally coordinated. 4 According to the HRIS occupation code classification. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 5 Thousands of servers are used for file and print services, security, storage, database, and Web application hosting. Each requires space, power to run, cooling, patches, upgrades and ultimate replacement. Industry estimates suggest that servers are utilized at 5-25% of their capacity.5 Servers require constant attention for data security and performance. d. Access to existing systems and services Video-conferencing and collaboration tools are available across the university, but not in a formal, accessible, and interoperable manner for the community. e. Risks Best practices for security, business continuity and disaster recovery, system access controls, and general IT operations and data management are not institutionally coordinated. Though best practices are in place, they are not applied consistently across the university. f. Finding the balance between central and local service delivery Local service providers offer familiarity, customized support and proximity, aspects that are not as easily demonstrable in a highly centralized environment. Knowing whom to call for assistance or information, a major concern of the user community, is more readily accomplished when there is a local resource to contact. These factors support the rationale for developing and maintaining a local infrastructure. Finding the appropriate mix of services to provide locally or obtain centrally is a common concern. There may be reasons to manage what may be termed “common” or “commodity” services in a very distributed environment, yet there are tremendous opportunities for improved resource allocation by providing highly functional, commodity services from central providers. The end result may be to increase the local resources directly available to the specialized needs of a department as well as reinforcing the capabilities of common services by reducing the fragmentation. g. Current governance and management structures As IT service providers and their consumers work to set their plans and priorities, the decentralized character of ITS governance at U of T has made it difficult to set standards and directions. Currently there are a number of institutionally-focused IT groups, with their own steering or advisory groups (e.g., AMS, CNS, RCAT and SIS), as well as IT committees at the Faculty or departmental level. At the institution-wide level, two bodies, the Computing Management Board (CMB) and the Academic Computing Advisory Committee (ACAC) provide fora where discussion of IT issues and policies, as well as review of institutional projects take place. As currently implemented it has been nearly impossible, within this governance structure, to define or ensure alignment of ITS investments with institutional priorities. There is also, in some cases, a lack of clarity around responsibilities and purposes of the various committees. h. Talent and innovation At the same time, it is clear that our individual IT services throughout the University are able to meet very high standards. Our ITS have been at the forefront of many innovations through the 5 http://www.microsoft.com/presspass/features/2006/may06/05-22Virtualization.mspx ; http://www-03.ibm.com/systems/z/about/charter/value_utilization.html _____________________________________________________________________________________________ ITS Review Report October 2007 Page 6 years. Ideally, some of these innovations could be further maximized through an increased level of sharing and implementation across the institution. There is no question that there are strong information technology services at U of T, and that in general, as the External Reviewers have pointed out, “…the individuals who provide services are dedicated, hard-working, and knowledgeable.” What the review committee is most concerned with, given the findings, is how the University as a whole sets strategy and priorities for ITS. 3. Principles In the same way that the Committee determined it was appropriate to outline the assumptions about ITS at the University, the Committee also felt it was appropriate to establish the principles that should be at the foundation of any reorganization. These principles are as follows. (a.) Mission and Governance Since the University’s core mission is inherently information-based and the management of ITS is part of, not just support to, the University’s core mission, that mission must be advanced through the highest level of IT services for students, faculty, and staff. Importantly, as a consequence of its involvement in the academic mandate of the institution, the strategic oversight and management of ITS must be accountable to the academic leadership of the University, including Principals and Deans. This should be clearly reflected in the decisionmaking and accountability structures related to ITS. Expert oversight of the design, development, deployment, and maintenance of ITS must be one of the highest priorities of the University, in alignment with its academic mission. (b.)Strategy U of T must collaborate and learn from our peer institutions (especially those with advanced policies and practices) with regards to the provision of IT services—finding economies of scale, collaboratively developing solutions, embracing shared standards of interchange and interoperability, etc., as appropriate. System selection or development specifications need to consider a number of factors, including satisfying the functional and informational needs of the (often varied) users of the system. The University is not alone in the quest to develop an optimal ITS organization. Other large complex research universities have faced similar issues. The challenge for ITS management at U of T is to learn from and build on these other institutions’ experiences while recognizing and responding appropriately to the unique circumstances of our own institution. The complexity of our institution also means that there is existing breadth and depth of ITS expertise within our multiple constituencies. Rather than ‘reinvent the wheel’, the University must recruit and build on the insights, strategies, and advice of relevant academic and administrative divisions. The distribution of ITS across campuses must be integrated through effective communication and strategic planning among relevant Divisions, involving academic, ITS, and administrative leadership, as appropriate, so as to optimize cost effectiveness and encourage the development of innovative applications. In addition, it will be important to consider the repositioning of existing ITS-related committees at the University. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 7 Finally, the organization of ITS on the campuses must have appropriate mechanisms in place to ensure that academic priorities, as well as sensitivities to the student experience, are at the forefront of ITS-related decision-making. (c.) Leadership and Management Management of ITS must exemplify the highest level of business function, including decisionmaking based on a strategy, ongoing analysis of risk and assessment of return on investment. Opportunity and risk assessment must be both academic and financial, and include the risk of not having supportive, progressive ITS. There is no question that ITS expenditures must be reasonably constrained, consistent with the University budget. Cost-effective, reasonable and efficient solutions to current ITS challenges must be sought, including creation of interoperability among existing systems. It is also apparent that ITS solutions can help the University in addressing its challenges – investments in ITS could have significant impact on productivity and efficiency in other areas. Importantly, cost analysis must reach across administrative and budgetary silos. In making decisions about ITS investments, it will be necessary to consider the full costs of new systems. This should be done with a view to the long-term horizon from the institutional perspective and involve an assessment of the full life-cycle costs. Impact on faculty and staff work processes, training requirements, space and operating costs should be among the many factors considered when making decisions about ITS. Processes for maintaining services, as well as the mechanism to do the analysis on the services, must be in place. In terms of resources in support of ITS, administrative- and education-related ITS should normally be funded from resources of the University. On the other hand, most large-scale, research project-specific ITS will need to be funded primarily by sources outside of the University’s operating budget (e.g., granting councils, other government sources, private sources). In some cases, however, it may, be prudent for the University to direct resources to the development and innovation of ITS provided that these lead to ultimately deployable systems. The University should also consider developing a long-term budget plan for the capital and onetime-only costs required for regular renewal of ITS infrastructure. Estimation of such an annualized cost will facilitate budget planning at the divisional level. Standards of systematization, interoperability, and exchange should ideally be based on (open, as far as possible) standards of interchange, rather than on specific systems or suppliers to ensure the greatest possible flexibility, maximize options and minimize cost. Subject to academic oversight, ITS management must deal skillfully and effectively with the complex challenges raised by confluence of five competing factors: (i) dealing appropriately with the particularities and complexities of local circumstances, such as security and convenience; (ii) the cost (especially taking into account the long-term) of home-grown systems; (iii) the overall risks and expense associated with different provider sources; and (iv) the large development gap between traditional academic research and the requirements of operational services, and (v) consideration of the risks and benefits or purchased/licensed systems or applications. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 8 (d) User-oriented Services ITS should be developed and delivered with a focus on the end user, rather than the personnel or organization supporting them, and on the services provided, not on the systems used to implement those services. Prolonged investment of resources into applications shifts focus away from those using the application to the applications themselves. This negatively affects the alignment of ITS to the organization’s purpose as applications take on a life of their own. Our objective is to make the person the focus that applications, and their providers, address. This supports the overall objective of providing information and services to people where, when, and in the appropriate form, that best meets their needs. ITS organization needs to be structured so that flexibility is maintained to allow for a wide range of tiered service level agreements, so local needs can be adequately and efficiently met. 4. Organizational and Management Structure The Committee received considerable feedback on diverse issues and concerns regarding ITS. The institution faces many issues, from review of the number of email services provided to decisions about upgrade paths for major systems like AMS. The University must also ensure that it has robust processes in place to meet requirements with respect to privacy, security and business continuity. It was not the Committee’s role to solve these or the many other issues related to ITS that we face – although members of the Committee and community clearly have views on these matters. Rather, our role was to recommend management and organizational structures that would allow for these types of issues to be fully assessed using principles such as those outlined above, for recommendations to be formulated based on those assessments, and for clear pathways for decision-making regarding those recommendations and implementation of the selected actions. What follows is a description of the elements of a management and organizational structure that the Committee believes would respond to the unique reality of ITS at the University of Toronto. a. Need for a central ITS unit There was early consensus that there is a need for a central group mandated to make assessments and recommendations regarding institutional ITS. The central group should have clear authority with respect to core ITS that are delivered at the institutional level (i.e., ROSI, AMS and CNS). The group should also be charged with the development of standards that would establish the institutional framework within which divisional ITS works. The process by which decisions regarding institutional services are reached and standards that govern divisional services are set has to be open and transparent and clearly engage all divisions and the academic leadership of the University. However, a central group is necessary to drive and coordinate both activities. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 9 b. Leadership - Creation of a ‘CIO’ position It is also clear that this central group must have a leader. In most environments this individual would hold the title of Chief Information Officer (CIO).6 There are some individuals who hold the view that such a title is not appropriate for our environment. The Committee observes that much has evolved in the realm of ITS since we last had an individual hold the title of CIO at this institution. In the current context the Committee is of the view that this is the appropriate title for the leader of ITS at the University. This leader should hold a senior rank, at a minimum the equivalent to that of an Assistant Vice-President, although not necessarily with that title. The individual should have direct access as necessary to the President and senior leadership of the University, including taking part in the PVP (President and Vice-Presidents) table so that the perspective of ITS can be applied to all issues considered by the institution. Participation as a member of PVP is seen as critical to the Committee in ensuring that ITS issues and perspectives are considered in all planning and decision-making for the University. The Committee deliberated whether the position of CIO should include management of technology services. At some institutions the CIO position has been separated from that of a Chief Technology Officer. There is some evidence that this model does not necessarily enable the recruitment of the best individuals for either position. An effective CIO, in order to deliver on the expectations outlined below, will need the resources to develop strategy proposals for consideration by University leadership, and the ability to effect the changes required across the central services. In the Committee’s view having oversight and accountability for those services is necessary. The Committee considered the appropriate reporting pathway for the CIO. One option is for the CIO to report directly to the President. This has the advantage of sending a clear message that ITS is one of the core pillars of the institution. Given the many internal and external responsibilities of the President, while there may be a status advantage, the area may actually get less attention than it requires. Another option is for the CIO to report to the Vice-President and Provost. The advantage of this reporting relationship is that it would send a clear signal that ITS undergirds our scholarly and teaching mission (similar to the logic of having budgetary responsibility rest with the Vice-President and Provost). 6 Other possible titles include, but are not limited to: Assistant Vice President, Computing and Information Systems; Assistant Vice President; Computer Services and Information Systems; Assistant Vice President and Chief Information Officer; Assistant Vice President, Information Services and Resources; Assistant Vice President, Information Technology Services; Assistant Vice President Information Technology Services; Assistant Vice President, Information Services and Technology; Assistant Vice President, Planning and Information Services; Chief Information & Planning Officer; Vice-Provost, Information Technology Services; Associate Provost and Director of University Technology Services; Associate Provost, Computing and Information Resources; Associate Provost, Information and Technology Services _____________________________________________________________________________________________ ITS Review Report October 2007 Page 10 The Committee also discussed whether it was necessary for the CIO to hold an academic appointment. Some members felt that this was necessary in order (1.) to assure faculty members that the CIO fully understood their particular needs, and (2.) to enable maximum responsiveness and new ideas (due to the term nature of academic administrative appointments). Others hold the view that the CIO should be a senior Professional/Managerial staff member who will be able to provide continuity in leadership. On the whole the Committee felt that what was most important was that the ‘right person’ was chosen, rather than setting an absolute requirement for the specific academic qualifications. Importantly, the CIO should come into the position with an understanding that s/he will play a critical role in enabling the University to realize its strategic goals and objectives and that s/he will be a participant in the senior decision-making bodies. c. Mandate of CIO The Committee recommends that the mandate of the CIO includes the responsibility for: • Strategy and planning for ITS across the University o Vision o Planning and priority setting process o Capital planning and budget for ITS • Policy and standards development and implementation • Leadership and management of Central ITS (currently SIS, AMS, CNS) o Planning, design, development, implementation, operations and maintenance of applications used across the university • Coordination of ITS among major providers, e.g. Library, Divisional services, and facilitation of information exhange • Coordination of the expertise of ITS personnel across the institution d. Process owners The Committee also noted that each of the major systems should have a clearly designated process ‘owner’ at a VP or AVP level, for example, the Vice-President, Human Resources and Equity is the owner for HRIS. The process ‘owner’ should be able to clearly identify priorities for their service and work with the CIO in ensuring that the services are delivered in an appropriate manner. The system owner is accountable for ensuring that the system is designed to serve the needs of all of the users. In addition, every management table should have ITS as a standing issue. For example, the Human Resources Management Board (HRMB), should discuss ITS issues related to HRIS. It is essential that attention to ITS be woven through all of the institutions management structures. Recommendations for priorities for development of particular services should come forward with support from the group that provides advice on that entire management area. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 11 e. Service oriented operation Over time, the organization of central ITS should shift from being systems-oriented to serviceoriented, e.g., a development group, a technical operations group, a help centre. This should enable improvements in quality and efficiency of services. Any changes of this nature would need to be carefully considered through the appropriate consultative processes. 5. Committee Structure The Committee observes that the University has a history of different types of committees for decision processes on IT. While these structures have worked at times in recent years they have not been seen as fully functional. As the reorganization of services is completed a review of the membership and terms of reference for these various committees will be necessary. Given the management and organizational structure as described in the previous section, a senior level committee that engages the major portfolios and divisional ITS will be required. This committee, necessarily chaired by the CIO, would be responsible for reviewing strategy and plans for ITS and recommending major IT investments through the budget processes that are being developed at the University. Significant IT decisions (e.g., major central system upgrades) would be considered by P&D and PVP based on recommendations from this level of committee. The senior committee should establish appropriate sub-committees to advise on specific services. These sub-committees, chaired by the CIO, should be user oriented and functionally based, rather than established around specific services. The committees should appropriately engage the academic divisions which are ultimately responsible for delivery of the University’s programs. Importantly, as ITS are integral to the academic mission of the University, the CIO should work closely with both Principals and Deans (P&D) and Principals, Deans, Academic Directors, and Chairs (PDAD&C) to ensure that the ITS vision, strategy, priorities, and implementation meet the requirement of and mesh appropriately with the academic priorities of the divisions. 6. Summary of Recommendations 1. Establish a central group that has authority and the ability to make assessments and recommendations regarding institutional ITS, and that has clear authority with respect to core ITS that are delivered at the institutional level (i.e., SIS, AMS and CNS). 2. The central group should be led by a Chief Information Officer (CIO) who holds a senior rank (minimum of equivalent to Assistant Vice-President), reporting either to the President or to the Vice-President and Provost. 3. Create a senior level ITS committee, chaired by the CIO, with a mandate to: a. Review strategy and plans for ITS; b. Recommend major IT investments; and c. Establish appropriate sub-committees as necessary. _____________________________________________________________________________________________ ITS Review Report October 2007 Page 12
© Copyright 2024 ExpyDoc
