IT Control as part of Philips’ corporate IT

(1)

IT Control as part of Philips’ corporate IT

governance

A theoretical approach

By

Laurens H.J. Bushoff

March 2004

University of Groningen, The Netherlands Faculty of Business Administration

Supervisors

Prof. dr. E.W. Berghout Faculty of Economics University of Groningen Drs. D.J. Schaap

Faculty of Business Administration University of Groningen

(2)

Drs. A. van Gils

Managing director C/IT control department Royal Philips ElectronicsPreface

Preface

In order to graduate for my Study ‘Business Administration’ at the University of Groningen, I started my graduation assignment in September 2003. I was provided the possibility to do a graduation assignment at Royal Philips Electronics in Eindhoven. Special thanks go out to my uncle Ton Ruhé, because he arranged the first contact between Philips and myself that led to this assignment. I am very grateful for his effort.

The assignment took place at the Corporate IT control department within Philips. I was supervised and supported by the general manager of this department, Alfred van Gils. I would like to take this opportunity to thank Alfred for his time and support during the graduation process.

Despite his busy schedule, he always found time to support me. His input was very instructive to me.

The wide subject for the assignment provided me the opportunity to learn a lot about the way of working at a corporate department, like Corporate IT, within a multinational. I was surprised by the complexity of the organizational structure on the one hand and sometimes the simplicity of decision making on the other hand.

Prof. dr. Egon Berghout and Drs. Dick Schaap provided the input of the University of Groningen for this assignment. Egon’s theoretical insights and knowledge about the subject were very useful and constructive.

The support of Dick Schaap primarily concerned the overall structure of this paper and kept me on the right track. I would like to thank Egon and Dick for their effort and time they put into this assignment. It was very pleasant working with both of them.

Finally, I would also like to thank my family and friends who supported me during the assignment from start to finish.

In front of you lies the final report that presents the results of my graduation assignment. I hope you will enjoy reading this paper.

(3)

Laurens H.J. Bushoff March 2004

Management summary

This research paper reports about the results of a graduation assignment at Philips’ Corporate IT (=C/IT) control department. The C/IT control department of Philips, deals with the problem that there are doubts about the sufficiency of the financial and managerial control instruments for IT control as part of the IT governance task. Do the instruments in place provide the right level of control and do they provide sufficient basis for top-level control on IT? The objective for the assignment is to test the sufficiency of Philips’ IT control framework against to be defined theories about IT control. The main question for the assignment is:

‘Does the corporate IT control department of Philips provide sufficient control on IT at top-level of Philips, according to appropriate theories?’

In order to answer the main question, IT governance and IT control within top-level of Philips are described. Theoretical insights about IT governance and IT control provide a basis to analyze and judge IT control at top-level of Philips.

The Philips governance model for IT differentiates non business-specific infrastructure and services and business-specific infrastructure and services. The C/IT department is responsible for provision of the non business-specific infrastructure, infrastructure services and solutions shared by two or more PD’s. Business specific IT does not fall within the scope of the assignment. The C/IT department consists of the Office of the CIO and the General Service Unit for IT. The C/IT control department is part of the Office of the CIO and is responsible for control on IT at Philips level and control on IT within the Office of the CIO. The primary tasks for IT control at Philips level consists of reporting on IT costs of the enterprise to the Board of Management and execute internal control at Philips level. The responsibility of the C/IT control

(4)

department within the Office of the CIO consists of a traditional controllers function for operational IT projects that are executed within the C/IT department. The main controls to execute their responsibility for the C/IT control department are depicted in a so-called IT control framework. The IT control framework consist of ‘financial instruments’,

‘management reporting on IT’, ‘financial reporting on IT’,

‘benchmarking’ and ‘internal control’.

In order to put IT control in a wider perspective, IT governance is discussed according to the theories of the IT Governance Institute (=ITGI), Earl, Luftman and the US General Accounting office. The ITGI provides five main areas for IT governance, namely:

• IT strategic alignment • IT risk management

• IT value delivery • IT performance

management

• IT resource management

Earl describes IT governance according to the planning of IT, the organization of IT and controlling IT. Luftman’s model describes about the maturity of the alignment of IT with the business and the US General Accounting Office about the alignment of the investment management process. The theory of the IT Governance Institute provides the most complete framework to describe IT governance.

Therefore, the main areas of the ITGI will be taken into account for further discussion about IT control. However, the area for IT performance management is not taken into account because this area is only appropriate for management of the other areas.

IT control is discussed according to the same theories as for IT governance. In addition, the theory of the IT Balance Score Card is also taken into account. It must be said that specific theories for IT governance and IT control are hard to find and that both areas are theoretically still in development have not yet been crystallized. The theories of Luftman and the US General Accounting Office do not provide the right basis to define what should be managed for proper IT control. The theories of the ITGI, Earl and the IT Balance Score Card provide better insight in IT control. However, the theory of the ITGI is the most complete theory that describes what to manage for proper IT control. The theory assumes that all IT governance areas of the ITGI should be controlled and it defines a framework (the CoBiT framework) to control IT and to manage the IT governance. Earl’s theory is more strategic and focuses IT control primarily on financial aspects.

Besides the conclusion that specific theories about IT governance and IT control are hard to find, are still in development and have not yet been crystallized, it can be concluded that the theory of the ITGI is the most complete theory to manage IT governance and IT control on top-

(5)

level of an organization. For other conclusions about the sufficiency of IT control within the C/IT control department, a division is made between conclusions for IT control at Philips level and conclusions for IT control within the Office of the CIO.

About IT control at Philips level, it can be concluded that the reporting about IT towards the Board of Management is formalized. The quarterly report primarily includes information about IT costs based on traditional finance and accounting metrics. The focus of the quarterly report is not on non-financial aspects. The non-financial aspects are reported in various formats by different people to different audiences. The report doesn’t include external ratio analysis, only analysis based on internal data. Another problem with the report is that the cost category for business applications is too broad, which does not provide enough clarity in a big part of the IT costs. The interpretation about the purpose of the report also differs. On top-level the report is interpreted as a control tool, while product divisional level primarily considers the report as a reporting tool. It must be said that the internal control framework at Philips level is well organized. Finally, a conclusion can be made about IT asset management. A local approach for IT asset management prevails above a company wide approach. At corporate level there are no specific policies and procedures in place for company wide IT asset management.

Concerning the operational tasks of the C/IT control department, two main conclusions can be drawn. The first conclusion concerns the process of project appraisal. The process of project appraisal is too standardized and does not recognize different appraisal techniques for different projects. This could have negative influence on the efficiency of the process. Another conclusion about the operational tasks is that the evaluation process within the C/IT control department is not well defined within the IT governance structure. At corporate level IT value delivery is managed limited. Projects are managed primarily on costs and not on benefits.

Chapter 1 Introduction and research set-up

This chapter consists of three parts. The first part of this chapter, paragraph 1.1, addresses the context of the conducted research with a brief introduction of Royal Philips Electronics and the scope of the

(8)

assignment. The second part, paragraph 1.2, will address the specific problem statement for the assignment and an additional conceptual model. Finally, a research design is provided in paragraph 1.3.

1.1 Research context

1.1.1 Introduction of Royal Philips Electronics

Royal Philips Electronics of the Netherlands is one of the world's biggest electronics companies with sales of EUR 29 billion in 2003. It is a global leader in color television sets, lighting, electric shavers, medical diagnostic imaging and patient monitoring, and one-chip TV products.

Its 164,500 employees in more than 60 countries are active in the areas of lighting, consumer electronics, domestic appliances, semiconductors, and medical systems. Philips is quoted on the NYSE (symbol: PHG), Amsterdam and other stock exchanges.

Philips is based on a divisional structure and is organized in five relatively autonomous product divisions (=PD’s), namely Lighting, Consumer Electronics, Domestic Appliances and Personal Care, Semiconductors, and Medical Systems. Each PD has its own ‘staff departments’ like Strategy, Finance, Human Resources, Logistics, etc.

The business activities are organized through the PD’s, businesses, regions and countries (figure 1.1).

Figure 1.1: Organization scheme Philips¹

The board of Management (BoM) manages Philips, under supervision of the Supervisory Board. The BoM is collectively entrusted with the management of Philips and the general direction and strategy of the Philips group as a whole. The BoM is supported in carrying out

1 http://pww.philips.com

(9)

corporate functions and managing its core processes by the Corporate Staff Services that is primarily located in the corporate headquarters in Amsterdam. The Supervisory Board supervises the policies of the BoM and the general course of the business, advises the BoM and has to approve major decisions.

One of the corporate staff services is the Corporate IT (=C/IT) department. The C/IT department is subject for this assignment. The C/IT department consists of the General Service Unit for IT and the Office of the CIO, which will be discussed in the next chapter.

1.1.2 Scope of the assignment

The scope of this assignment is IT within Philips. IT within Philips is not a primary process and is considered to be a service to support other business processes within the organization. Philips determines about 100.000 desktops worldwide. IT in Philips comprises the application of technology to commercial, financial and industrial business processes.

This includes IT for:

• Business information systems

• Supporting tools and applications

• Office automation and personal computing

• Communications and processing

• Technical infrastructure

Excluded are all activities related to software engineering, embedded software, robots etc. These costs are business specific and do not fall within the scope of this assignment. The Philips governance model for IT differentiates non business-specific infrastructure and services and business-specific infrastructure and services. The C/IT department is responsible for provision of the non business-specific infrastructure, infrastructure services and solutions shared by two or more PD’s. The department is responsible for ensuring that these services are available across geographic and organizational boundaries. Corporate IT, in consultation with PD’s and businesses, designs and procures the products and services that constitute the common infrastructure in their organization. Non business-specific infrastructure and services are standardized across Philips. The standardization facilitates multinational, cross-organizational working and adoption of new technologies and products. It eliminates duplication of effort and helps to contain costs.

Business-specific infrastructure and services are specifically designed to support the needs of a particular business. Their design and implementation is the responsibility of the Product Divisions or Business Units.

(10)

Philips operates on low margin prizes, so managing costs (i.e. IT costs) is very important. Philips spends about 1.3 Billion Euro (actual 2003) annually on IT worldwide. About 60% is spent on business specific IT and the other 40% are spent on generic IT. The 60% business specific IT costs primary consists of business applications costs. The generic IT costs comply with other IT costs components. The next table (figure 1.2) depicts Philips’ IT costs per cost component to provide insight in how the IT costs are distributed. The table presents the actual 2003 figures.

Figure 1.2: Philips’ IT costs per cost component (actual 2003)²

The IT costs are also categorized into various categories like cash and capital expenses, depreciation, capitalization, internal charges and allocations of non-IT components to IT costs. The costs components and categories are of importance for this assignment, because in a way they represent the financial results of the IT control process. Their classification might even be part of the control process.

Although more than 80% of the total IT expenditures take place within the Product Divisions, the C/IT department has worldwide responsibility for IT costs and IT performance, and reports to Philips’ Board of management. To control Philips’ IT, there are a multitude of financial and managerial instruments in use like cash flow statements, balance sheets, NPV’s, benchmarking, transfer pricing models etc. Within Philips the set of financial and managerial instruments to control IT are put together in a so-called ‘IT control framework’. For effective and efficient top level control on IT, it is important that the IT control framework is in balance with the IT governance model of Philips.

This assignment is about the IT environment within Philips. It is about the C/IT department and the C/IT control department in specific. How they can or should manage IT control in order to control the IT costs.

2 Philips C/IT control department, IT cost reporting 2003, Eindhoven, 2003

Amounts in millions (Euro) Actual 2003

Total -1.288.5

Business Applications – operations -513.8 Business Applications – new development -206.5 Costs of network applications -62.2 Costs of Wide Area Network services -59.2

Desktop -124.7

Local Area Networks -87.4

Cost of telecomm. Services -105.0

Other IT/Comm. costs -77.8

Undivided IT/Comm. Costs -51.9

(11)

1.2 Problem definition and conceptual model

To define the scope in clear targets and main questions for the assignment, a problem statement will be given in paragraph 1.2.1 Paragraph 1.2.2 will provide and explain the conceptual model for the assignment.

1.2.1 Problem statement

Philips, the C/IT control department in particular, deals with the problem that there are doubts about the sufficiency of the financial and managerial control instruments for IT control as part of the IT governance task. Do the instruments in place provide the right level of control and do they provide sufficient basis for top-level control on IT?

The objective for the assignment is to test the sufficiency of Philips’ IT control framework against to be defined theories about IT control. The outcomes will be used to formulate a statement of opinion and to make recommendations for Philips.

To achieve the objective, the main question for the assignment is formulated as:

‘Does the corporate IT control department of Philips provide sufficient control on IT at top-level of Philips, according to appropriate theories?’

Several terms of the problem statement need to be defined for better understanding. With ‘IT control’ the use of financial and managerial instruments to control IT are meant in relation with the IT governance of Philips. The sufficiency will be measured and determined by requirements of Philips and theoretical data. Sufficient control on IT, in the context of this paper, means that Philips’ IT control framework reflects to be defined theoretical insights about IT control. The term

‘top-level’ refers to the enterprise level and the corporate level. The PD level and/or any lower hierarchal level, do not fall within the scope of this assignment.

Since the main question has been defined, it is important to split the question into sub-questions. The sub-questions split up the assignment into manageable pieces. When all sub-question are answered, an answer to the main question can be formulated.

Sub-questions:

1) How is the IT environment managed at top-level of Philips?

2) How does Philips’ Corporate IT control department deal with IT control at top-level of the organization?

3) What should be managed with IT governance according to different theoretical perspectives?

(12)

4) What should be controlled according to different theoretical perspectives on IT control?

5) To what extent does IT control at top-level of Philips reflect the theoretical findings about IT control?

6) What can be concluded and recommended about IT control at top-level of Philips?

1.2.2 Conceptual model

Figure 1.3 depicts the conceptual model for this assignment. The figure intends to depict the relation between the various sub-questions of this assignment. The first sub-question, about the IT environment within top- level of Philips, complies with the IT governance element within the model. The IT governance provides rules and procedures and determines resources in order to support IT control by the C/IT control department. In other words, the IT governance provides a structure that is required to manage IT control. The IT control process of the C/IT control department complies with the second sub-question of this research. The third and fourth sub-questions reflect to the theoretical elements about IT governance and IT control in the model. The IT control process within the C/IT control department will be analyzed and judged according to theoretical findings about IT control (this reflects to the fifth sub-question). To put IT control in a wide perspective, theoretical insights about IT governance will be taken into account.

However, this will not be the focus and is only meant to support analysis and judgments about IT control. The conclusions and recommendations for this research are primarily focused on IT control and reflect the last sub-question.

Figure 1.3: conceptual model Analyze & judge

IT governance of Philips at top-level

IT control by the C/IT control department

IT control according to appropriate theories IT governance according to appropriate theories

Conclusions &

recommendations

Manag Require Manag Require

(13)

1.3 Research design

This paragraph will provide a structure for this research paper to provide an answer to the main question and sub-questions that are mentioned in the previous paragraph. The research setting will also be addressed.

1.3.1 Research structure

In order to provide an answer to the main question of this research, this paper will be divided into three parts. Part one describes the situation at Philips. Part two will provide theoretical insights. And finally, part three will analyze the situation at Philips (part 1) according to the theoretical insights (part 2), and will address conclusions and recommendations.

The sub-questions for this research will be discussed in different chapters. This chapter provides an introduction and a research set-up.

The second chapter describes the IT environment of Philips. The IT environment of Philips will be described in order to make clear how IT is being managed at top-level of the organization. The third chapter will focus specifically on IT control within Philips. It explains about the C/IT control department and its tasks and responsibilities. Philips’ IT control framework will also be addressed and explained. Next, in chapter four, the theoretical insights about IT governance will be discussed according to different theories to put IT control in a wider perspective.

IT control itself will be discussed according to different theories in chapter five. The findings of chapter four and five will be analyzed and discussed in relation to Philips’ IT control situation in chapter six. Finally, conclusions and recommendations will be made about the sufficiency of IT control at top-level of the organization in chapter seven.

The structure for this research, as described above, is depicted in figure 1.4.

Research set-up IT within Philips

IT control within Philips

A theoretical perspective on IT governance A theoretical perspective on IT control

Theoretical perspectives on IT control at top-level of Conclusions and recommendations

Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Introduction

Part 1

Part 2

Part 3

(14)

Figure 1.4: Research design

An additional remark should be made. Part one is totally independent of the second part. The IT environment of Philips (chapter 2) and IT control within Philips (chapter 3), are described independently to the theoretical insights about IT governance and IT control (chapters 4&5).

This means that the theoretical knowledge about IT governance and IT control is not taken into account by addressing Philips’ IT environment and IT control.

1.3.2 Research setting

The following information concerns the setting for this research:

• The assignment will take place within Philips’ C/IT Control department.

• The assignment started at 1 September 2003 and ended on 1 April 2004.

• The final deliverables are:

1) A report to Philips’ C/IT control department

2) A report for the University of Groningen that meets the standard graduation requirements.

• The final report only contains information that is allowed by Philips to be published.

• The report should deal with appropriate issues of the courses ‘B- ICT’ and ‘Financial Value Management’ of the main study Business Science.

• This research paper will not provide a complete redesign for Philips’ IT control framework. The paper only reports about the results of a theoretical review.

• The supervisor of Philips for this assignment is Drs. A. van Gils, managing director of the Corporate IT control department.

• The supervisors of the University of Groningen for this assignment are Prof. dr. E.W. Berghout and Drs. D.J. Schaap.

(15)

Part 1

Philips’ IT environment and IT control department

Chapter 2 Philips’ IT environment & IT cost

structure

(16)

This chapter intends to describe the IT environment at top-level of Philips, in order to support statements about the sufficiency of IT control within top-level of Philips. This chapter provides an answer to the first sub-question for this research.

‘How is the IT environment managed at top-level of Philips?’

Additional to the sub-question, the IT cost structure will be discussed.

Information about the IT cost structure is important because IT control has a clear link with IT costs. This link will become clear due to the rest of this paper.

First, it is important to explain the term ‘IT’ more explicitly to better understand what Philips considers with IT in the context of this research.

This will be done in paragraph 2.1. The IT environment at top-level of Philips will be addressed by describing the C/IT department within Philips in paragraph 2.2. The C/IT department will be described by addressing the most important boards and committees for IT, the Global Service unit for IT and the Office of the CIO. Finally, paragraph 2.3 will provide information about the IT cost structure within Philips.

All the information within this chapter originates from Philips. The information is among other things derived from the corporate IT directives of 2002, the Philips intranet and relevant company documents.

2.1 IT according to Philips

This paragraph intends to make clear what is meant with ‘IT’, according to Philips’ principles, within the scope of this research. The explanation will be based on Philips’ corporate IT directives of 2002. IT within Philips comprises the application of technology to commercial, financial and industrial business processes. This includes IT for:

• Business information systems

• Supporting tools and applications

• Office automation and personal computing

• Communications and processing

• Technical infrastructure

IT, as described above, could be business specific IT or non-business specific IT. The distinction between non-business specific IT and business specific IT originates from the mid nineties, when Philips decided to split the increasing infrastructure activities into generic and business specific IT activities. Since that moment, Philips has used the term ‘IT’ instead of

‘infrastructure’. Non business-specific IT of Philips consist of:

• Technical infrastructure, including the Philips Global Network (=PGN), the communication and collaboration environment and the desktop environment

(17)

• Information infrastructure, including the management of corporate data

• E-business applications common across two or more PD’s

• Strategic control, including cost and quality control and IT- Management Development

Non-business specific infrastructure and services are standardized across Philips. The standardization facilitates multinational, cross- organizational working and adoption of new technologies and products. It eliminates duplication of effort and helps to contain costs.

Business-specific infrastructure and services are specifically designed to support the needs of a particular business. Their design and implementation is the responsibility of the PD’s or other business units.

2.2 The C/IT department of Philips

As mentioned in the previous paragraph, the distinction between non- business specific IT and business specific IT is of great importance for the IT governance at top-level. The IT governance within Philips determines that non-business specific IT is managed at corporate level and is the responsibility of the C/IT department. Business specific IT activities are the responsibility of the PD’s but are not relevant to discuss according to the determined scope of this research, though the cost reporting about business specific IT do fall within this scope while C/IT is responsible for complete cost reporting on IT within Philips.

The C/IT department is a very important part within Philips’ IT governance structure. The department is responsible for provision of the non business-specific infrastructure, infrastructure services and solutions shared by two or more PD’s. They are responsible for ensuring that these services are available across geographic and organizational boundaries. Corporate IT, in consultation with PD’s and businesses, designs and procures the products and services that constitute the common infrastructure in their organization. The mission of the C/IT department is to optimize the value of Philips’ IT investment through provision of common standardized, cross-business IT infrastructure and services, supporting the strategies of a flexible portfolio of businesses for minimal cost at corporate level. The vision is to ensure state of the art IT infrastructure and services, globally available, at lower than market costs, with functional leadership for IT focused around four IT domains.

The alignment for top-level IT within Philips is supported by several boards and committees. Sub-paragraph 2.2.1 will address the most important boards and committees for IT. Furthermore, the C/IT department has two standing organizations (see figure 2.1). One manages the Global Service Unit for IT services (=GSU for IT) to all countries and organizations. The second constitutes the corporate IT

Corporate IT Department

(18)

function: the Office of the CIO. Both will be discussed in sub- paragraphs 2.2.2 and 2.2.3.

Figure 2.1: organization chart C/IT 2003³

2.2.1 IT boards and committees

Several boards and committees for IT at different hierarchal levels are determined within top-level of Philips (figure 2.2). Within the scope of this research, the following boards and committees are determined:

• The IT steering committee;

• The IT policy board;

• The global and regional customers meeting;

• The CIO meeting;

• The domain boards;

• The IT architecture board.

The compilation and responsibilities of these committees and boards will be discussed respectively.

The IT steering committee is chaired by a vice chairman of the Board of Management. Together with the CEO’s of the product divisions, Philips’

CIO and a representative from Research, they are responsible for the alignment of the long-term enterprise IT strategy with the long-term strategy of the business. The IT steering committee meets three times a year and they confirm decisions that are put forward by the IT policy board. The IT policy board is responsible for approving Philips’ IT strategy and makes decisions on IT projects with high financial impact.

The members of the policy board consist of the CIO’s of the product divisions, the Philips CIO, representatives of Research and the Corporate Center and are also led by a vice chairman of the Board of Management. They meet 4 times per year. The IT policy board will also meet 2 or 3 times per year to specifically discuss IT services. They will determine the service portfolio and the service tariffs, and monitor service delivery in terms of costs, quality and customer satisfaction.

These meetings constitute the global and regional customer meetings.

The Philips CIO, the CIO’s of the PD’s and the Research CIO together constitutes the CIO meeting. This meeting is chaired by the Philips CIO and meets 8 times per year. The CIO meeting is responsible for the

(19)

development and deployment of Philips’ IT policy regarding strategy, organization and management development, the technology direction, the enterprise architecture, innovation programs and service portfolio. They also monitor the service delivery of the General Service Unit for IT, assess quality and risks in organizations and monitor IT costs.

Figure 2.2: IT boards and committees⁴

Other relevant boards are the domain boards. The IT domain boards prepare strategy, policies, directives and standards to the CIO meeting/IT policy board and will deploy them after agreement. Their objective is to ensure consistent development of Philips’ IT strategy through effective steering of programs within their area of responsibility.

They represent all business interests in order to maximize alignment with business priorities. They are composed of representatives from the PD’s, the corporate IT innovation programs and IT services, and are chaired by an IT domain manager. Finally, the IT architecture board

4 http://pww.philips.com IT STEERING COMMITTEE

Chair: Vice Chairman BoM Members: PD-CEO’s, Research, Philips CIO

Three Meetings/Year

IT POLICY BOARD Chair: Vice Chairman BoM

Members: PD -CIO’s, Research, Cor p. Centre, Philips CIO

Four Meetings/Year

CIO MEETING Chair: Philips CIO

Members: PD-CIO’s, Research-CIO Eight Meetings/Year

Define & Deploy:

-Strategy -Organization/MD -Technology Direction -Enterprise Architecture

-Innovation Programs -Service Portfolio Monitor Service D elivery

Assess Q uality/Risks Monitor IT Costs

Make decisions on operational level Make decisions on subjects with

strategic and/or high financial impact.

Business O wnership / Alignment

Make/confirm decisions put forward by the IT Policy

Board IT STEERING COMMITTEE

Chair: Vice Chairman BoM Members: PD-CEO’s, Research, Philips CIO

Three Meetings/Year

IT POLICY BOARD Chair: Vice Chairman BoM

Members: PD -CIO’s, Research, Cor p. Centre, Philips CIO

Four Meetings/Year

CIO MEETING Chair: Philips CIO

Members: PD-CIO’s, Research-CIO Eight Meetings/Year

Define & Deploy:

-Strategy -Organization/MD -Technology Direction -Enterprise Architecture

-Innovation Programs -Service Portfolio Monitor Service D elivery

Assess Q uality/Risks Monitor IT Costs

Make decisions on operational level Make decisions on subjects with

strategic and/or high financial impact.

Business O wnership/

Alignment

Make/confirm decisions put forward by the IT Policy

Board

(20)

encourages integration of the diverse architectures underlying both different IT domains and the IT environments of the businesses.

2.2.2 The General Service Unit for IT

The General Service Unit for IT (=GSU) within Philips delivers a portfolio of IT services of agreed levels of quality at (below) market prices to Philips businesses. The GSU is responsible for ‘service management’, which includes contract management, service level management, and demand management. They are also responsible for management of

‘service improvement projects’. The portfolio of the GSU will be decided by the IT Policy Board and designed by the office of the CIO.

The GSU does not perform any R&D activities themselves. Neither do they initiate service projects. The GSU works on a demand and supply basis. They fully operate on behalf of the internal Philips organizations, based on an optimal customer alignment. The service portfolio supports the needs of Philips’ businesses for technical and information infrastructures and standard applications. The portfolio for the long term includes generic IT infrastructure services, common core application services and application services for business applications on request of the businesses. The vision of the GSU is to be a professional customer centric internal IT services management &

delivery organization.

The GSU functions as a non-profit organization. The income for operations (=IFO) is zero. This means that all costs, about 28% of the total IT costs, will be recovered via service tariffs. Tariffs are based on uniform tariff structures. Local tariffs will be applied for local services.

Service delivery is coordinated centrally but executed at global, regional and local level. This depends on the characteristics of the service.

(21)

Figure 2.3 provides insight in the organizational structure for the GSU.

The department for customer alignment, organization & processes and a department for finance, support the GSU at the corporate level of Philips.

Figure 2.3: organization scheme IT GSU⁵

The ‘global infrastructure services’ distinguishes five main service activities. These are CODE/EMI, DIAMOND, PGN, Datacenters & e- business and Security. CODE/EMI stands for Common Desktop and Enterprise management infrastructure. The CODE program standardizes all the key elements, hardware, software and services, within one global enterprise management infrastructure. DIAMOND is short for Deploying Intranet, Applications and Messaging On Notes Domino. The DIAMOND program provides these services on the global infrastructure and are available to all desktop users, company wide. The Philips Global Network (=PGN) is the wide area network component of the IT technical infrastructure, interconnecting its processing facilities. The datacenters support e-business activities with the objective to speed up the availability of solutions, preventing technology proliferation and containing costs. Finally, the IT security program puts procedures in place to determine which user can legitimately be granted access and their level of authorization.

The services are produced and managed all over the world. The GSU makes a distinction between six IT service regions. The six regions are Asia, Benelux, Latin America, Mid & East Europe, West & South Europe plus Africa and North America. Each region consists of several clusters and countries. At each geographic level, there are managers who are responsible for one of the infrastructure service areas mentioned above or another application service area (figure 2.4).

General Service Unit for

IT Customer alignment,

organization &

processes

Finance

IT service regions Global

infrastructure services

Service region

(22)

Figure 2.4: organization chart regions⁶

2.2.3 The Office of the CIO

The Office of the CIO is responsible for optimizing the value of Philips’ IT investments through providing an environment that fully supports the needs of the PD’s at a minimal cost. The Office of the CIO consists of four facilitating departments and four functional domain boards (figure 2.5).

Figure 2.5: organization chart Office of the CIO⁷

The facilitating departments are IT purchasing, IT-control, IT-HRM and IT- governance. The IT control department demands special attention and will be discussed in more detail in the next chapter because this office is responsible for the main issues concerning IT control within Philips. The other three departments will be discussed below, starting with the IT purchasing department.

The IT Purchasing department provides purchasing knowledge and expertise to IT services, programs and projects. For this they use specific process expertise, supply market expertise, negotiation knowledge &

skills and contracting knowledge & expertise. In addition to their support for corporate IT, IT Purchasing contributes to the Office of the CIO by providing functional leadership and support to the PD’s, as well

6 http:://pww.philips.com

7 http:://pww.philips.com

Office of the CIO

IT Purchasing

IT HRM/MD

IT control

Enterprise IT architecture Enterprise

computing infrastructur

Enterprise applications Enterprise

comm. &

collaboratio IT

Governance

(23)

as to the Regions and Countries. IT purchasing is responsible for three key areas. These area’s are:

1) Managing and facilitating a global IT purchasing network, including scheduled meetings with the PD and Region/Country representatives.

2) Making agreements on strategies and policies in order to optimize leverage of Philips’ IT spend.

3) Installing and managing Supply Base Management Teams responsible for key spend areas.

As part of IT Purchasing, the Corporate IT License Desk contributes to Philips-wide software asset management. The License Desk handles software licenses for which corporate agreements have been signed with vendors and for which business specific registration tasks are required. They also handle software licenses that are not part of Philips Corporate IT programs.

Another department is IT HRM/MD. Management Development (=MD) within Philips is part of the human resource excellence program. There is an increasing interest in structuring MD and developing operational tools to support it. C/IT rebuilds the MD-function within IT in line with the corporate policy. In the last five years, the importance of IT as an enabling and supporting function has been considerably increased and the business has recognized the importance of developing and maintaining IT skills. Business groups are building up their own competencies to support business processes improvement. C/IT is strengthening its worldwide capability, to provide a standardized IT infrastructure and services. The purpose of the IT-MD program is to develop tools to support and facilitate MD and implement it in a systematic way.

The third department is IT governance. The fact that Philips distinguishes a specific IT governance department within the Office of the CIO, makes clear that Philips uses a much more specific definition for IT governance than is being used to construct this chapter. More attention will be paid to this issue later on in this paper. The IT governance department deals with strategy in the form of the so- called ‘Business Management Support (=BMS) program’. The activities of BMS cover issues such as the IT impact on and alignment with:

• Business strategy,

• IT architectures supporting business processes,

• IT management processes,

• IT projects which have a high impact on the business and

• IT costs benchmarks in the common core reporting.

(24)

The program aims to retain the focus on the Business Balanced Scorecard and benchmarking and uses the results to redesign and streamline key areas of the business. This is as critical for IT as for other parts of the business. BMS supports businesses in enabling business excellence through maximizing the value of IT investments and improving the effectiveness and quality of IT management.

The Office of the CIO consists of four functional IT domain boards:

1) Enterprise Computing Infrastructure 2) Enterprise IT Architecture

3) Enterprise Applications

4) Enterprise Communication & Collaboration.

The objective of the IT Domain Boards is to ensure development and deployment of Philips’ IT vision and strategy. This is done by effective steering of programs within the area of responsibility of the domain boards. The domains provide functional responsibility for IT at corporate level as well as technology innovation in order to realize an 'IT enabled' Philips. They help to define the portfolio of program groups for the Office of the CIO and are responsible for their strategic direction setting. Each domain board will be discussed respectively.

The Enterprise Computing Infrastructure domain (=ECI) is a core element of the Philips enterprise-wide IT infrastructure. The ECI is responsible for providing a world-class standardized technological infrastructure that contains costs associated with diversification. At the same time, the business needs of Philips' internal customers must be met. Enterprise Computing Infrastructure will provide a secure global IT infrastructure to support Philips' enterprise business requirements. ECI encompasses Client Infrastructure Management, Local Area Network (LAN), Authentication, Data center infrastructure, Security programs and related services.

The Philips enterprise IT architecture tightly coupled with the business is becoming increasingly important. It is the Enterprise IT Architecture boards' vision that over time Philips’ IT decisions will be governed by an enterprise-wide IT architecture that will deliver quantifiable and measurable contributions to the company's bottom line. The strategy is to transform the current situation into a new integrated architecture, with a focus on non-business specific IT architecture content.

The Enterprise Applications domain comprises the Philips’ Intranet, E- business Tooling, Philips.com and Enterprise Application Integration programs. These are combined with the functional activities from the corporate departments Control, Treasury, Purchasing and Legal.

(25)

Enterprise Application, in conjunction with PD and corporate functions, will combine and standardize the various application initiatives of the businesses and corporate functions into an overall Philips IT Application Architecture. By centralizing the provision of business application services, the application portfolio can be streamlined adopting standard functional applications.

The Enterprise Communication and Collaboration domain (=EC&C) is an important component of Corporate IT and involves many aspects of the way employees perform their work. Access to critical business information and communication is vital to the rapidly changing business environment. The services provided by EC&C will enable a smooth transition for the user and business community. EC&C provides technical, organizational and functional leadership for all aspects of collaboration and data & voice/audio/video communication throughout Philips. EC&C is responsible for the generic communication and collaboration services in a shared operating model.

2.3 IT cost structure

This paragraph will discuss the IT cost structure of Philips. The cost structure of Philips is discussed because the costs of IT are related to the way IT is controlled.

In the mid nineties, the costs for infrastructure services increased and infrastructure services gained importance within the company. In 1996 the infrastructure costs within Philips where divided into business specific costs and non-business specific costs for infrastructure. A division that was meant to split the responsibility for infrastructure related activities.

Since that moment, the PD’s have been responsible for business specific infrastructure activities and the corporate level, C/IT, has been responsible for the generic infrastructure activities. In the course of time, the infrastructure activities were called ‘IT’ activities. Because the total costs for IT were rising and IT still gained importance in 1996, the IT steering committee felt the need to increase the control of the IT costs.

Therefore, they decided to determine specific cost components within the general ledger. The IT steering committee divided the IT costs into the following components.

• Costs for (new) Business Application operations

• Costs for Wide Area Network services

• Costs for Local Area Network services

• Costs for Network Applications services

• Costs for Desktop services

• Costs for Telecommunication services

• Other IT costs

(26)

• Undivided IT costs

With this change it became possible to collect more detailed information about the IT costs. The IT steering committee believed that more detailed information provided better support for top-level decisions on IT. The change in the general ledger for IT was, however, in contrast with an ongoing conversion at that moment at company level. Philips had just decided to change the functional accounting method into a categorical accounting method. The categorical accounting method reduced and centralized the categories within the general ledger to make top-level decisions easier. However, the IT steering committee believed the opposite for IT. It must be said that the PD’s didn’t support the thoughts of the IT steering committee. They had no interest by determine different cost components for IT.

Today, Philips spends over 1.2 Billion Euro (actual 2003) annually on IT worldwide. Figure 1.2 in the previous chapter depicts how this amount is divided over the different IT cost components.

The business application operation cost component distinguishes existing business application operations from new developed business application operations. The costs for development of a project will be booked on the business application new development component.

When the project is finished, this means that the project is capitalized and is (being) depreciated; the costs will be booked on the business applications operations component. Business application operations costs incurred in the acquisition of, manufacturing of, or the license to use new applications, such as Enterprise Resources Planning systems or applications supporting technical processes. Enhancements of these applications, to meet the specific needs of the user, support in the field of software development, consultancy and project management. The costs relating to the transition to the new application, such as for data conversion, software interfaces and training must also be booked on this cost component.

The account for network application services is intended for costs of services for E-mail, Intranet, Internet and groupware services. Internal charges for the C/IT project called DIAMOND are also recorded on this cost component.

The component for wide area network services is created for the costs of services rendered in the field of wide area networking, for example costs by suppliers of IT-services, costs charged by telephone companies for one's own wide area communication services and costs of maintenance of one's own wide area network components. All internal

(27)

charges concerning the IT project called ‘the Philips Global Network’

are also recorded on this component.

The costs relating to local area networks and services with respect to desktops and laptops are booked on the component for local area network services. Local area network services include the costs of the license to use LAN and server software, services (e.g. LAN management, consultancy) and the costs of maintaining network and server components.

The services relating to desktops and laptops comprise installation, support and maintenance. These costs are booked on the component for desktop services. Network components used for establishing LAN/WAN connections (e.g. bridges, routers, gateways) and all internal charges concerning the IT project called ‘CODE’ are also recorded on this cost component.

The component for costs of telecommunication services is debited with the cost of telephone connections, subscriptions and calls, telex, telegrams, fax, video conferencing, local telephony cabling and exchange, etc. In fact, four major categories are identified within the telecommunications services. These are mobile services, dail-in services, fixed telephone services for hardware and fixed telephone services for software.

For situations where the total IT costs within a particular functional location of Philips are less then one Million Euro, the costs are allowed to be booked on the cost component for undivided costs.

Finally, the component for other IT costs is not specifically described.

Remaining costs can be booked on this component. The classification into cost component is used within the Philips One chart of Account (=POCA) and is reported via Standard Reporting Forms (=SRF’s) to corporate level with a consolidation management reporting system (=COMAR system). With the support of the COMAR system, the IT cost structure, as depicted in figure 2.6, is also used for analysis and control.

Total IT Costs

Costs of IT personnel

Depr./write offs (in)tang. fix.IT assets Remaining fixed assets related to IT Capitalized Software

Inf.& comm. techn. costs before capit.

IT costs charged out

Charged out IT costs within own BG Charged out IT costs within own PD Charged out IT costs outside own PD

(28)

Figure 2.6: IT cost structure⁸

The costs categories that are depicted in figure 2.6 are not all booked as specific IT costs in the general ledger. The costs for IT personnel are booked as overall personnel costs. The general ledger does not specify the personnel costs into specific activity areas. However, the COMAR system does make it possible to identify for instance the personnel costs for specific activity areas like IT. The same counts for the depreciation of tangible fixed IT assets and the remaining fixed assets for IT. The assets are booked in the general ledger but not specified to IT.

The cost structure as depicted in figure 2.6 makes it possible to analyze and control the IT costs in more detail in a way that is not possible according to the accounts in the general ledger.

8 Philips C/IT control department, IT cost reporting 2003, Eindhoven, 2003

(29)

Chapter 3 IT control at top-level of Philips

This chapter intends to provide an answer to the second sub-question for this research. The question is:

‘How does Philips’ Corporate IT control department deal with IT control at top-level of the organization?’

To answer this question, first the C/IT control department of Philips will be explained in paragraph 3.1. This paragraph will discuss the main tasks and responsibilities within this department. It will also explain the departmental structure that is used to manage these tasks and responsibilities. The specific controls that the C/IT control department distinguishes for IT are discussed in paragraph 3.2. This paragraph describes a so-called IT control framework according to the general management of the C/IT control department.

3.1 C/IT Control Department

As mentioned in the previous chapter, the C/IT control department is one of the four facilitating departments within the Office of the CIO.

This department deals with the primary control issues for IT. The control department is responsible for control at two levels. First, the C/IT control department is responsible for IT control at Philips level. This means that the C/IT control department is responsible for reporting on, internal control of, and managing accounting standards for all IT costs within the enterprise. Secondly, the C/IT control department is responsible for control of IT costs within the C/IT department. This means that a traditional controllers function is executed for IT projects that are executed within the C/IT department. The ISO documentation describes the responsibilities of the C/IT control department as follows:

• Preparation of a quarterly report about IT costs

• Support of the corporate IT management teams with cost performance reporting on IT projects within the C/IT department

• Proper housing and tooling of C/IT

The C/IT Control department determines seven core processes to exercise these responsibilities. The core processes are:

1) Philips’ IT cost monitoring &

control

5) IT control

2) Project support 6) Manage IT environment

3) Business control 7) Manage infrastructure facilities 4) Financial control

(30)

The first five processes will be discussed in more detail because they directly involve IT control within the scope of this research. These five processes also cover the first two responsibilities that are mentioned.

The last two processes cover the last responsibility about proper housing and tooling of the C/IT department. However, these two processes are less relevant because they do not directly involve IT and costs. They are of pure facilitating nature to make the processes within the whole Office of the CIO possible. These two processes will not be further discussed. Next, the first five processes are discussed respectively.

The first process, Philips’ IT cost monitoring and control process, is performed by:

1) Defining budget guidelines for IT within Philips

2) Collecting IT cost data from reporting organizations within Philips 3) Preparing reports to the IT steering committee about Philips’ total

IT spend

Define budget guidelines is done by the IT Domain managers and the Program managers. They determine the expectations for the next budget period and express those expectations in financial terms. The proposed budget is presented to the CIO-meeting and is sent to all relevant organizations within Philips after approval. At the end of each quarter the PD-IT controllers and the PD-CIO’s have to supply to the C/IT department the IT cost data and their analysis. The yearly timetable for Philips is defined by the C/IT control department and communicated via a financial directive. The last task within costs monitoring and control is to prepare a report to the IT steering committee about the total spent on IT within Philips. The financial data from the operational units of Philips is collected via the COMAR (=Consolidation Management Reporting) system. COMAR is a database that collects, stores, and processes the basic financial data of all operational units for the purpose of the consolidation of the entire Philips Group. COMAR is a Philips controlling tool that possesses sophisticated "checks and balances”. It ensures that proper accounting methodology is used within Philips businesses and allows reporting to corporate level by certain periods. COMAR processes all the inter-company eliminations and currency translations. The C/IT control department analyzes the financial data for the Philips Group and composes analyzing comments and surveys. The final report is delivered to the publications group of the corporate control department. The information that is reported remains the responsibility of the PD’s.

The processes ‘project support’, ‘business control’, ‘financial control’

and ‘IT control’ are very much related to each other. The relations and main activities within these processes are depicted in figure 3.1.

(31)

Figure 3.1: Core processes of the C/IT control support offices⁹

The C/IT control department has determined four support offices to execute the four processes that are mentioned in figure 3.1. Each office and process will be explained respectively.

The project support office is responsible for the development and maintenance of all procedures, methods and tools for project management. The C/IT department has accepted MITP (Managing the Implementation of the Total Project) as their project management methodology. The project support office provides training and education about the use of methodologies, tools and procedures for all project members. Another responsibility for the project support office is to provide consolidated management reports on projects at a weekly basis. They measure and report about the performance of projects via a dashboard that depicts different performance indicators.

If the C/IT department decides to manage a project itself, instead of outsourcing the project, the project support office walks through the MITP live cycle. The first step is to identify the project by making a PIR (=Project Identification Report) and to get it approved. A mini-PIR with a project value less than 250,000 Euro has to be approved by the responsible program and domain manager. The PIR for projects between 250,000 and 1 Million has to be approved by the manager of the C/IT control department and the Philips CIO and finally, a PIR above 1 Million need approval of the CIO board and the board of management. The second step of the MITP methodology is to make a PDR (=Project definition Report). This report is a more detailed version of the PIR with better-defined deliverables, use of tools, risks, assumptions, dependencies etc. A complete plan to execute projects is developed.

The next step within MITP is to run the project according to the PDR.

With the use of a specific designed dashboard the progress of the

9 van Gils, A., Presentation C/IT control process, Eindhoven, 2003

(32)

project is monitored and controlled. The final steps of the MITP process are to define a PCR (=Project Closure Report) and a PHR (=Project hand-over Report). The PCR describes what was planned and is realized. It also evaluates the project and determines what to learn for future projects. The PHR is the final report that makes clear how the deliverables of the project are to be managed and maintained in the future.

The business control office is responsible for management reporting to the IT domain managers and the program managers about projects.

The controllers are involved with the development and approval of PIR’s and business cases. They also control the projects within the domains by monitoring the dashboards of the projects that are produced and supplied by the support office. If necessary, they interfere and correct to assure progress and minimize risk. All investments above 1 Million Euro are analyzed, approved, monitored and controlled by the business controllers. Another responsibility of the business control office is to support in making the ROFO (=Rolling Forecast) and AOP (annual operating plan) for C/IT.

The financial control office is responsible for all administrative operations within the C/IT department. This includes the Office of the CIO as well as the IT GSU. The interface with the IT GSU is a very important part to execute their financial control function. The financial control office is responsible for composing the SRF 148. Another responsibility goes beyond the boundaries of the C/IT department. The financial control office provides the financial reporting requirements at Philips level. They collect all IT administration data within Philips using the COMAR system to write the finance directives for IT.

Finally, the IT control office is responsible for the general management of the whole C/IT control department. This includes all seven mentioned core processes. They are responsible for the interface between the IT GSU, the C/IT department and the rest of Philips concerning IT finance issues. The C/IT control department provides quarterly IT reporting and performance reporting at Philips level to the IT steering committee, and therefore plays a role within the TOP (=Towards One Philips) program.

The quarterly report includes information about:

• The actual and planned IT costs of Philips per costs component, at Philips level and PD level.

• IT costs as percentages of the sales.

• IT costs per employee.

• Possible currency effects.

• Status report about IT projects/investments.

(33)

The IT GSU completes the report by adding a financial summary sheet, data about desktop & DIAMOND counts and data about the PGN traffic.

3.2 Philips’ IT control framework

The general management of the C/IT control department constructed a framework to depict all areas of responsibility in another perspective.

This framework is called the ‘IT control framework’ and is depicted in figure 3.2.

Figure 3.2: IT control framework¹⁰

The IT control framework is constructed with the objective to identify all areas of responsibility that are to be taken into account for proper IT control of Philips. The following five areas of responsibility are distinguished in the IT control framework:

• Financial instruments • Benchmarking

• Management reporting • The internal control framework

• Financial reporting

The responsibilities more or less comply with the responsibilities that are mentioned in the previous paragraph. The framework depicts the vision of the general management towards IT control. Each area of responsibility will be explained in the following sub-paragraphs.

10 van Gils, A., Presentation C/IT control process, Eindhoven, 2003

IT Control as part of Philips’ corporate IT