It Security and Acquisition Strategy Acquisition Strategy

It Security and Acquisition Strategy

Acquisition strategy statements are important documents for gaining and maintaining executive support for programs and projects. What in your view are the one or two biggest challenges in developing an acquisition strategy? Give your reasons and any suggestions you have for addressing the challenge(s).

In my view, the biggest challenge arising in connection with developing an acquisition strategy is the need to communicate potentially complex technical concepts and rationales to a wide variety of stakeholders. In principle, the acquisition strategy statement must be capable of promoting "buy-in" at every level from executive leadership to management, and to individual business units and employees. Each of these groups of stakeholders typically focuses on different concerns that depend on and relate in different ways to information technology (IT) infrastructure and processes. Similarly, the needs and capabilities of IT systems are potentially very different in the way that their adoption affects all of these stakeholders in their respective responsibilities.

From the perspective of some stakeholders, proposed IT system acquisitions may represent obvious benefits immediately that make them welcome changes. Conversely, other stakeholders may have specific reasons for reacting differently (i.e. negatively) to the same prospective acquisitions and other IT system changes. Therefore, the effectiveness of the acquisition strategy statement is substantially a function of how well its writers and organizers anticipate the many different ways that the proposed changes could impact different levels of management, business units, and end users. They must be able to garner support from each different group of stakeholders by articulating the specific advantages that the proposed acquisitions represent. To do that requires a comprehensive understanding of the ways that every potential stakeholder relies on and uses the existing IT systems and relates the new acquisitions to the benefits that those different stakeholders will derive from the proposed changes.

2. How should an organization decide on how "cutting edge" it should be in its IT acquisition strategy? Acquiring cutting edge IT might give it a competitive advantage, but at greater risk because the IT is cutting edge. On the other hand, the use of well-tested, mature IT that is also being used by many others reduces the risk, but it also may eliminate competitive advantage possibilities. How can the organization decide where along the continuum of very mature to cutting edge technology it belongs in its IT acquisition strategy?

There is no value to implementing "cutting edge" IT systems simply for the sake of doing so. On the other hand, IT systems tend to develop so rapidly that the newest systems tend to become obsolete relatively quickly. Naturally, there are obvious risks at both ends of the spectrum. An organization that is enamored of the concept of always exploring the "cutting edge" of technology risks wasting resources on acquisitions prematurely, in at least two ways. First, it is potentially wasteful in terms of purchasing systems with new capabilities that are not needed by the organization and that entail replacing perfectly good existing systems whose continued use for the time being would be more fiscally sound that replacing them prematurely. Second, the premature adoption of new technologies merely because they are new may result in tremendous waste on relatively untested systems that may be the most prone to complications and operational difficulties in their first generation. That presents two types of waste in the initial expenditure and then in the lost efficiency attributable to operational problems and the delays and costs associated with resolving problems with the new systems.