Supplier Portfolio Management for IT Services Considering Diversification Effects

Abstract

By means of service-oriented architectures the IT support of processes can be designed as a portfolio of individual IT services provided by different suppliers. The processes are designed based on selection decisions between IT services that potentially have to be included. Many companies formulate a multitude of requirements for investments in IT services at ever shorter intervals. However, the scope of the desired investments usually exceeds the available budget. Thus, companies face the challenge of allocating the limited budget to investments in the most promising combination of IT services. This is hardly possible without methodical support. In addition, the allocation is often done intuitively and subject to the decision-makers’ affinity with IT. Therefore, this paper develops a quantitative, multi-period procedure model for the purpose of maximizing the enterprise value in accordance with value based management, which considers the dependencies of the periodical selection decisions. In the following, a decision logic for the heuristic solution to the selection problem is presented and its application is demonstrated by means of an illustrative case example.

The increasing requirements for a need-oriented and flexible IT landscape are among the challenges which service-oriented architectures are supposed to meet. As a result, IT support of processes can be designed as a portfolio of individual IT services. The design of the processes is based on the selection decisions between IT services offered by different suppliers which potentially have to be taken into consideration. The scope of the formulated requirements for IT services investments, however, usually exceeds the available budget. Thus, companies face the challenge of allocating the budget to investments in the most promising IT services combination. In the present article a procedure model regarding value based management is developed which considers dependencies between the selection decisions. Subsequently, a decision logic for the heuristic solution is presented and its application is demonstrated by means of an illustrative case example.

1 Introduction

In recent years companies have increasingly redesigned their IT landscape with the help of service-oriented architectures (SOAs) (Pahlke et al. 2010, p. 299). SOAs aim at, inter alia, achieving a higher customer orientation due to individualization as well as increased flexibility due to standardization (Gebauer and Lee 2008, p. 73; Gebauer and Schober 2006, p. 128; Singh and Huhns 2005, p. 78). For this purpose SOAs make it possible to design the support of individual process actions by means of IT services as an IT service portfolio (ITSP). An ITSP denotes a set of IT services which is to be used to support process actions on the basis of a specific infrastructure at a point in time or within a time span (vom Brocke and Sonnenberg 2007, p. 187). One IT service encapsulates a particular range of functionalities (regarding the granularity of IT services in SOAs cf., e.g., Braunwarth and Friedl 2010; Rud et al. 2007) and provides it for multiple use via defined interfaces (Erl 2005, pp. 384 ff; Krafzig et al. 2007, p. 60; Singh and Huhns 2005, pp. 76 ff; Papazoglou 2003). Thus, SOAs enable the support of process actions by means of IT services of several internal or external IT service providers (Braunwarth and Heinrich 2008, p. 100; Papazoglou 2003; Reichmayr 2003, p. 99 ff; vom Brocke et al. 2009, p. 226 f.). The design of the processes is brought about by the combination of the ITSP, i.e. mainly by selection decisions between IT services which potentially have to be taken into consideration (Schelp and Winter 2007, p. 1; Singh and Huhns 2005, p. 79; vom Brocke and Sonnenberg 2007, p. 188; vom Brocke et al. 2009, p. 227.) Due to the necessity of responding to, e.g., changing customer needs, developments in markets and technologies as well as legislative guidelines in a continuous and dynamic way (Setzer et al. 2008), many companies state a multitude of requirements for investment in IT services at ever shorter intervals (Brandl et al. 2007, p. 92; Kontogiannis et al. 2007, p. 5). Hence, there is not only an increasing time pressure regarding the valuation of investments and the implementation of IT services, but also “a multitude of design options whose economic consequences can hardly be estimated in rational terms without methodical support” (vom Brocke et al. 2009, p. 223). In addition, the scope of the favored investments in IT services usually exceeds the available budget, which is limited by monetary and non-monetary constraints such as a shortage of personnel or management resources (Wehrmann et al. 2006, p. 234). Therefore, especially those companies whose IT is strongly based on SOAs face the challenge of allocating the constrained budget to the most promising combination of investments in IT services. This requires a methodical valuation of the available IT services (cf. de Reyck et al. 2005, p. 526; vom Brocke et al. 2009, p. 223).

However, according to a global survey among 749 Chief Information Officers and Chief Executive Officers by the IT Governance Institute, only 50% of the surveyed companies have a clearly defined procedure for the valuation of IT (IT Governance Institute 2008, p. 31) which is necessary for the selection of the IT services. Instead of employing value based decision criteria, the selection is often made intuitively and it is subject to the decision-makers’ affinity with IT (Kesten et al. 2007, p. 1). For prioritizing the available IT services

1. (1)

   a quantitative, multi-period procedure model for the purpose of maximizing the enterprise value in accordance with value based management is developed which considers inter- and intra-temporal dependencies of periodic selection decisions and

2. (2)

   a decision logic for the heuristic solution to the selection problem is presented and its practical application is demonstrated by means of an illustrative case example.

The procedure model is based on the Markowitz portfolio theory (Markowitz 1952). For that reason, fundamental problems regarding its transferability to issues of IT investment valuation are to be discussed critically (cf. Asundi and Kazman 2001; Kersten and Verhoef 2003; Verhoef 2002). Thus, especially the liquidity of the investment objects, which must exist at any given time, is a necessary pre-condition for the applicability of the portfolio theory. However, in the case of IT investments this applicability usually only exists up to the time of implementation (Verhoef 2002, p. 7; Zimmermann et al. 2008, p. 6). In the present article, though, the allocation of the limited budget towards the combination of favored investments in IT services which seems to be the most promising one in terms of returns and risks takes place before their implementation. For that reason they can be considered to be liquid at the time of portfolio optimization (cf. Zimmermann et al. 2008, p. 6).

The primary aim of this paper is to contribute to a better understanding of relationships in case of dependencies between portfolio positions and suppliers, especially with regard to the design of SOAs. The transferability of the results obtained in the illustrative case example to both larger problems and other companies or sectors, whose data quality is poorer than in the present case example, is discussed critically.

This article is organized as follows: Sect. 2 gives an overview of previous research. On this basis, requirements for a multi-period, quantitative procedure model that is used for prioritizing the available IT services is derived from literature. The procedure model as well as a decision logic which serves as a heuristic solution for the application of the model is presented in the following Sect. 3. In the subsequent Sect. 4 the application is demonstrated by means of an illustrative case example, which is based on the data of a German financial services provider. The last Sect. 5 summarizes the results and assesses them critically.

2 Previous Studies and Requirements of the Procedure Model

Numerous studies deal with the general valuation of IT investments (for an overview cf. vom Brocke et al. 2009, p. 226). In this context, especially the real options theory (cf. Bardhan et al. 2004; Benaroch and Kauffman 1999; Hawes and Duffey 2008) and the cost-utility analysis (cf. Jeffery and Leliveld 2004), which is widely used in practice, are of particular importance. However, a multitude of existing procedures neglect interdependencies between investments (e.g., mutual dependencies between IT services) which may significantly affect the portfolio risk (Wehrmann et al. 2006, p. 235). For that reason, the consideration of single investments – as it is often the case with general procedures for the valuation of investments, such as for the selection of software or other IT-related acquisitions – is necessary but not sufficient in order to obtain an optimal ITSP (cf. Wehrmann et al. 2006, pp. 235 ff). For this purpose, the consideration of dependencies is essential. Therefore, Verhoef (2002) transfers the discounted cash flow procedure to the valuation of IT investments where interdependencies can be considered implicitly by means of distribution assumptions, e.g., regarding process maturity (cf. Wehrmann et al. 2006, p. 237). However, a quantification of the risk in the form of a risk measure is not carried out, thus making a correct risk aggregation as to the portfolio risk impossible (Zimmermann 2008a, p. 359; 2008b, p. 463). Bardhan et al. (2004) draw on the above mentioned real options theory where risk is measured by means of a standard deviation and where dependencies between sequential investment decisions are considered. In contrast, Dörner (2003) and Wehrmann et al. (2006) use the Markowitz portfolio theory (Markowitz 1952). These studies also use the standard deviation as a risk measure, whereas the expected returns are incorporated with the help of the net present value. Due to the aggregation rules known from the portfolio theory, a correct aggregation of the expected returns and risks is possible while taking dependencies into consideration (Zimmermann 2008a, p. 359; 2008b, p. 463).

However, as to prioritizing the available IT services in companies whose IT landscape is based to a large extent on SOAs, the general procedures for the valuation of IT investments often prove to be too abstract (vom Brocke et al. 2009, p. 226). In contrast, studies concerning SOAs specifically deal with the decision support regarding the prioritization of the available IT services, but they often neglect the economic perspective (vom Brocke et al. 2009, p. 226). However, many authors call for a value based view on IT (vom Brocke et al. 2009, p. 224; Wehrmann et al. 2006, p. 234; Zimmermann 2008a, p. 358), which, so far, can only be found in a few studies on the design of SOAs (e.g., Thomas and vom Brocke 2010). Therefore, the present paper attempts to develop a quantitative, multi-period procedure model for the purpose of maximizing the enterprise value in accordance with value based management.

In order to prioritize the available IT services in accordance with a value based view, a target figure is necessary to measure the increase in enterprise value (Buhl et al. 2011, pp. 164 f; Coenenberg and Salfeld 2003, p. 3). This approach ensures the identification of the value contribution of an IT service. Apart from the expected return, however, risks also have to be taken into consideration (Zimmermann 2008b, p. 461), since neglecting them usually leads to a misallocation of resources (Maizlish and Handler 2005, pp. 181 ff). In this context, risk does not necessarily imply danger or threat (downside risk), but it is rather a directionally independent deviation from the expected return as measured by symmetrical risk measures. In addition, the risk assessment is dependent on the decision-maker’s attitude towards risk (Zimmermann 2008b, p. 461). This results in the first requirement (R) which should be fulfilled by a procedure model used for prioritizing available IT services:

1. R.1

   The prioritization of the available IT services should depend on their respective contribution to an increase in the enterprise value (value contribution). When determining the value contribution, the expected return and risk are to be considered in accordance with the decision-maker’s attitude towards risk.

There can be dependencies between different IT services, e.g., with regard to availability (cf. Sect. 3.1), which affect the advantageousness of the selection (cf. Braunwarth and Heinrich 2008, p. 103; Diepold et al. 2011, p. 806; Zimmermann 2008b, p. 462). In order to be able to show such dependencies regarding the prioritization of available IT services and to consider all significant interdependencies (Kargl 2000, p. 23), it is necessary to treat the IT landscape as a portfolio (Lacity and Willcocks 2003, p. 116). Thus, the second requirement can be derived:

1. R.2

   When determining the value contribution of an IT service, dependencies between individual IT services should be examined. In order to be able to take them into account it is necessary to consider the company’s IT landscape as a portfolio with existing IT services having to be incorporated during the valuation.

Thus, a procedure model for the prioritization of the available IT services is required which is able to determine the value contribution of a single IT service and the whole ITSP, while considering the expected return, risk, and dependencies between IT services. These can be obtained from both internal and external suppliers. Reichmayr (2003, pp. 99 ff) describes the term “outtasking” as the selection of IT services of external suppliers needed for the execution of individual process actions (cf. vom Brocke et al. 2009, p. 227). Moreover, Braunwarth and Heinrich (2008, p. 107) have shown that potential for optimization is forfeited by choosing only one supplier per process action, an approach that continues to be very common. However, if there is the possibility to assign individual executions of process actions independently of one another to various internal and/or external suppliers (e.g., out of 1000 executions of the process action “opening a bank account” 600 are assigned to supplier A and 400 to supplier B), the risk can be diversified. This leads to the third requirement:

1. R.3

   The procedure model must ensure an integrated view of the prioritization of the available IT services, while determining at the same time the – according to a risk/return assessment – optimal individual participation of the suppliers in the execution of individual process actions.

In order to reach optimal decisions for all upcoming decision points as far as the end of the planning horizon and to avoid systematical, methodical bias during the process of prioritizing, the multiperiodicity of the problem and the resulting dynamic character have to be taken into account in an appropriate way (cf. de Reyck et al. 2005, p. 526). This leads to the fourth requirement:

1. R.4

   The selection of IT services should be made – while considering periodic budget constraints – in such a way that the risk-adjusted value contributions, which correspond to the respective state of knowledge at the relevant decision points, are maximized over the planning horizon.

What ensues is a multi-period procedure model for the prioritization of the available IT services developed on the basis of these requirements.

3 Formulation of the Procedure Model

In the following a business case is assumed to be available for each existing IT service on hand (cf. Iqbal et al. 2007, p. 194). Apart from the variables contained therein, the model uses the documentation of the processes that potentially have to be supported and the process actions which are included. The documentation indicates, inter alia, which process actions can basically be supported by IT services. From service catalogues, which further specify these process actions, one can infer the expected demand as well as the expected payment surplus regarding the support of a process action by means of an IT service (cf. Blodig et al. 2006, pp. 473 ff; Helmke and Dangelmaier 2008, p. 295). For this purpose, a pay-per-use pricing model for IT services is assumed, with the presented model also being suitable for differing pricing models (cf. Sect. 3.1). Table  1 gives an overview of all variables that have to be determined and suggests sources of procurement. Nevertheless, the collection of input parameters is a critical factor which may lead to limitations as to the application of the procedure model (cf. Sect. 5). Furthermore, it is to be assumed that it is already known whether IT services exist for the support of process actions or if the development of a suitable IT service is possible.

Table 1 Overview of all variables to be determined and possible sources of information

The definition of the requirements for IT services is usually recorded in a system specification, with strategic or legal restrictions or requirements which have to be taken into consideration (cf. Iqbal et al. 2007, p. 195). In doing so, a distinction has to be made between mandatory and optional requirements (Helmke and Dangelmaier 2008, p. 296). In the following, only those requirements are regarded as mandatory which indispensably have to be implemented, e.g., due to legal requirements. All other requirements exceeding the aforementioned scope are to be classified as autonomous optional requirements. Now, a prioritization of optional requirements for the implementation of IT services is to be executed at defined and recurring points in time, while mandatory requirements are taken into account. During this process, IT services of a company’s ITSP can occur at four different stages of the life cycle. There are (1) identified IT services, which are described as a support of process actions, but have not been implemented yet; (2) requested IT services, which are implemented in the course of IT projects; (3) realized IT services, which have already served as a support of process actions; as well as (4) removed IT services, which are no longer available for the support of process actions. At the decision point, an ITSP consisting of realized IT services as well as identified IT services already exists. On the basis of this initial situation, a decision can be made as to which of the identified IT services are to be requested (decision point). During the phase between two successive decision points, the implementation of one or more authorized investments in IT services take place, or, respectively, the removal of IT services which are no longer needed (implementation phase). Changes in IT services can be made through the removal of an already realized IT service while at the same time requesting a new IT service in accordance with the desired specifications. Thus, at the next decision point, there is again an initial ITSP which consists of identified and realized IT services. In this way the changes of the ITSP, which were decided on at the decision point, are put into effect completely at the effectivity point. This procedure is repeated at each decision point (cf. Fig.  1 ).

Fig. 1

IT service portfolio across several decision points

3.1 Hypotheses

Taking the requirements formulated above into account, the following hypotheses as to the model are put forward; in doing so, all variables marked with the index t are to be regarded as period related and, in contrast, all variables without the index t are to be regarded as constant over all periods. Table  1 presents an overview of all variables that have to be determined as well as their possible sources of information.

The model is based on the following hypotheses:

1. A.1

   In the company there is a set of process actions m∈{1,2,…,M} that is potentially supportable by IT; for the sake of simplicity this set of process actions is assumed to be static. The support of a process action m, which can be provided by the IT service s _m,n of a supplier n∈{1,2,…,N}, will presumably be required until the point in time T _m . The ITSP optimization is effected at the decision points (DP) t∈{0,1,…,T} until the end of the planning horizon T with \(T<\max^{M}_{m=1}(T_{m})\). Also for the sake of simplicity, the implementation/inclusion of a new, requested IT service s _m,n for the support of a process action m or, respectively, the removal of an already realized IT service s _m,n is to be completed after one period. Thus, after each DP t the corresponding effectivity point (EP), which occurs in the subsequent period, has to be assumed to be t+1∈{1,2,…,T+1} in the following.

1. A.2

   An IT service s _m,n should be only considered if it is offered for the whole required period, i.e. from the EP t+1 to the end of the anticipated period at the point in time T _m . If the IT service s _m,n of a supplier n, which is used for the support of a process action m at the point in time t, has to be taken into consideration, then the element a _t,m,n ∈{0,1} of the M×N matrix A _t (supply matrix at the point in time t) is one with regard to \(t \in\{0,\max^{M}_{m = 1}( T_{m})\}\), otherwise it is zero. This ensures that all identified and realized IT services are considered during the optimization of the ITSP. If an IT service s _m,n is removed at the end of the runtime T _m , then \(a_{T_{m} + 1,m,n} = 0\) applies. If an IT service s _m,n is removed before the end of the runtime T _m at the DP t, then a _t+1,m,n =0 applies to the subsequent EP t+1. The anticipated demand q _t,m ∈{0,1,…,Q} for a process action m per period between the two points in time t and t+1 with t∈{0,1,…,T _m } occurs with the probability d _t,m ∈[0;1] and it is zero with the probability 1−d _t,m .

1. A.3

   The budget B _t ∈ℜ⁺ for investments in IT services s _m,n , which is available at DP t, is limited. Therefore, it may be possible that the requested support can only be approved for a part of the process actions m. Thus, a decision should be taken during the optimization of the ITSP whether (1) a process action m is to be supported by an IT service and, (2) if so, whether it is to be obtained from one or more suppliers n. With regard to the expected demand d _t,m ⋅q _t,m for an already realized IT service s _m,n , x _t,m,n ∈[0;1] denote the shares in the execution – which have already been determined and which are obtained from a supplier n for the support of a process action m – at the decision point (DP) t.¹ If a process action m is supported by the IT service of one or more suppliers n at the point in time t, then \(\sum^{N}_{n=1}x_{t,m,n}=1\) is valid. In addition, a share x _t,m,n , which has already been determined, is to be constant over the remaining period of the IT service s _m,n until its removal at the point in time T _m . Thus, the decision variables of the model are – at each DP t – the shares x _t+1,m,n in the execution of an identified IT service s _m,n with reference to its expected demand d _t+1,m ⋅q _t+1,m from the effectivity point (EP) t+1 onwards.

In case a process action m is supported, payments for investments incur in the first instance. If the IT service s _m,n is provided by the company itself, these payments for investments comprise costs of implementation and/or inclusion (e.g., if an already existing IT service is reused); if an IT service is obtained from an external supplier, they consist of inclusion costs only.

1. A.4

   Payments in advance for investments I _m,n ∈ℜ⁺ in the form of costs of implementation and/or inclusion incur for each IT service s _m,n , which is required for the support of a process action m, at DP t. For the sake of simplicity, no costs should incur for the removal of an IT service at the end of its runtime T _m .

During the execution of a realized IT service, attributable outgoing and incoming payments incur. The outgoing payments can be determined comparatively easily, especially in case of pay-per-use pricing models. Further possible pricing models can be found in Boles and Schmees (2003), whereas Braunwarth and Heinrich (2008, p. 102) demonstrate how alternative pricing models can be used. In contrast to that, the payments which incur during the execution of a realized IT service can be determined, e.g., by means of the saving potential that can be accomplished in comparison to the manual execution of the process action. Other ways of quantifying the outgoing and incoming payments as to IT services as well as the related uncertainty of the data can be found in, e.g., Brandl et al. (2007), Diao and Bhattacharya (2008), Dreifus et al. (2007, pp. 20 f), Thomas and vom Brocke (2010, pp. 76 ff), and Kesten et al. (2007).

1. A.5

   By using a realized IT service s _m,n , variable outgoing payments p _t,m,n ∈ℜ⁺ for one unit of the IT service s _m,n incur when the IT service s _m,n is provided by the company itself as well as when it is obtained from an external supplier (pay-per-use pricing model). If further fixed costs incur due to the use of a realized IT service s _m,n , the possibility of turning fixed costs into variable costs is assumed. The successful execution of a process action m generates incoming payments in the amount of g _t,m ∈ℜ⁺, which can be attributed to the support provided by the realized IT service s _m,n . Thus, the payment surplus in advance r _t,m,n ∈ℜ⁺ for each successful execution of a process action m, which is supported by the IT service s _m,n , can be derived from r _t,m,n =g _t,m −p _t,m,n .

In order to ensure the desired availability of the IT service, availability guarantees and penalty payments in case of non-provision are usually negotiated with the suppliers and stipulated in the Service Level Agreements (SLAs) (cf. Trienekens et al. 2004). Still, it has to be assumed that IT services are not always provisioned without delay or lack of quality. Usually, such operational risks are measured as Poisson-distributed random variables (Prokein 2008, pp. 43 ff). However, due to the availability which is expected to be high on average and the anticipated multitude of executions of an IT service, the normal distribution can be applied by way of approximation (cf. Schlittgen 2003, p. 243). Therefore, the following is assumed regarding the model (cf. Braunwarth and Heinrich 2008, p. 103):

1. A.6

   The probability \(\tilde{w}_{m,n}\in [0;1]\) that a realized IT service s _m,n will be available within the stipulated time period and in the agreed quality is depicted by normally distributed random variables with the expected value \(E(\tilde{w}_{m,n})\) and the standard deviation \(\sqrt{\mathit{Var}(\tilde{w}_{m,n})}\).² It is assumed that the probability of the availability \(\tilde{w}_{m,n}\) is defined in the SLA and that it remains constant until the end of the IT service’s period at the point in time T _m . As to the probability \(\tilde{w}_{m,n}\), \(\tilde{w}_{m,n}=1\) means that the IT service s _m,n is available in any case, and in the case of \(\tilde{w}_{m,n}=0\) it is not available at all.

1. A.7

   In case of the non-availability of the requested IT service s _m,n , additional outgoing payments in advance amounting to k _t,m,n ∈ℜ⁺ incur (e.g., by means of process failure or manual processing). It is assumed that any agreed penalty payments are already deducted.

From these assumptions it can be derived that in the period between t and t+1 an IT service s _m,n will be requested q _t,m times with a probability of d _t,m , and that it will not be requested with a counter-probability of 1−d _t,m . In the former case, the requested IT service s _m,n is available with a probability of \(\tilde{w}_{m,n}\) and it is not available with a probability of \(1 -\tilde{w}_{m,n}\). In case of availability there will be a payment surplus for the company amounting to r _t,m,n ; in case of non-availability additional payments in the amount of k _t,m,n are deducted and there will be a payment surplus of r _t,m,n −k _t,m,n (cf. Fig.  2 ).

1. A.8

   Due to the support of process action m by means of the IT service s _m,n of supplier n, there are stochastic, periodical payment surpluses \(\tilde{z}_{t,m,n}\) starting from DP t for realized IT services and from EP t+1 for newly requested IT services to the end of the anticipated runtime T _m (cf. Fig.  2 ). For the purpose of achieving comparability of the periodical payment surpluses, which are dependent on DP t, the expected values of the stochastically periodical payment surpluses \(\tilde{z}_{t,m,n}\) are consistently discounted to t=0 with the given rate of interest i _calc ∈ℜ⁺.

   Fig. 2

   

   Composition of the expected present value of the periodical payment surpluses of an IT service

Thus, the expected present value of the periodical payment surpluses of each IT service s _m,n at the point in time t is calculated as follows:

(3.1)

The expected present value of the entire ITSP μ _P at DP t=0 results from the sum of the weighted expected present values of the periodical payment surpluses μ _t,m,n of all realized and newly requested IT services s _m,n , which have to be considered and which are due from EP t+1 onwards, with this sum being aggregated across all process actions and suppliers and reduced by the outgoing payments in advance for investments I _m,n , which are also discounted to t=0:

(3.2)

with the constraints: x _t+1,m,n =x _h,m,n =konst.>0 ∀t≤h≤T _m ,m,n, if h≥0, with h being defined as h=min{v∈{0,…,T _m }:x _v,m,n >0}.

The signum function helps to achieve that the outgoing payments in advance for investments I _m,n are entirely taken into consideration only in the selection period and also if an IT service is only proportionally obtained from one supplier. In addition, the constraints ensure that – as formulated in A.3 – solely the shares x _t+1,m,n of the identified IT services are determined at DP t and that already existent shares x _v,m,n with 0≤v≤t are regarded to be constant. Since the probabilities \(\tilde{w}_{m,n}\) are distributed normally, this also applies to the stochastic, periodical payment surpluses \(\tilde{z}_{t,m,n}\). The corresponding standard deviation is determined by σ _t,m,n and can be calculated as follows:

(3.3)

Due to shared resources, such as databases of third-party suppliers, the probability of availability is not independent in reality, even in case of competing IT services of various suppliers.

1. A.9

   There are linear dependencies between the probabilities of availability \(\tilde{w}_{m,n_{i}}\) and \(\tilde{w}_{m,n_{j}}\) regarding two IT services \(s_{m,n_{i}}\) and \(s_{m,n_{j}}\) of two different suppliers n _i and n _j with n _i ≠n _j , which can be employed for the same process action m. They are depicted by means of the correlation coefficient \(\rho( s_{m,n_{i}},s_{m,n_{j}} ) \in[ - 1;1]\).

In addition, due to shared resources of one supplier, such as a server which is used for various IT services, the probability of availability regarding two IT services of one supplier is usually not independent.

1. A.10

   There are linear dependencies between the probabilities of availability \(\tilde{w}_{m_{k},n}\) and \(\tilde{w}_{m_{l},n}\) regarding two IT services \(s_{m_{k},n}\) and \(s_{m_{l},n}\) of the same supplier n which are used for the support of different process actions m _k and m _l with m _k ≠m _l ; these linear dependencies are depicted by the correlation coefficient \(\rho( s_{m_{k},n},s_{m_{l},n} ) \in[ -1;1 ]\).

1. A.11

   With respect to the model it is assumed that the risk of the entire ITSP is measured by means of the variance \(\sigma_{P}^{2}\). This corresponds to the weighted sum of all covariances of the individual stochastic periodical payment surpluses of the IT services s _m,n , which are part of the ITSP in relation to the stochastic periodical payment surpluses of the entire ITSP.

Thus, weighted with the shares x _t+1,m,m of the IT services s _m,n , which have already been realized or newly requested at EP t+1, the following equation can be derived (cf. Bamberg et al. 2006):

(3.4)

with the constraints: x _t+1,m,n =x _h,m,n =konst.>0 ∀t≤h≤T _m ,m,n, if h≥0, with h being defined as h=min{v∈{0,…,T _m }:x _v,m,n >0}.

The aims of a value based ITSP are both “to maximize the expected return” and “to minimize the risk”. Since both aims cannot be achieved at the same time – a fact that has been discussed sufficiently in relevant literature – a preference function is necessary which is in accordance with the (μ,σ) rule (cf. requirement R.1) in order to determine the ITSP with the highest value contribution. As to the modeling the following is assumed:

1. A.12

   For the decision-maker there is a utility function which is compatible with the Bernoulli principle and which assigns a value to each ITSP. The decision-maker always chooses the ITSP with the maximum preference function value. When determining the maximum preference function value, the expected present value μ _P and the risk \(\sigma_{P}^{2}\) have to be taken into consideration in accordance with the decision-maker’s attitude towards risk.

In doing so, the decision-maker’s aim is to choose – in accordance with his attitude towards risk and in consideration of the budget constraint – that ITSP which maximizes the risk-adjusted value contributions corresponding to the respective state of knowledge at the DPs across the planning horizon. Schneeweiß (1967) as well as Bamberg et al. (2006) have shown that in case of a constellation as indicated in assumptions A.6 and A.12 only a preference function of the following type is compatible with the Bernoulli principle:

$$ \varphi( \mu_{P},\sigma_{P} ) = \mu_{P} - \frac{b}{2}\cdot\sigma_{P}^{2} \to\max!$$

(3.5)

with the constraints: x _t+1,m,n =x _h,m,n =konst.>0 ∀t≤h≤T _m ,m,n, if h≥0, with h being defined as h=min{v∈{0,…,T _m }:x _v,m,n >0} and

The parameters μ _P und \(\sigma_{P}^{2}\) result from the formulas (3.2) and (3.4), respectively. The risk aversion parameter b∈ℜ, the Arrow-Pratt measure, represents the decision-maker’s attitude towards risk (Arrow 1965; Pratt 1964); with b>0 meaning risk aversion, b=0 meaning risk neutrality and b<0 meaning risk affinity. Moreover, the constraint

ensures that the periodical budget constraints are considered at each DP t.

3.2 Heuristic Procedure for the Model’s Practical Application

Due to the dynamic character of the decision problem, the optimization of the ITSP is dependent on all previous decisions at each DP t and in turn affects the subsequent possible alternatives. In order to solve the stochastic dynamic optimization problem presented in formula (3.5) and to consider the interdependencies between the DP t, the dynamic optimization according to Bellman (1957) can be applied. However, its application is problematic because of the necessity of modeling the problem entirely and providing all data. Usually, this problem cannot be coped with in practice since the data and hence the optimization problem itself is subject to its own dynamics during the course of time. From today’s point of view it is difficult to predict, e.g., which IT services will be identified and requested in the future. Thus, it is questionable to what extent the high complexity and the significant calculative effort, which are associated with dynamic optimization, can be justified if the required data basis, which determines future alternatives of action and thus the optimization problem, is fraught with such a high forecast uncertainty. For this reason, a decomposition of the dynamic decision problem formulated in Sect. 3.1 seems to be an alternative. The basic idea of this is the fragmentation of the dynamic optimization problem presented in formula (3.5) into various individual problems. As to each of these problems, the relevant values at the DP t are discounted to t so that – to be more precise – we have to talk about a present value and time related optimization. For this purpose, the portfolios are assumed to remain constant across the planning horizon. Thus, the ex-ante consideration of a subsequent adaptability is ignored. The adjusted objective function which is based on formula (3.5) can be found in Appendix 1. Thus, in contrast to the exact closed-loop optimization, the dynamic optimization problem is solved in a time-related way. As a result, possible inter-temporal interdependencies between the DP t are not considered, leading to a heuristic character of the solution. The detailed procedure regarding the optimization of the ITSP for each DP t and the determination of the required parameters can also be found in Appendix 1.

4 Case Example and Interpretation of Results

In the following, the procedure described in Sect. 3 is presented by using the example of a financial services provider. For reasons of confidentiality the explanation remains anonymous and the figures employed have been modified slightly.

4.1 Introduction of the Case Example

The financial services provider is positioned as a multi-channel bank in the German market. In order to standardize and improve its processes the service provider aims to increasingly convert its IT landscape in accordance with SOAs. In this course, individual process actions of customer advice and sales processes shall be supported by IT services. In order to implement the IT investments, which have been requested by the respective departments by means of appropriate business cases, the financial services provider carries out two releases per year. In this context, the term release denotes the implementation of one or more approved investments in IT services. For this purpose, a budget in MU (monetary unit) is available for the specification, development, testing, and implementation of new IT services (excluding current costs) for each release at each DP t (cf. Table  2 ).

Table 2 Available budget

At the first DP t=0 the redesign of the process of opening an account is focused on. The process actions “check address data”, “enter SCHUFA/InfoScore ³ information”, and “report account to SCHUFA” are chosen as examples from this process. In the context of designing a dashboard (online application used for the visualization of information) with a decision support for stock broking there is the set of process actions “show analyst valuation”, “show share signals”, and “show charts”, which can be chosen from with regard to the next release at DP t=1. At the last DP t=T=2 considered at this point, the respective departments have requested IT services for the implementation of the process actions “execute identity check”, “determine opportunities/risks”, and “start e-mail campaign”. These IT services are connected with the design of a so-called “Internet Client-Filial-System”⁴ with an integrated customer relationship management (CRM) tool.

Each of these process actions can be executed by an identified IT service which is either obtained from the own IT subsidiary or from two external suppliers (e.g., SCHUFA, which provides access by means of a XML-Gateway). However, the sum of MUs required for the implementation of the requested IT services exceeds the budget which is available at the DP by up to 50%. As a consequence, the IT services, which have to be newly developed or to be obtained from external suppliers, have to be chosen on the basis of the submitted business cases. Thus, the financial services provider has to deal with the question of which of the identified IT services are to be realized until the next EP and whether they are to be obtained from one or more suppliers proportionally. For this purpose, the data which were provided in the business cases and which provide information on the expected frequency in which an IT service is used, the probability to which it will be requested, and the expected incoming payment surpluses for each use of the service serve as the basis for the decision. The prices of the IT services can be determined relatively easily by means of suppliers’ offers or the IT subsidiary’s internal prices. The same applies to reliability and, consequently, the expected probabilities of availability. Here the suppliers guarantee a medium availability in the SLAs (possibly including a fluctuation range). Table  1 gives an overview of the variables that have to be determined and their possible sources of information. On the basis of these data, the input parameters \(\hat{\mu}_{\tau,m,n}\) and \(\hat{\sigma} _{\tau,m,n}\) at DP t=0 have been determined for the financial services provider using a rate of interest of i _calc =0.10. For the purpose of demonstration, Table  3 provides an extract of the results.

Table 3 Extract of the calculated input parameters \(\hat{\mu} _{\tau,m,n}\) and \(\hat{\sigma} _{\tau,m,n}\) for t=0

4.2 Application and Interpretation of the Results

With the help of the data basis, which was determined together with the financial services provider, the procedure described in Sect. 3.2 (cf. Appendix 1) was carried out. The results regarding a risk-neutral (cf. Table  4 ), a risk-averse (cf. Table  5 ), and a strongly risk-averse decision-maker (cf. Table  6 ) are presented below for the purpose of demonstration. The values in the cells indicate the determined shares in the execution of an identified IT service with regard to its expected demand from EP t+1 onwards (cf. assumption A.3). The IT service of, e.g., supplier 3 is supposed to provide IT support for 100% of all executions of process action 1 from EP t=1 onwards (cf. Table  4 ). The white cells include the shares of identified IT services determined at DP t. The gray cells either have not had to be considered yet at DP t or they include shares of IT services that have already been realized and which are regarded to be constant until the end of the runtime or, respectively, until their removal (cf. assumption A.3).

Table 4 Tableau of results for the case example as to b=0 (risk-neutral decision-maker)

Table 5 Tableau of results for the case example as to b=40 (risk-averse decision-maker)

Table 6 Tableau of results for the case example as to b=80 (strongly risk-averse decision-maker)

Especially three results are striking:

1. 1.

   Diversification

   The risk-neutral decision-maker (and this would also have been the financial services provider’s previous decision) would for each process action solely employ that IT service which has the maximum present value and would always assign a realized IT service entirely to one supplier. The more attention is paid to the risk, the more cautious the decision-makers investment and diversification will be. While in the case of risk aversion two suppliers are used for one process action (process action 6 in Table  5 ), two process actions (process actions 5 and 8 in Table  6 ) are supported by IT services of two suppliers in case of strong risk aversion. This makes clear that the diversification of the default risk becomes more important as risk aversion increases.

2. 2.

   Selection of IT services and exhaustion of the budget

   The IT services which are selected by the risk-neutral decision-maker and which simultaneously have the highest present value and a higher default risk make up only a small part of the ITSP as the risk aversion increases. In addition, the exhaustion of the available budget steadily decreases as risk aversion increases, i.e. fewer process actions are supported by IT services and potential cost savings and improvements in efficiency are not achieved.

3. 3.

   Portfolio risk

   For every decision-maker – the risk-neutral, the risk-averse as well as the strongly risk-averse decision-maker – the aggregation of the periodical ITSP optimization (cf. step 3 of the procedure presented in Appendix 1) produces the expected present value of the ITSP, the portfolio risk, and the value of the objective function (cf. Table  7 ).

   Table 7 Aggregation of the periodical ITSP optimization

   It becomes clear that the decreasing risk position as to the ITSP is “bought” at the cost of a lower expected present value. However, if the return/risk ratio is considered, then it becomes apparent that the risk-neutral decision-maker achieves a considerably worse return per risk unit than the risk-averse or the strongly risk-averse decision-maker does. If there is e.g., only little equity capital that can be used for covering the risk, the favorable return/risk ratio in case of risk aversion can be advantageous in many cases. In contrast to the presented procedure model, general procedures used for the valuation of investments often assume that there are no diversification effects (cf. discussion in Sect. 2). In order to analyze this effect, an ITSP optimization using a fictitiously assumed correlation coefficient of \(\rho( s_{m,n_{i}},s_{m,n_{j}} ) = 1\) as well as \(\rho(s_{m_{k},n},s_{m_{l},n} ) = 1\) was carried out (cf. assumptions A.9 and A.10). After the aggregation of the periodical ITSP optimization, the value of the objective function was determined by taking the data of the case example as a basis. This resulted for, e.g., b=40 in an objective function value of \(\varphi( \hat{\mu} _{P},\hat{\sigma} _{P} )= 9319.25\), which was more than 9% lower.

To sum up, it can be said that a consideration of the default risk in the ITSP and, consequently, the executions of individual process actions by more internal and/or external suppliers become more important, the higher the underlying intensity of the risk aversion parameter is. As to the financial services provider, it became apparent that the original intention of concentrating on only one supplier per IT service in the course of a SOA adoption cannot entirely be assessed as being as positive as expected: On the one hand there is the cost saving effect and on the other hand there is a higher risk position which more than compensates the cost saving effect. Especially in case of the process actions “show share signals” and “determine opportunities/risks”, which can be directly accessed by the customers and which may be decisive for the success, these findings contributed to the decision to employ two suppliers for each process action – despite higher costs (strongly risk-averse solution). Thus, the results reflect the influence of the decision-maker’s risk aversion on the decision-making process, with the results achieved in this case example being strongly dependent on the individual situation of the financial services provider in question (cf. March and Shapira 1987). In addition, some findings can partly be explained in connection with the selected modeling. For this reason, the transferability of the results has to be assessed individually and critically for each case.

5 Summary, Implications, and Future Research

In the present paper a quantitative, multi-period procedure model was developed which makes it possible to prioritize available IT services. Then a decision logic for the heuristic solution of the selection problem was presented and the practical application was demonstrated by means of an illustrative case example.

The results of the application make clear that due to the common practice of assigning an entire process – with regard to both individual process actions and process capacity – to one supplier, potential for optimization as to the ITSP’s return/risk ratio may be forfeited. In the case example it could be proven that diversification can reduce the risk position in case of correlation coefficients < 1. Moreover, the case example shows that general procedures, which do not consider dependencies and possible diversification effects (and thus, implicitly assume correlation coefficients = 1), lead to a lower objective function value. Therefore, a misallocation of the constrained budget is usually to be expected. In addition, the degree of diversification decisively depends on the decision-maker’s risk aversion in the case analyzed. The risk-averse decision-maker tends to have fewer process actions supported by IT services and thus, potential cost savings and improvements in efficiency are not brought about. The decision-maker also diversifies more strongly between suppliers and thus minimizes the ITSP’s risk position. The exploitation of the available budgets tends to decrease as risk aversion increases. However, a closer examination of the ITSP’s risk position shows that the strongly risk-averse decision-maker achieves a much more favorable ratio of return and related risk than the risk-averse or risk-neutral decision-maker does. In practice, however, it is to be expected that the risk aversion captured by the Arrow-Pratt measure is not independent from the expected return. This is why alternative approaches (e.g., Jewitt 1989) could also be taken into consideration here. Also the portfolio optimization approach according to Markowitz (1952), which is the basis of the procedure model, is subject to further restrictions, which have been frequently discussed in literature (cf. Asundi and Kazman 2001; Kersten and Verhoef 2003; Verhoef 2002; Zimmermann et al. 2008). They comprise, e.g., the liquidity of the regarded IT investment objects (cf. Sect. 1), partially neglected transaction costs (cf. assumption A.4), or alternative (e.g., asymmetrical) risk measures (cf. Steinbach 2001). These restrictions provide numerous starting points for further research.

The collection of the input parameters also has to be considered critically (cf. Braunwarth and Heinrich 2008; Buhl and Heinrich 2008). In the present case example also a possibly opportunistic behavior on part of the departments and, thus, an intentional manipulation of the data basis was excluded for the sake of simplicity. Apart from the costs of implementation or integration, the expected demand, the incoming payment surplus in case of a successful execution or, respectively, additional outgoing payments in case of a non-availability of the IT service as well as the price have to be determined for each IT service. While these variables can be determined relatively easily, there are difficulties, above all, as to the determination of the expected present value and the standard deviation regarding the IT services’ probabilities of availability as well as the correlations between them. By means of sensitivity analyses with regard to the IT services’ expected demand, incoming payment surplus, and probability of availability as well as their correlations, it could be proven, however, that – in case of fluctuations within a range of approximately 5% – the fixed payments for investments for the implementation or integration of the IT services stabilize the determined result. Therefore, especially soft “transitions” between portfolios, in which a new supplier is considered in the ITSP only to a relatively small degree, occur only rarely in case of smaller deviations of the parameters (cf. Braunwarth and Heinrich 2008, pp. 107 f). However, in case of larger deviations within a range of 15% to 25%, the divergences from the result determined before become more apparent. In addition, the transferability of these findings, which are based on a single case example, to other companies is heavily dependent on the respective situation in a company and must therefore be discussed critically. Further studies should validate the results achieved in this paper by means of both further case studies and extensive simulations. However, the algorithm we used for the ITSP optimization requires rather extensive calculations. The recurring calculations, which are due to the application of the “Add” and “Subtract” algorithm as well as the so-called Knapsack problem (cf. Appendix 1), offer starting points to improve efficiency. The authors intend to develop more efficient algorithms and heuristics that are suitable for the quality of the available data and to evaluate them with regard to larger data sets.

Despite the requirements for further research discussed above, the present paper provides initial theoretical and practical fundamental insights: Apart from the theoretical analysis of the relationship between the decision-maker’s risk aversion and the resulting diversification effects in ITSPs, we presented a first approach to optimize a portfolio’s composition in case of dependencies between portfolio positions and suppliers, which – inter alia – can also be found in program portfolios, engineering activities, or SOAs as examined in this paper. In accordance with our reference to future research this approach is to be developed further.