(ITS) Review - Vice-President and Provost

U of T Information Technology Services (ITS) Review
1. Introduction
a. Background
b. Vision
c. Assumptions
2. Findings: Description of ITS at U of T
a. Scope of investment in IT services and operations
b. Duplication and redundancy
c. Opportunities for cost-savings
d. Access to existing systems and services
e. Risks
f. Finding the balance between central and local service delivery
g. Current governance and management structures
h. Talent and innovation
3. Principles
a. Mission and Governance
b. Strategy
c. Leadership and Management
d. User-oriented Services
4. Organizational and Management Structure
a. Need for a central IT unit
b. Leadership – Creation of CIO position
c. Mandate of CIO
d. Process owners
e. Service oriented operation
5. Committee Structure
6. Summary of Recommendations
APPENDIX A: PDAD&C#46, 2006-07 - Information Technology Services Organizational
APPENDIX B: Terms of Reference
APPENDIX C: IT Services Self Study Questionnaire
APPENDIX D: Compilation of Self-Study Material
APPENDIX E: Executive Summary of the IT Survey
APPENDIX F: Report of the External Reviewers
ITS Review Report
October 2007
Page 2
1. Introduction
(a.) Background
In March 2007, the Office of the Vice-President and Provost undertook an administrative review
of University information technology services (ITS). The centrality of information technology
services to the University’s activities – educational, research, administrative – warrant a clear
articulation of the priorities and objectives of these services. At this juncture in the institution’s
history, information technology services are delivered both centrally, across a wide range of
portfolios, and also at the divisional and departmental level. This division of labour has arisen
incrementally, in a somewhat ad-hoc manner, resulting in a lack of clarity around the process for
governance, organization and accountability of these services.
A main focus of the ITS Review Committee1 was the extent to which the governance and
organization of ITS could be rationalized, in a way that best meets the needs of the users –
students, faculty and staff.
The following were the two core questions at the heart of the ITS Review (as articulated in the
terms of reference2):
1. What functions, today and looking to the future, are needed by students, faculty and
staff to interact, communicate, study, perform research, manage operations and
support services?
2. Based on these requirements, what kind of governance and organizational structure
is needed to ensure that these services are efficiently deployed and maintained at an
appropriate level of service?
Importantly, the goal of the ITS Review Committee was to provide recommendations for the
organization of IT services at the University of Toronto.
As part of the overall review process, academic and central administrative divisions participated
in a self-study exercise. The self-study questions are outlined in Appendix C. Appendix D is a
compilation of the responses submitted as part of this exercise.
In addition, an internal survey and focus groups on ITS at the University of Toronto were
undertaken in support of the work of the Committee. The main purposes of the survey were to
(1.) ask users what IT tools are now being used and if these tools are doing their job; and (2.)
find out which tools will be needed in the future.3 Following the completion of the survey, a
number of focus groups were conducted to dig deeper into the survey results. An executive
summary of the findings of the survey can be found in Appendix E.
The committee also commissioned an external review. Two reviewers, Professor Anthony Masi
[Provost (and formerly CIO), McGill University] and Ms. Annie Stunden [retired CIO,
University of Wisconsin (Madison)], visited the University on June 7 and 8, 2007. The
reviewers met with administrative systems staff, divisional IT leadership, senior library staff
See Appendix A for Committee Membership.
See Appendix B.
The process to develop the survey was undertaken in part by the Techknowfile.07 (TKF.07) Steering Committee
and AMS staff with support and advice from the Office of the Vice-President and Provost. The survey itself was
done in conjunction with TKF.07. A third party was contacted to develop an on-line survey.
ITS Review Report
October 2007
Page 3
(including the Chief Librarian), registrarial staff, student life staff, RCAT staff, as well as with
the Vice-President and Provost, and members of the ITS Review Committee. A copy of the
review report is included as Appendix F.
(b.) Vision
The Committee determined that it will be necessary to first articulate where we want to be in
regard to the delivery of these services before launching fully into the discussion and analysis of
what potential changes are required to the organization of ITS at the University of Toronto. To
this end, we propose that a clear vision statement for information technology services at the
University of Toronto be adopted. For example, the Committee suggests that a statement might
Information Technology Services will be developed and deployed so as (i) to enable the research
and teaching mission of the institution as a whole, and (ii) to support the academic and
intellectual goals of all individual and collective members of the University of Toronto
Final wording on such a statement is beyond the mandate of the Committee. This statement is
presented for illustrative purposes – the task of developing such a statement should be a priority
for the leadership of ITS at the University as the recommendations below are implemented.
(c.) Assumptions
The Committee also recognized that its work and its subsequent recommendations are rooted in
some core assumptions about information technology services at the University of Toronto.
The first, and most fundamental, assumption is that since the University’s core mission is
inherently information-based, the management of its information technology services must be
considered as part of, not just support to, the University’s core mission.
In order for information technology services to effectively advance the University’s mission, it is
necessary to have an appropriate balance between central and distributed services, together with
integrated management. We need to optimize delivery of ITS to improve the student experience,
support divergent local needs, facilitate data collection and analysis, and ensure overall support
of the mission of the University.
Our ITS structures, and our delivery of ITS, must be able to respond to the relentless pace of
change in the information technology world. It is essential that we have the ability to look ahead
and be able to adopt and implement new innovations in a timely, effective and efficient manner.
In addition to being a consumer of ITS, however, the University’s role as a producer and
purveyor of knowledge means that there is also a role for the institution in reflecting upon the
use of IT and its impact on society. The University and its divisions should be able to examine,
evaluate and implement new services and serve, where appropriate, as a model for other
institutions and organizations.
Finally, given the restrictions on the University’s budget, it is all the more important that any
spending on ITS be done in the most cost-effective manner. It is also important to recognize that
appropriate ITS investments have a tremendous impact on other parts of the institution. Silobased budgeting and decision-making can hinder recognition of this.
ITS Review Report
October 2007
Page 4
2. Findings: Description of ITS at U of T
a. Scope of investment in IT services and operations
ITS represent a significant part of the operations of the University. The University spent at least
$68 million in ITS-related salaries, hardware, software, and services in 2005-06.
Of this, about $24 million may be attributed to the central IT services, the balance being spent at
the divisional level. There are 509 ITS staff with ITS related job titles4 in central and divisional
departments. These estimates show that information technology services, in terms of the involvement in business processes, expenditures, and number of staff, represent a considerable and
essential aspect of University operations.
It is important to note that these figures as presented are almost certainly understated, since many
ITS expenses will not be coded as such, and ITS duties are performed by individuals who do not
have ITS-related job titles. Given the proportion of the University’s operating budget related to
ITS, and the fact that ITS functions are now an essential part of virtually all other business
functions, the governance, management and accountability for these services deserve close
attention. [For more details on the scope see Appendices C, D, and E.]
b. Duplication and redundancy
A broad array of IT services and supporting hardware and software applications exist at
divisional and departmental levels. Examples of the ITS diversity, complexity, breadth, and at
times, duplication, were illustrated in the responses to the Self-Study questionnaire. For example:
128 identified e-mail systems are provided across the departments. Policies, archiving
and recovery methods, delivery and uptime service levels are not consistently defined.
Departments, central and divisional, and application providers, provide help desk
services. Some are specific to their department or application, others provide general
support. Many services use Web-based, help-desk ticketing systems, but the systems are
not connected to other groups, and/or the applications are sourced from different vendors.
We are far from a one-stop point of contact.
c. Opportunities for cost savings
Web-site content management systems (such as IronPoint, Joomla, Plone, Contribute, the UTSC
Intranet) permit non-technical users to publish to the Web which is an exceptional efficiency.
There are, however, still dozens or hundreds of sites that are manually coded. Ideally, one or a
smaller number of implementations, could be made available to the community. Standards and
style guidelines need to flow across the university.
High-performance computer (HPC) arrays require power, space, and specialized operators. There
are dozens of clusters. Opportunity for cluster sharing, or grid computing configurations, could
be provided to support those not having access to HPC, and would reduce the energy and space
requirements of standalone clusters. The Committee understands that needs for research
computing are specific to individual areas and that these should be managed at the local level.
However, the impact of research computing on infrastructure is significant and these
infrastructure needs should be centrally coordinated.
According to the HRIS occupation code classification.
ITS Review Report
October 2007
Page 5
Thousands of servers are used for file and print services, security, storage, database, and Web
application hosting. Each requires space, power to run, cooling, patches, upgrades and ultimate
replacement. Industry estimates suggest that servers are utilized at 5-25% of their capacity.5
Servers require constant attention for data security and performance.
d. Access to existing systems and services
Video-conferencing and collaboration tools are available across the university, but not in a
formal, accessible, and interoperable manner for the community.
e. Risks
Best practices for security, business continuity and disaster recovery, system access controls, and
general IT operations and data management are not institutionally coordinated. Though best
practices are in place, they are not applied consistently across the university.
f. Finding the balance between central and local service delivery
Local service providers offer familiarity, customized support and proximity, aspects that are not
as easily demonstrable in a highly centralized environment. Knowing whom to call for assistance
or information, a major concern of the user community, is more readily accomplished when there
is a local resource to contact. These factors support the rationale for developing and maintaining
a local infrastructure.
Finding the appropriate mix of services to provide locally or obtain centrally is a common
concern. There may be reasons to manage what may be termed “common” or “commodity”
services in a very distributed environment, yet there are tremendous opportunities for improved
resource allocation by providing highly functional, commodity services from central providers.
The end result may be to increase the local resources directly available to the specialized needs
of a department as well as reinforcing the capabilities of common services by reducing the
g. Current governance and management structures
As IT service providers and their consumers work to set their plans and priorities, the
decentralized character of ITS governance at U of T has made it difficult to set standards and
directions. Currently there are a number of institutionally-focused IT groups, with their own
steering or advisory groups (e.g., AMS, CNS, RCAT and SIS), as well as IT committees at the
Faculty or departmental level. At the institution-wide level, two bodies, the Computing
Management Board (CMB) and the Academic Computing Advisory Committee (ACAC) provide
fora where discussion of IT issues and policies, as well as review of institutional projects take
place. As currently implemented it has been nearly impossible, within this governance structure,
to define or ensure alignment of ITS investments with institutional priorities. There is also, in
some cases, a lack of clarity around responsibilities and purposes of the various committees.
h. Talent and innovation
At the same time, it is clear that our individual IT services throughout the University are able to
meet very high standards. Our ITS have been at the forefront of many innovations through the
http://www.microsoft.com/presspass/features/2006/may06/05-22Virtualization.mspx ;
ITS Review Report
October 2007
Page 6
years. Ideally, some of these innovations could be further maximized through an increased level
of sharing and implementation across the institution.
There is no question that there are strong information technology services at U of T, and that in
general, as the External Reviewers have pointed out, “…the individuals who provide services are
dedicated, hard-working, and knowledgeable.” What the review committee is most concerned
with, given the findings, is how the University as a whole sets strategy and priorities for ITS.
3. Principles
In the same way that the Committee determined it was appropriate to outline the assumptions
about ITS at the University, the Committee also felt it was appropriate to establish the principles
that should be at the foundation of any reorganization. These principles are as follows.
(a.) Mission and Governance
Since the University’s core mission is inherently information-based and the management of ITS
is part of, not just support to, the University’s core mission, that mission must be advanced
through the highest level of IT services for students, faculty, and staff.
Importantly, as a consequence of its involvement in the academic mandate of the institution, the
strategic oversight and management of ITS must be accountable to the academic leadership of
the University, including Principals and Deans. This should be clearly reflected in the decisionmaking and accountability structures related to ITS.
Expert oversight of the design, development, deployment, and maintenance of ITS must be one
of the highest priorities of the University, in alignment with its academic mission.
U of T must collaborate and learn from our peer institutions (especially those with advanced
policies and practices) with regards to the provision of IT services—finding economies of scale,
collaboratively developing solutions, embracing shared standards of interchange and
interoperability, etc., as appropriate. System selection or development specifications need to
consider a number of factors, including satisfying the functional and informational needs of the
(often varied) users of the system.
The University is not alone in the quest to develop an optimal ITS organization. Other large
complex research universities have faced similar issues. The challenge for ITS management at U
of T is to learn from and build on these other institutions’ experiences while recognizing and
responding appropriately to the unique circumstances of our own institution.
The complexity of our institution also means that there is existing breadth and depth of ITS
expertise within our multiple constituencies. Rather than ‘reinvent the wheel’, the University
must recruit and build on the insights, strategies, and advice of relevant academic and
administrative divisions. The distribution of ITS across campuses must be integrated through
effective communication and strategic planning among relevant Divisions, involving academic,
ITS, and administrative leadership, as appropriate, so as to optimize cost effectiveness and
encourage the development of innovative applications. In addition, it will be important to
consider the repositioning of existing ITS-related committees at the University.
ITS Review Report
October 2007
Page 7
Finally, the organization of ITS on the campuses must have appropriate mechanisms in place to
ensure that academic priorities, as well as sensitivities to the student experience, are at the
forefront of ITS-related decision-making.
(c.) Leadership and Management
Management of ITS must exemplify the highest level of business function, including decisionmaking based on a strategy, ongoing analysis of risk and assessment of return on investment.
Opportunity and risk assessment must be both academic and financial, and include the risk of not
having supportive, progressive ITS. There is no question that ITS expenditures must be
reasonably constrained, consistent with the University budget. Cost-effective, reasonable and
efficient solutions to current ITS challenges must be sought, including creation of
interoperability among existing systems. It is also apparent that ITS solutions can help the
University in addressing its challenges – investments in ITS could have significant impact on
productivity and efficiency in other areas. Importantly, cost analysis must reach across
administrative and budgetary silos.
In making decisions about ITS investments, it will be necessary to consider the full costs of new
systems. This should be done with a view to the long-term horizon from the institutional
perspective and involve an assessment of the full life-cycle costs. Impact on faculty and staff
work processes, training requirements, space and operating costs should be among the many
factors considered when making decisions about ITS. Processes for maintaining services, as
well as the mechanism to do the analysis on the services, must be in place.
In terms of resources in support of ITS, administrative- and education-related ITS should
normally be funded from resources of the University. On the other hand, most large-scale,
research project-specific ITS will need to be funded primarily by sources outside of the
University’s operating budget (e.g., granting councils, other government sources, private
sources). In some cases, however, it may, be prudent for the University to direct resources to the
development and innovation of ITS provided that these lead to ultimately deployable systems.
The University should also consider developing a long-term budget plan for the capital and onetime-only costs required for regular renewal of ITS infrastructure. Estimation of such an
annualized cost will facilitate budget planning at the divisional level.
Standards of systematization, interoperability, and exchange should ideally be based on (open, as
far as possible) standards of interchange, rather than on specific systems or suppliers to ensure
the greatest possible flexibility, maximize options and minimize cost.
Subject to academic oversight, ITS management must deal skillfully and effectively with the
complex challenges raised by confluence of five competing factors: (i) dealing appropriately
with the particularities and complexities of local circumstances, such as security and
convenience; (ii) the cost (especially taking into account the long-term) of home-grown systems;
(iii) the overall risks and expense associated with different provider sources; and (iv) the large
development gap between traditional academic research and the requirements of operational
services, and (v) consideration of the risks and benefits or purchased/licensed systems or
ITS Review Report
October 2007
Page 8
(d) User-oriented Services
ITS should be developed and delivered with a focus on the end user, rather than the personnel or
organization supporting them, and on the services provided, not on the systems used to
implement those services. Prolonged investment of resources into applications shifts focus away
from those using the application to the applications themselves. This negatively affects the
alignment of ITS to the organization’s purpose as applications take on a life of their own.
Our objective is to make the person the focus that applications, and their providers, address. This
supports the overall objective of providing information and services to people where, when, and
in the appropriate form, that best meets their needs. ITS organization needs to be structured so
that flexibility is maintained to allow for a wide range of tiered service level agreements, so local
needs can be adequately and efficiently met.
4. Organizational and Management Structure
The Committee received considerable feedback on diverse issues and concerns regarding ITS.
The institution faces many issues, from review of the number of email services provided to
decisions about upgrade paths for major systems like AMS. The University must also ensure
that it has robust processes in place to meet requirements with respect to privacy, security and
business continuity. It was not the Committee’s role to solve these or the many other issues
related to ITS that we face – although members of the Committee and community clearly have
views on these matters. Rather, our role was to recommend management and organizational
structures that would allow for these types of issues to be fully assessed using principles such as
those outlined above, for recommendations to be formulated based on those assessments, and for
clear pathways for decision-making regarding those recommendations and implementation of the
selected actions.
What follows is a description of the elements of a management and organizational structure that
the Committee believes would respond to the unique reality of ITS at the University of Toronto.
a. Need for a central ITS unit
There was early consensus that there is a need for a central group mandated to make assessments
and recommendations regarding institutional ITS. The central group should have clear authority
with respect to core ITS that are delivered at the institutional level (i.e., ROSI, AMS and CNS).
The group should also be charged with the development of standards that would establish the
institutional framework within which divisional ITS works. The process by which decisions
regarding institutional services are reached and standards that govern divisional services are set
has to be open and transparent and clearly engage all divisions and the academic leadership of
the University. However, a central group is necessary to drive and coordinate both activities.
ITS Review Report
October 2007
Page 9
b. Leadership - Creation of a ‘CIO’ position
It is also clear that this central group must have a leader. In most environments this individual
would hold the title of Chief Information Officer (CIO).6 There are some individuals who hold
the view that such a title is not appropriate for our environment. The Committee observes that
much has evolved in the realm of ITS since we last had an individual hold the title of CIO at this
institution. In the current context the Committee is of the view that this is the appropriate title
for the leader of ITS at the University. This leader should hold a senior rank, at a minimum the
equivalent to that of an Assistant Vice-President, although not necessarily with that title. The
individual should have direct access as necessary to the President and senior leadership of the
University, including taking part in the PVP (President and Vice-Presidents) table so that the
perspective of ITS can be applied to all issues considered by the institution. Participation as a
member of PVP is seen as critical to the Committee in ensuring that ITS issues and perspectives
are considered in all planning and decision-making for the University.
The Committee deliberated whether the position of CIO should include management of
technology services. At some institutions the CIO position has been separated from that of a
Chief Technology Officer. There is some evidence that this model does not necessarily enable
the recruitment of the best individuals for either position. An effective CIO, in order to deliver
on the expectations outlined below, will need the resources to develop strategy proposals for
consideration by University leadership, and the ability to effect the changes required across the
central services. In the Committee’s view having oversight and accountability for those services
is necessary.
The Committee considered the appropriate reporting pathway for the CIO. One option is for the
CIO to report directly to the President. This has the advantage of sending a clear message that
ITS is one of the core pillars of the institution. Given the many internal and external
responsibilities of the President, while there may be a status advantage, the area may actually get
less attention than it requires. Another option is for the CIO to report to the Vice-President and
Provost. The advantage of this reporting relationship is that it would send a clear signal that ITS
undergirds our scholarly and teaching mission (similar to the logic of having budgetary
responsibility rest with the Vice-President and Provost).
Other possible titles include, but are not limited to: Assistant Vice President, Computing and Information Systems; Assistant Vice President; Computer Services and Information Systems; Assistant Vice President and Chief
Information Officer; Assistant Vice President, Information Services and Resources; Assistant Vice President, Information Technology Services; Assistant Vice President Information Technology Services; Assistant Vice President,
Information Services and Technology; Assistant Vice President, Planning and Information Services; Chief Information & Planning Officer; Vice-Provost, Information Technology Services; Associate Provost and Director of University Technology Services; Associate Provost, Computing and Information Resources; Associate Provost, Information and Technology Services
ITS Review Report
October 2007
Page 10
The Committee also discussed whether it was necessary for the CIO to hold an academic
appointment. Some members felt that this was necessary in order (1.) to assure faculty members
that the CIO fully understood their particular needs, and (2.) to enable maximum responsiveness
and new ideas (due to the term nature of academic administrative appointments). Others hold the
view that the CIO should be a senior Professional/Managerial staff member who will be able to
provide continuity in leadership. On the whole the Committee felt that what was most important
was that the ‘right person’ was chosen, rather than setting an absolute requirement for the
specific academic qualifications. Importantly, the CIO should come into the position with an
understanding that s/he will play a critical role in enabling the University to realize its strategic
goals and objectives and that s/he will be a participant in the senior decision-making bodies.
c. Mandate of CIO
The Committee recommends that the mandate of the CIO includes the responsibility for:
Strategy and planning for ITS across the University
o Vision
o Planning and priority setting process
o Capital planning and budget for ITS
Policy and standards development and implementation
Leadership and management of Central ITS (currently SIS, AMS, CNS)
o Planning, design, development, implementation, operations and maintenance of
applications used across the university
Coordination of ITS among major providers, e.g. Library, Divisional services, and
facilitation of information exhange
Coordination of the expertise of ITS personnel across the institution
d. Process owners
The Committee also noted that each of the major systems should have a clearly designated
process ‘owner’ at a VP or AVP level, for example, the Vice-President, Human Resources and
Equity is the owner for HRIS. The process ‘owner’ should be able to clearly identify priorities
for their service and work with the CIO in ensuring that the services are delivered in an
appropriate manner. The system owner is accountable for ensuring that the system is designed
to serve the needs of all of the users.
In addition, every management table should have ITS as a standing issue. For example, the
Human Resources Management Board (HRMB), should discuss ITS issues related to HRIS. It is
essential that attention to ITS be woven through all of the institutions management structures.
Recommendations for priorities for development of particular services should come forward with
support from the group that provides advice on that entire management area.
ITS Review Report
October 2007
Page 11
e. Service oriented operation
Over time, the organization of central ITS should shift from being systems-oriented to serviceoriented, e.g., a development group, a technical operations group, a help centre. This should
enable improvements in quality and efficiency of services. Any changes of this nature would
need to be carefully considered through the appropriate consultative processes.
5. Committee Structure
The Committee observes that the University has a history of different types of committees for
decision processes on IT. While these structures have worked at times in recent years they have
not been seen as fully functional. As the reorganization of services is completed a review of the
membership and terms of reference for these various committees will be necessary.
Given the management and organizational structure as described in the previous section, a senior
level committee that engages the major portfolios and divisional ITS will be required. This
committee, necessarily chaired by the CIO, would be responsible for reviewing strategy and
plans for ITS and recommending major IT investments through the budget processes that are
being developed at the University. Significant IT decisions (e.g., major central system upgrades)
would be considered by P&D and PVP based on recommendations from this level of committee.
The senior committee should establish appropriate sub-committees to advise on specific services.
These sub-committees, chaired by the CIO, should be user oriented and functionally based,
rather than established around specific services. The committees should appropriately engage
the academic divisions which are ultimately responsible for delivery of the University’s
Importantly, as ITS are integral to the academic mission of the University, the CIO should work
closely with both Principals and Deans (P&D) and Principals, Deans, Academic Directors, and
Chairs (PDAD&C) to ensure that the ITS vision, strategy, priorities, and implementation meet
the requirement of and mesh appropriately with the academic priorities of the divisions.
6. Summary of Recommendations
1. Establish a central group that has authority and the ability to make assessments and
recommendations regarding institutional ITS, and that has clear authority with respect to
core ITS that are delivered at the institutional level (i.e., SIS, AMS and CNS).
2. The central group should be led by a Chief Information Officer (CIO) who holds a senior
rank (minimum of equivalent to Assistant Vice-President), reporting either to the
President or to the Vice-President and Provost.
3. Create a senior level ITS committee, chaired by the CIO, with a mandate to:
a. Review strategy and plans for ITS;
b. Recommend major IT investments; and
c. Establish appropriate sub-committees as necessary.
ITS Review Report
October 2007
Page 12