1. Centre of Excellence concept
There are multiple definitions of what a CoE can be, for instance George (2010) refers to “a team, a shared facility or an entity that provides leadership, evangelization, best practices, research, support and/or training for a focus area. The focus area in this case might be a technology (e.g. Java), a business concept (e.g. BPM), a skill (e.g. negotiation) or a broad area of study (e.g. women’s health). A centre of excellence may also be aimed at revitalizing stalled initiatives.” Another view is the one that is referring to a network of institutions aiming for excellence in a specific area, the network may even co-locate and could be named centre of competence or capability (Khalil, Lefebvre and McSpadden Mason 2001).
For the purposes of this work, in the IT world the specific area will be a service, a tool or a specific platform e.g. SAP.
Brewster (2003) confirms the trend of the CoE creations in large corporations due to increasingly dispersed activities leading to lower level of control and need of major adjustments. CoEs provide both high competence and high use of that competence across the enterprise. They are gaining prominence and also get mandate to operate in their specific area. This concept also allows to work based on a network that may be geographically spread and work virtually.
There is an example of IT Security Centre of Excellence with Faculty of Computer Science from the University of New Brunswick (ISCX 2012) as they created in collaboration with the Atlantic Canada Opportunities Agency (ACOA) and Q1Labs Inc. this CoE. Their vision is:
“With the establishment of the ISCX, the Faculty of Computer Science at UNB has the opportunity to become recognized as one of the leading institutions in the area of information and communication security.
The ISCX provides a unique opportunity for the Faculty to:
• Increase its teaching and research expertise in this area;
• Fundamentally alter the educational experience of graduate and undergraduate students;
• Demonstrate a new model of cooperation between UNB, Government and the Private Sector; and,
• Contribute to the economic development of New Brunswick.
The resources provided by the ISCX will enable the Faculty of Computer Science to:
• Establish a formal research institute at UNB in the area of privacy, security and trust
• Introduce a new area of expertise in its graduate program; and,
• Develop a new undergraduate major in security.”
So this shows that a CoE could have multiple purposes as for this example it is all about “developing and supporting highly specialized educational programs and conduct research to create technological capabilities in the area of information and network security and to improve the competitiveness of New Brunswick’s Information and Communication Technology (ICT) sector.”.
From a commercial perspective, CSC (2009) delivers a model that comes closer to what is needed for such a complex and diverse company but it is in this case fully outsourced by offering services including strategy, planning, operations in areas like Risk Governance, Information Risk Management and Security operations. The downside of this solution is that they offer components and so security could still be seen as a tool or a set of components instead of as a service.
Another definition is that a Centre of Excellence brings together the best people, processes and technologies, driven by a business focus, to help increase speed to market and improve the quality of the products delivered. This helps businesses realise cost benefits through re-use of assets and methodologies and by eliminating redundancy. This definition relates back to what Brewster (2003) explained in terms of trends to provide both high competence and high use of that competence across the enterprise.
So the vision of the concept in this specific environment is to provide centralised governance of best practices on an enterprise level by eliminating redundancy, simplifying supplier interfaces and driving standardisation and automation.
To support the CoE concept, we rely on the agreed definition of delivery through a factory model i.e. a delivery model optimised to provide readily available skilled test resources with consistent application of standardised test methods, tools and measurements yielding predictable outputs resulting in economies of scope and scale. This model supports the CoE by retaining and building knowledge to achieve service’s main objectives i.e. to deliver faster, cheaper a better quality service.
This means that a Centre of Excellence is competence driven and focuses on supporting projects and operations through delivery of specific services to the enterprise. The readings are also demonstrating that the CoE has three main components:
• Change Management: people and organisation
• Service Delivery
And so the CoEs are mainly developed in companies who are spread geographically and also with more than 5,000 employees (Forester Research 2008). That research also delivers the main drivers of moving to a CoE driven model, globalisation, costs containment and specialisation. The following two graphs are showing what types of CoEs are being developed and the operational model (156 companies from the Forbes top 500 responded to that study).
2. Alternative Delivery Models
There are plenty delivery models, we can almost see that each company or service supplier has its own model. Nevertheless if we revert back to ITIL v3 (Office of Government Commerce 2001) all models should encompass the following processes:
• Service level management
• Capacity management
• IT service continuity management
• Availability management
• Financial management
This offers enough flexibility to be creative in terms of model. The literature shows that it can go from traditional in-house delivery to virtual cloud-based model.
Winkler (2011) explains that the delivery using a cloud-based solution (private, public, community or hybrid) allows the customer to avoid having to build and test all the components needed for developing the product or service as all that “scaffolding” is already in place. The other main advantage is about licence management as it is mainly a consumption based model. On the other hand it has also to be mentioned that Cloud has its down side in terms of security to maintain e.g. most confidential data or connection to specific parts of the infrastructure.
Dive (2008) confirms that new technological developments are in favour of a more centralised IT and that it swings away from IT shared services and so centralisation will bring more strategic focus and delivery through outsourcing and off-shoring.
Amiti and Wei (2004) describe what “outsourcing”, “offshoring” and “insourcing” mean in the international context for their IMF working paper. In the literature, for whatever reason, many other early uses of the terms “outsource” and “outsourcing” also tends to be related to the automobile industry, when we talk about IT, Mann (2004) makes the parallel of hardware and services outsourcing leading to a 10-30 percent decrease in costs. This can be achieved by outsourcing internationally and where the labour costs are lower but have a good balance costs vs. skills the most commonly used word for outsourcing is offshoring. Some companies are now also using right-shoring to communicate that they focus more on the skills and will deliver from wherever it fits best.
The word “insourcing” was once used to refer to the production of something inside a company which in IT means that the capability and capacity are built intra muros to fit the demand.
There are plenty of variances that are adopting the different opportunities depicted here above and are mixed to be as close as possible to the business needs.
AMITI, M. and WEI, S-J., 2004. IMF Working Paper – Research Department – Fear of Service Outsourcing: Is It Justified?. New York, USA: IMF.
BREWSTER, C., 2003. International Human Resource Management. USA: Non Basic Stock Line.
CSC, 2009. Security Centre of Excellence. Hanover, USA: CSC. Available from: http://assets1.csc.com/manufacturing/downloads/Security.pdf. [Accessed 21 July 2012].
DIVE, B., 2008. The Accountable Leader: Developing Effective Leadership Through Managerial Accountability. London, England: Kogan Page.
FORESTER RESEARCH, 2008. Current Practices for IT Centres of Excellence (CoEs). Cambridge, USA: Forester Research.
GEORGE, M. O., 2010. The lean six sigma guide to doing more with less. England: John Wiley and Sons.
ISCX, 2012. Information Security Centre of Excellence. Fredericton, Canada: ISCX. Available from: http://www.iscx.ca/aboutus. [Accessed 18 July 2012].
KHALIL, T. M., LEFEBVRE, L. A. and McSPADDEN MASON, R., 2001. Management of technology: the key to prosperity in the third millennium : selected papers from the ninth International Conference on Management of Technology. England: Emerald Group Publishing.
MANN, C. L., 2004. “Globalization of IT Services and White Collar Jobs: The Next Wave of Productivity Growth,” International Economics Policy Briefs 3–11. Washington, USA: Institute of International Economics.
Office of Government Commerce, 2001. Service Delivery. IT Infrastructure Library. UK: The Stationery Office.
WINKLER, V., 2011. Securing the Cloud: Cloud Computer Security Techniques and Tactics. 1st ed. Rockland, MA, USA: Syngress.