IT portfolio management is the practice of managing an organization's technology investments as a single set of assets to be funded, held, or retired, rather than as a queue of projects to be approved. It covers three portfolios at once: the projects IT is delivering, the applications IT already runs, and the infrastructure and services underneath them. Project portfolio management answers which work to fund next. IT portfolio management also answers what you already own, what it costs to keep, and what should be switched off.
That second question is where the money is. Most IT organizations run a careful intake and prioritization process for new projects, which typically govern a minority of the IT budget, while the majority disappears into keeping existing systems alive with no comparable scrutiny. An application nobody has evaluated in six years does not show up in a stage gate. It shows up as a renewal invoice, and it gets paid.
Key takeaways
- IT portfolio management covers three portfolios: projects, applications, and infrastructure or services. Managing only the first is the common failure.
- Gartner's TIME model sorts applications into Tolerate, Invest, Migrate, and Eliminate by scoring business value against technical fit.
- Run, grow, transform categorizes IT spend by intent, so you can see how much of the budget is buying change rather than survival.
- IT PPM is project portfolio management applied to IT work. It is a subset of IT portfolio management, not a synonym for it.
- You cannot manage what you have not inventoried. The application inventory with owners and costs attached is the first deliverable, every time.
What is IT portfolio management?
IT portfolio management is the disciplined evaluation of technology investments as a portfolio, where each asset earns its continued funding on the basis of business value, cost, and risk. It borrows the logic of financial portfolio management: you hold a mix of assets, you rebalance deliberately, and you sell the ones that no longer justify their carrying cost. The unit of analysis is the asset, not the initiative.
The discipline exists because IT spend is structurally hard to see. A project has a sponsor, a business case, and a gate. An application has a renewal date and an owner who left two years ago. The result is an organization that debates a $400,000 project for six weeks and auto-renews $2 million of software licenses in an afternoon, because one decision has a process attached and the other has a calendar reminder.
The three portfolios inside IT
| Portfolio | What it contains | The core question | Usual owner |
|---|---|---|---|
| Project portfolio (IT PPM) | Programs, projects, and change initiatives | Which work should we fund next, and can we staff it? | IT PMO |
| Application portfolio (APM) | Every application, bought or built | What do we keep, replace, consolidate, or retire? | Enterprise architecture |
| Infrastructure and service portfolio | Platforms, cloud, networks, managed services | What does it cost to run, and what is it exposing us to? | IT operations |
These three are usually governed by different people who meet in different forums and rarely reconcile. That is the whole problem. A project that delivers a new application quietly adds a permanent line to the run budget, and nobody nets it against the retirement of what it replaced, mostly because the retirement never happened. Mature IT portfolio management closes that loop by requiring every project business case to name what it will decommission.
What is IT PPM?
IT PPM, or IT project portfolio management, is the application of project portfolio management to technology work: intake, prioritization, funding, capacity, and benefits, for IT projects specifically. It is one of the three portfolios above, not the whole discipline. When a vendor sells an "IT PPM tool" they generally mean software for scoring, sequencing, and resourcing the project portfolio, and it will usually have very little to say about your application estate.
Everything the wider discipline teaches applies here without modification. IT projects need a real intake process, a defensible scoring model, and a stage gate that is willing to kill things. The one difference worth naming is that IT projects create durable operating cost in a way that most business projects do not, so an IT scoring model that ignores total cost of ownership will systematically favor the wrong work.
What is the Gartner TIME model?
The TIME model is Gartner's framework for application portfolio management. Each application is scored on two axes, business value and technical fit, and lands in one of four dispositions: Tolerate, Invest, Migrate, or Eliminate. It is a rationalization tool. Its output is a decision about every application you own, which is precisely the decision most organizations avoid making.
| Disposition | Business value | Technical fit | What you do |
|---|---|---|---|
| Tolerate | Low | High | Leave it alone. It works and it is cheap. Spend nothing on it. |
| Invest | High | High | Fund it. This is where new capability should land. |
| Migrate | High | Low | The business needs it, the technology is wrong. Replace or re-platform. |
| Eliminate | Low | Low | Retire it. Expect to find it still has three users who matter. |
Two practical warnings. First, "technical fit" is not the same as "old." Plenty of stable, well-understood, boring systems score high on fit and should be tolerated for another decade rather than modernized because somebody found the language distasteful. Second, Eliminate is the quadrant that gets populated enthusiastically and executed almost never, because retiring an application is unglamorous work with a real cost and no launch event. If your last three portfolio reviews produced no retirements, the model is being used as a diagram rather than a decision.
What does run, grow, transform mean?
Run, grow, transform is Gartner's categorization of IT spend by intent. Run is what keeps the lights on. Grow is what extends existing capability to serve more business. Transform is what creates capability the organization does not have. Sorting every dollar into one of the three lets a CIO answer the only budget question executives actually care about: how much of this is buying change, and how much is buying survival?
Resist the urge to adopt someone else's target ratio. Benchmarks circulate freely and mean little, because the right split depends on the industry, the age of the estate, and whether the organization is defending a position or building one. The useful exercise is to measure your own split honestly for two consecutive years and watch the direction of travel. A run percentage that grows every year, with no corresponding retirement, is the arithmetic of an estate slowly eating its own budget.
Getting an honest run number is harder than it sounds, because run cost hides in places the portfolio never looks. It is not just the license line. It is the support contract, the infrastructure the application sits on, the integrations that break when it changes, and the steady drip of vendor invoices that arrive monthly and get approved on reflex. Organizations that pull those invoices into an automated accounts payable workflow tend to get a clean picture of run cost per vendor for the first time, which is usually the moment somebody notices what is being renewed.
IT portfolio management vs project portfolio management
| Dimension | Project portfolio management | IT portfolio management |
|---|---|---|
| Unit of analysis | The project or program | The asset: project, application, or service |
| Core question | Which work do we fund next? | What do we own, what does it cost, what should be retired? |
| Time horizon | The initiative lifecycle | The asset lifecycle, often a decade |
| Typical owner | The PMO | The CIO, supported by enterprise architecture and the IT PMO |
| Where it fails | Prioritizing against strategy | Executing retirements it has already agreed to |
The relationship is containment, not rivalry. IT PPM is the project portfolio inside IT portfolio management. A CIO who has one without the other is either funding change with no view of the estate it lands in, or holding a beautiful application inventory that nobody consults when the funding decisions get made.
IT portfolio management frameworks
Four frameworks come up repeatedly, and they answer different questions. Use them together rather than choosing between them.
- TIME (Gartner). Application rationalization. Answers what to do with each application you own.
- Run, grow, transform (Gartner). Spend categorization. Answers how much of the budget is buying change.
- Val IT (ISACA). Value governance for IT investments, aligned to COBIT. Answers whether the organization is getting value from what it funds, and who is accountable for saying so.
- Technology Business Management (TBM Council). A cost taxonomy that maps IT spend to services and then to business consumption. Answers what a business capability actually costs to run.
Frameworks are not the hard part. The hard part is the inventory underneath them, because every one of these requires a complete list of applications with an owner, an annual cost, and a business capability attached. Organizations routinely spend a year selecting a framework and then discover they cannot populate it. Build the inventory first. Two hundred rows in a spreadsheet with real cost data beats a perfectly chosen framework applied to guesses.
How to start IT portfolio management
- Inventory the applications. Name, owner, annual cost, business capability, user count. Pull cost from accounts payable and the general ledger rather than from memory, because memory understates it every time.
- Score them on value and fit. Two axes, a simple scale, scored by business owners and architects separately. Where the two disagree sharply, you have found something worth discussing.
- Place each one in TIME. Then, crucially, name a person and a date for every Eliminate.
- Tag every dollar run, grow, or transform. Report the split to the executive committee. Do not editorialize the first year, just show it.
- Connect it to intake. No project business case gets approved without naming what it decommissions and what it adds to run cost. This single rule does more than any framework.
- Review on a cadence. Applications get reviewed annually, projects at each portfolio review. Track retirements completed as a headline metric, not applications assessed.
Measure the discipline by what it removes. Assessment is easy and free and produces slide decks. The metric that separates real IT portfolio management from the appearance of it is the number of applications actually switched off in the last twelve months, and the run cost that left the budget with them. Everything else, including the standard portfolio metrics, tells you about the project portfolio while the estate keeps growing underneath it.
Frequently asked questions
What is the difference between IT portfolio management and application portfolio management?
Application portfolio management covers only the applications you own: what they cost, what value they deliver, and whether to keep them. IT portfolio management is the parent discipline that also covers the project portfolio and the infrastructure and service portfolio. APM is the piece most organizations are missing, which is why the two terms are often used as if they were the same thing.
Who owns IT portfolio management?
The CIO owns it. In practice the work is split: the IT PMO runs the project portfolio, enterprise architecture runs the application portfolio, and IT operations runs the service portfolio. Someone has to reconcile the three, and when nobody does, projects keep adding run cost that no forum ever nets off. That reconciliation is the CIO's job and it cannot be delegated to a tool.
What tools are used for IT portfolio management?
Three categories, and they rarely overlap well. PPM platforms handle the project portfolio: intake, scoring, capacity, and status. Enterprise architecture tools handle the application portfolio and TIME scoring. Financial management or TBM tools handle cost allocation. Many organizations start in a spreadsheet and are right to, because selecting a tool before you have an inventory is an expensive way to postpone the real work. Our comparison of PPM software covers the first category.
What is IT portfolio management maturity?
Maturity progresses roughly like this: no inventory, then an inventory nobody uses, then scoring and dispositions agreed but not executed, then retirements actually completed, then intake connected so new spend nets against retired spend. Most organizations sit at stage three for years. The same shape shows up in the PMO maturity model, and for the same reason: the assessment is the easy half.
Is IT portfolio management the same as ITIL service portfolio management?
No. ITIL's service portfolio management is a process within IT service management that governs the services IT offers to the business, including a pipeline of proposed services and a catalog of live ones. It is one input to IT portfolio management, which is broader, includes projects and applications, and is framed around investment decisions rather than service delivery.