Category Archives: Chief Interesting Officer

Thought leadership targetted at IT stakeholders

Unleash the analyst in you

Flying in to do strategy
Flying in to do strategy

I have recently made a big change in my life, leaving a CIO role to join a top notch consulting firm. My business card calls me a Strategic Analyst, I get half the pay and have twice the fun. So how different are the jobs of an analysts and a CIO?

I have come up with 4 areas that highlight the similarity:

  1. The CIO as a strategist – The heart of any strategy is analysing current state, developing a vision of a future state and working out what is needed to get from one to the other. The future state is developed with the help of research, providing insight into trends in customer, marketplace, regulations and technology.The output from this enterprise analysis work may be a strategy and roadmap or a business case, all of which need to be bread and butter for a CIO
  2. The CIO as a builder – Much of the executive focus goes into the projects that IT are working on. While these typically represent only 30% of IT expenditure, projects are exciting and presage business change. While many see the skills of project managers and business analysts as the key to success, the CIO should be thinking at the program level. A well designed program focuses on how to integrate many initiatives to deliver an outcome that furthers the business strategy.Pulling good programs together needs enterprise analysis. CIOs need to be thinking about how all the moving parts of projects, programs and BAU knit together to deliver an outcome. The more components that are in motion, the greater the risk and the more strategic the analysis needs to be.
  3. The CIO as an operator. IT systems are not much use if they are not working! CIO careers can easily come unstuck when outages and security breaches cause embarrassment to the businesses.
    To operate IT systems well, the analysis effort needs to go into the IT processes up front. With a good service management framework in place, the CIO needs to ensure that operations are adequately resourced with skilled people committed to outcomes
  4. The CIO as a leader. One key skill for CIOs is as a leader of their team and as a networker / leader of stakeholders. Leadership is open to analysis. There are management techniques that are known to succeed and some CIOs develop a formal relationship architecture.In the end, relationships are about people and your personality type has a big impact here. You don’t have to be extrovert to be a CIO, but you do need empathy and excellent communication skills.

For me, CIO as an operator was my Achilles heel. I could never see how fixing the CIO’s phone was more important than keeping a mine site running or ensuring the intensive care ward was operating. I can now focus on what I am really good at – enterprise analysis, strategic thinking, business case development and program formulation.

So how many of the areas above does your CIO tick off?

Gregory House for CIO?

The right approach?
The right approach?

Being in a household full of teenage kids, it is hard to find TV programs that everyone wants to watch. One series that we all agree is intriguing and entertaining is House – the story of a brilliant doctor saving his patient’s lives through his intellect. Along the way he struggles with drug addiction, dysfunctional personal relationships and, most intriguingly, managing a high performing team.

I see all sorts of similarities between this evidently contrived medical environment and my experiences as CIO trying to get the best out of my team for their own sakes and to deliver to the organization.

So how does Dr House stack up against my principles of what makes a good leader and especially a good CIO?

  1. Integrity. For me this trait stands above all others in importance (as it does for any executive). On the face of it, House lacks integrity – he lies consistently, is always taking money off Wilson and almost always avoids answering questions. Behind this somewhat dispiriting façade, you know that House holds certain values with incredibly high integrity. He puts his patients first in front of his career or image. He is open and honest about the life that he leads, even if it doesn’t fit society’s norms; and he bases his decisions on fact and not prejudice.
  2. Strategic thinking – CIOs need strategic bones in their bodies (see The Reluctant CIO!) and this takes a certain thought process. They have to be comfortable “in the fug”, not having the full picture but still being confident enough to move in one direction. This is House’s life: a patient presents with lots of data, but insufficient information to diagnose. He has to weigh up the risks of each test or treatment against the risk of inaction (usually the patient will die). He never just sits and holds his head; he always picks a path and follows it.
  3. Domain expertise – This is a tricky area for CIOs; they need domain expertise but it needs to be in the right area. They should not be experts in configuring routers or writing code. They do need to be great at managing risk, optimizing architecture, process management and governance functions. House is the ultimate domain expert in managing risk. He doesn’t know the diagnosis any more than his team (until the last 5 minutes), but he can weigh up the risks of various options and tells the team to “Go!”
  4. Communications – A core requirement of a CIO is to communicate the opportunities, challenges, risks and achievements of information technology. In this area you would have to say that House fails dismally, at least at face value. He interacts rudely with his patients (he would rather not talk to them) and prefers to hang out in the morgue or with coma guy. To counteract this perspective, we know that House is the best asset of the hospital, so somehow the word has got out. Maybe he really does know how to communicate – just in unconventional ways.
  5. Relationship building – I have always thought that the relationship web that a CIO weaves is his or her biggest asset. The CIO must work up, down and across developing trust and enthusiasm. House has a strange set of relationships with Cuddy (up), his team (down) and Wilson (across). The recurring challenge with his team is to let them make their own decisions (and mistakes) but not let them kill the patient (which sometimes happens). This is like any CIO challenge – let the Operations Manager manage operations, but know when you have to step in to save a disaster.

So how would you like to be in Houses’ team? A mixed blessing I think!

To interim or not to interim?

Ankor Wat temple
Built to last
There is an approach that is gaining popularity in Australian organizations called “Executive Transition”. This is where the departure of an executive leads the organization to take stock of where it is, where it wants to go and what kind of executive it needs to get there. They might bring in an interim specialist manager who can immerse themselves in the organization, reviewing existing strategies and updating them to reflect contemporary thinking. The interim can then paint a picture of what the replacement executive should look like and assist with recruitment and ongoing support once appointed.

So how well would this approach apply to replacing a CIO?

There are some real positives for the organization:

  1. Many executives have real frustration over the performance of IT in their organization. Complaints are often met with the mantra that IT does not have enough resources, yet they see money being wasted on ineffective IT projects and high third party costs. Getting a reliable and reasoned perspective from an experienced interim CIO is very valuable
  2. There are basic practices in IT that are widely accepted as fundamental to an organization realizing value from technology. These include a business case approach, project management, IT governance, enterprise architecture and service management. An interim can assess the performance in these areas and in a short timeframe restore broken processes.
  3. Different organizations needs different CIOs. In some cases, the CIO is there to keep the infrastructure running – particularly when a business feels that there is little threat from IT enabled market pressures. Where IT is a key part of a transformation agenda, a strategic CIO is needed to ensure that the broader opportunities from IT are leveraged.

Of course there are also down sides to this approach:

  1. Developing an IT strategy involves stakeholders from throughout the organization. To be effective, the stakeholders have to hold a degree of trust in those implementing it. If the replacement CIO does not feel that they own the strategy, the strategy can become a hinderance rather than an enabler.
  2. A critical part of any IT turn around is the IT team. To perform consistently at a high level, the IT department must have the right people with the right motivations, meaning a career structure and associated accountabilities. An interim only has so much influence here as this is the critical work of the permanent CIO.
  3. The time that an interim is in place may seem like treading water. The interim must balance the need to take long term decisions against the reality that they will not be in place to implement them.

I have held roles as interim CIO and as permanent CIO. I believe there is an underutilization of executive transition in Australia. As an interim CIO I can bring a range of experience and knowledge that you would not normally find in the market. Developing strategies, creating relationships with stakeholders and engendering turn-arounds are all high on the list for my “high satisfaction” days.

Do you think your organization could do with an executive transition program for IT?

Innovate in the Cloud

inspiration from the clouds
inspiration from the clouds

One of the hallmarks of the digital world is the ability to innovate. People can convert a good idea into a saleable product with much less investment than 10 years ago. There are all sorts of digital tools being made available in the cloud either for free, or very inexpensively, in every area from knitting to customer relationship management.

Our new generation of digitally enabled workers, see the opportunities from these tools and want to apply them in the business context. Individuals with a passion to improve the quality and quantity of their work will put in the extra discretionary effort to utilize cloud solutions in the workplace. Unfortunately if they ask the IT Department how they can do this, the answer is often “NO!”

In my CIO roles, I was constantly challenged with finding ways to enable these digital evangelists to innovate. Unfortunately we really did not understand the information that might be shared using these tools. It could be as benign as a list of building defects, or as sensitive as the plans for a military base. There are real risks from putting unknown information in the cloud with minimal opportunities for contractual redress if it is shared or stolen.

So how can an IT Department enable cloud innovation and manage the risks? I have a few suggestions:

1. Categorize information. Make sure that the organization has a single categorization of sensitivity (e.g. unclassified, restricted, confidential, and secret). The ideal way to implement this is through an enterprise content management system, but make sure you get an intuitive system that your Grandmother would be comfortable with.

2. Educate the managers. Most managers deal with business risks on a day to day basis. If they are informed of the risks inherent with the cloud, they should be able to balance that against business value, and assume accountability. This is not about frightening managers with worst case scenarios but about realistically assessing and documenting the risk in the enterprise risk framework.

3. Simple business cases. Staff who want to trial cloud based solutions should be encouraged to document the outcomes that they hope to achieve. They should undertake a post implementation review and evaluate whether solution should be maintained, scaled up or discontinued.

The paradigm required to successfully innovate in the cloud is a co-operative relationship between stakeholders. Businesses are using technology to evolve outside the purview of IT, and this isn’t going to stop. There will always be information and systems that require the robust processes of an IT Department. Where this overhead is not justified, the business should be given every opportunity to hop on the digital bus through easily accessible cloud solutions.

Does anyone out there think they have control over innovation in the cloud?

Awesome Bill

Bill Gates on Q & A
go Bill

I watched with great fascination the visit of Bill Gates to Australia this week. His session on Q&A was excellent with great questions from a diverse audience. He was also good at the Press Club lunch, although the questions from the press were decidedly average (proving that no journalist can go a lunch and desist from drinking a full bottle of wine).

Bill was spot on the money with his message – that properly targeted resources can make a real difference to the tough problems in the world. He showed us the outcomes, highlighting the reduction in infant mortality as a key indicator of success. He also highlighted the influence that the Bill and Melinda Gates foundation has had in driving towards that success.

This set me to thinking why a “software geek” should be so effective when countless billions of aid money from other sources has done less. I think there are a few imperatives that he has learned as a CEO of Microsoft that stand him in good stead for the task:

1. Outcome driven. There was very clear purpose in the work that Bill presented. The purpose could be expressed simply (eradicate Polio) and no matter how complex the issues, all initiatives could be measured against this target.

2. Information Technology. Bill knows that IT is really about the information and not the technology. You have to gather good information, work out what the problem / opportunity is, postulate a solution, implement and measure, react to the outcomes with new programs or improvements to existing programs. Technology allows you to do this at scale, but information and analysis point you in the right direction.

3. Governance. Bill understands how powerful a force governance is. As the world’s richest man, he must be tempted to decide unilaterally, but evidently that is not his style. His position on GM foods was telling – don’t stop the science, but put in place governance structures for countries to decide whether the risk outweighs the benefit.

I contrast this with my experience as CIO for the International Red Cross. I was besieged by donors wanting to put technology in the hands of the poor. The purpose was to provide wings so the poor could fly! I would emphasise that technology costs resources to operate and unless the value proposition is clear it withers (as happened to innumerable high tech aid projects). Where resources are needed is in the systems and data that can be used to improve livelihoods.

Well done Bill for squeezing $80M from Julia for his cause celeb, and well done for inspiring us to keep trying to make the world a better place. I have just one request – please don’t die before you eradicate polio!

How much should we spend on IT?

Budget evolution
Budget evolution

Times are tough, as everyone playing in the consulting game would know. The March quarter Westpac pulse survey shows business is generally getting more optimistic, but this has not translated into increased sales and revenue. Organizations have streamlined and cut back on costs over the last 3 years and the IT department has participated generously in this (with another 10% cut in overall expenditure last year).

Is it still reasonable for executives to ask whether there are further cost savings available? The answer is of course yes and no. To illustrate I have taken a graph published by MIT’s CISR – a fantastic resource for IT research. The graph represents the IT spend graphed against technology maturity. In this case they measure maturity in the effectiveness of an enterprise architecture.

The baseline is 100% for an IT Department in an immature organization. This is typified by different services being offered to different parts of the business and dispersed infrastructure. If you are in this position you are definitely spending too much on IT.

A solid effort on standardizing hardware and software, consolidating infrastructure and improving procurement will deliver a 15% saving. The next 10% comes from standardizing and simplifying business processes onto core enterprise systems.

The surprising outcome is where businesses go next. Once the IT monster has been tamed inside the IT department and the business, organizations become more comfortable about investing in IT. They actually increase their IT spend as it delivers real business value and the IT budget ends up 20% higher than when they started.

So where do you think your organization is on the maturity curve?

Upgrade or perish

Good old technology
Good old technology

The Voyager 1 spacecraft was launched in 1977 and will continue operating until 2020 (43 years), approximately 18 billion Km from earth. The NASA team built a dedicated control room for this and other deep space missions. This means they can continue to use the original computer and communication systems through the decades without continually upgrading operating systems.

A few years ago I visited the European Space Agency Operations Centre in Darmstadt, Germany where they had developed new approaches to dealing with the technology cycle and were building shared control rooms for their multi year missions like Rosetta and Cluster II. This is a complex challenge as operating systems become unsupported, programming languages change and engineers move on or retire.

Unfortunately most organizations do not have the luxury of ignoring the upgrade requirements from the technology cycle. IT departments put significant resources into continually upgrading products, often for no tangible business improvement. One of the biggest challenges around upgrades is the computer operating system. In April 2014 the XP operating system will no longer be supported by Microsoft and yet 38% of computers worldwide still use XP.

So how should organizations still running XP approach the end of support milestone. I believe that there are 3 items to discuss at the very highest level in the organization:

  1. The Risk. The primary risk is that when XP stops being supported, Microsoft will no longer issue security patches for discovered vulnerabilities. So how many vulnerabilities remain in XP and how serious is it when they are exploited? The Stuxnet worm (used to destroy uranium enriching centrifuges) used 4 previously undiscovered vulnerabilities. It is a fair bet that someone out there has discovered more vulnerabilities and is waiting until end of support to deploy them and maximize return on investment.The end of support for XP is particularly attractive to hackers. You could end up with malware that is almost undetectable and provides hackers access to systems long after XP has disappeared from your network.
  2. The resources required. There are 3 areas that will cost (and often dearly) – new licenses (either for the operating system or to update old software that does not run on 7); – testing for all the existing applications (almost guaranteed that some will not work first time); and the change project (including designing and deploying the new components and training). $1200 to $2000 per computer is the Gartner estimate, and I ran a project for 900 seats at $1.2M.
  3. The technology options. It is really too late to start an enterprise upgrade project and have it completed inside a year. Even if you get organized internally, the integrators have their resources fully committed to enterprises that have started before you. The situation is particularly serious if your desktop management systems are not up to date.I suggest that you need to look at procuring a cloud based managed desktop. Talk to a few vendors to get a pilot up and running while you develop your procurement documents. Identify and prioritize application testing and ensure that there are nominated business reps to own the test outcomes. Start working with the HR department on a bring your own computer strategy. Most importantly, write a business case that frames exactly what you are trying to achieve and minimize the scope to tackle the core issues, leaving the “nice to haves” until the new technology is bedded in.

One last piece of advice – if your organization “simply does not have the money” for an upgrade, secure your superannuation and check out Seek.com. In the end, upgrades are non-negotiable for anyone except NASA!

Don’t get comfortable, the internet of things is coming

Flat out
Flat out

The role of a chief information officer in a large company has its challenges. They have to intermediate between the messy world of business and the even messier world of IT. Their focus is on the risks, costs and opportunities of today and they have few resources to prepare for the future.

I would argue that the next big challenge in IT is something that most CIOs are not ready for. This is the integration of information technology (IT) with operational technology (OT). It is a question of how we manage the internet of things – devices communicating over the internet without human interaction.

To give a personal example, as CIO I supported the operation of a newly purchased ore crushing machine (OT) at a remote mine site. The machine needed to run optimization software that was hosted on the vendor’s computers. This meant connecting the machine through our corporate network (IT) to the vendor. The vendor had no security accreditation and did not offer the security tools that we insisted on from our regular IT suppliers.

The machine had been purchased and the investment in a second communications link was substantial. In the end we accepted an increased security risk, given the costs of mitigation.

There are 3 big challenges with the internet of things:

  1. Security. As soon as we connect devices to the internet, there is massively increased opportunity for malicious attack. Hackers from anywhere in the world may obtain access, as highlighted by Mandiant. Many suppliers of OT do not have the resources to invest in properly secured systems.It is just a matter of time before serious mechanical or safety incidents occur. The Stuxnet virus destroyed hardware used to enrich uranium in Iran, but also infected over 200 Australian based devices. The Australian Government Computer Emergency Response Team found that 35% of attacks were non-targeted and indiscriminate.
  2. Integration. As the complexity of internet of things devices increases, so does the ability to store and utilize data. This data needs to be exchanged efficiently with corporate IT systems, however there are few standards.One example I came across recently was from an engraving firm. They had a web site through which customers could place their orders. To get the details into the connected engraving machine required them to rekey all the data, leading to errors and wasted time.
  3. Purchasing. The people buying OT hardware and software have a focus on the performance of the system. They are often less expert at understanding the license conditions and costs of ongoing support. It is not uncommon to see the same corporate license purchased more than once in an organization.

Some organizations are taking the bull by the horns. At the Australian Broadcasting Corporation, they have put the engineering services for recording and digital editing under the CIO. The critical infrastructure providers such as the utilities and airports have invested in professional approaches to OT. For many however, this is another problem just waiting to happen.

Do you have any plans for the internet of things?

Will we all be playing games at work?

Playing games
Game on

One of the most interesting pick from Gartner’s technology trends for 2013 was the imminent impact of gamification on the enterprise of tomorrow. The argument goes that 70% of Americans hate their job, but many go home at night to complete routine tasks in front of a computer screen by playing computer games (from Angry Birds to Resident Evil). Now if games developers have created scenarios where people want to achieve, why should we not do this in the workplace?

There are good examples of gamification being used for marketing, customer engagement and training. I have been wondering how the game strategy might be manifested in the dreary workplace of IT systems that I know and love. I decided to pick an area that I know– IT service desks – and imagine a gamed environment.

There need to be 3 components in a good game – an objective, a reward and a compelling environment.

1. The objective. Service desks should be measuring 3 key areas – staff productivity, service level breaches and customer satisfaction. The last of these is fairly difficult to manipulate (unless your father owns a chocolate factory).

For staff productivity, the obvious approach is to measure number of calls actioned. A more interesting strategy would be to measure how long it takes an analyst to fill in fields and move around the screen, very much like hand eye co-ordination games.

Service level breaches are often a result of poor interactions between first and second level teams. Providing visibility to expiring service levels and meaningful rewards could motivate the second level staff to pick up tickets and find speedy resolutions.

Customer satisfaction is the gold standard of measures (especially net promoter scores). The front line staff can have a major impact, but ultimately the result shows how well the whole IT team is working. The environment needs to make it easy for customers to give feedback.

2. Rewards. For sure there is merit in conventional rewards against objectives, but they have to be used carefully within the context of a game. True gamification requires that the rewards are integral to the game. For example a service desk analyst might get an “immediate escalation power” as a reward. This lets him or her prioritise a call in the queue and may improve their customer satisfaction score, leading to further reward.

Analysts at the second level, may accumulate a virtual currency (e.g. tchotchkes) every time a call is solved through a known problem that they resolved. This would encourage them to quickly analyse escalated tickets and create, then solve problems. The tchotchkes may be used to buy training on new technology, to develop system improvements or just to browse the internet. For many analysts visible mastery is reward enough, for others they can see work as an epic quest.

Games could have some level of randomization to add interest and fairness. The supervisor could create a shiniest shoe award one day or a best overheard service call reward.

3. The environment. Maybe the most challenging area for change is the visual and social environment. The screens for conventional service desk tools are a myriad of tabs and fields, a long way from the background in Call of Duty. Analysts could arrange their own screens, introduce background graphics and link their own visuals to objectives (e.g. a fire breathing dragon appears when service levels are breached).

Of more importance is the social environment. Staff must feel part of a great team, with a mixture of healthy competition and collaboration. A visible leader board can provide status to successful analysts. The game must provide opportunities for high score gamers to coach lower achievers and create team outcomes where everyone can win together.

Staff might get stressed about the scores that they do achieve, leading to higher absenteeism and higher turnover. It might be that having game objectives that are not explicitly linked to personal performance objectives is an advantage.

One of the exciting aspects of gamification is that it gives management a whole new set of levers to pull. With sufficient measurement and continuous improvement, managers should be able to adapt the games to deliver the organizational outcomes they wish to achieve, without the unintended consequences that are inevitable in any measurement regime.

How do you feel about going to work to play a game?

How do CIOs befriend the miners?

Hole in the glacier
Undermined

I have worked as a CIO in a number of industries and each has their peculiarities. One segment where the CIO has to be particularly nimble is in the mining sector. There are a few top tips that I have learned from working for a contract miner, producing ore from working mines.

I’ll try to frame up the key requirements in this industry

1. The mining industry is cyclical and when it is hot, it is hot. They need solutions quickly and run high profit margins in the good times. As the cycle turns there is a focus on cost control. In many cases IT is delivering projects late in the cycle and appears out of step with reality.

2. The equipment used in the mines has become technologically complex. There are management systems on the trucks, the crushers have IT components and there are a myriad of complex systems such as slope stability monitoring. The vast majority of this equipment is purchased without IT involvement, but these days most of the systems connect to the internet via the corporate LAN.

3. Many in the mining workforce are engineers or technicians and technologically literate. They often source their own technology solutions and have the skills to make them effective in the workplace. Examples are collaboration systems and mobile enabled ordering systems. These are nearly always disconnected from the corporate IT systems.

As CIO, I was keen to get onto the front foot with these issues. I wanted to understand why the IT department could not deliver the solutions as quickly and cheaply as business units buying it themselves. I succeeded in providing solutions quickly, cheaply and properly supported (my perspective), but I don’t think I won the business over for the following reasons:

1. Acceptance of risk. The business had a higher tolerance of risk than that practiced in IT. When the business implemented their own technology there was no business continuity planning, security was dealt with in a superficial manner and there was often a complete loss of capability when a key staff member left (key man risk). The truth was that these systems would fail, but as different systems were used on different sites the impact would not be catastrophic.

2. Opaque costing. The actual costs of these systems were not well understood. There was no aggregated cost (as you would find in an IT budget) and the costs were often wrapped into other high value contracts. The costs benefits were calculated simplistically by referring to the punitive expenses of having plant not working.

3. Inconsistent expectations. Business provided solutions would fail and they often had poor maintenance arrangements. The business was surprisingly accepting of these issues (given the costs of down time) and much more accepting than for corporate provided IT systems. I put the inconsistency down to the extra control that the business had over the issue. They would deal directly with the supplier and often leverage a relationship to accelerate resolution.

So here are my 3 top tips for success (or at least avoiding disaster)

1. Know when to get out of the way – you may not have the capability or resources to deliver. Ensure that you engage the key stakeholders in this decision.

2. Map the risk – ensure that you have a holistic view of technology risk, not just IT risk. The Audit and Risk committee should be thankful for such a perspective.

3. Be excellent at project management – if you are providing solutions apply a professional, agile project management technique. Good people, a strong methodology and business involvement is a recipe for success.

What are your experiences with IT and the mining industry?