The reluctant CIO

executive lifestyle
executive lifestyle

There is a lot of focus in Queensland right now on getting on board the digital bus. The Chamber of Commerce and Industry completed its digital readiness study and Brisbane City Council has its Digital Brisbane Strategy. These initiatives highlight that Queensland businesses have a long way to go to capitalize on the digital economy. This set me thinking about who should be dragging their organizations into the technology age.

In many organizations this is not the Chief Information Officer; it is either the Chief Executive Officer or the Chief Financial Officer. Very often these people are reluctant CIOs, forced to become the IT strategist because the IT department is 100% focused on day to day issues. So how do reluctant CIOs achieve success?

1. Insist that IT becomes transparent: open up the opaque layers that technologists use to obfuscate issues. Projects running over time and budget, dissatisfied customers and investments with poor or no return must be identified and fixed. The business needs to understand how their actions drive costs through a granular recharge arrangement.

2. Invest well: these days this does not mean servers and data centres. The areas that do need the right investment are strategy, architecture, processes, documentation and training. It is hard to put money to these areas when there are other immediate priorities. In the long run, these areas bring order and discipline to IT spending.

3. Get help: doing things wrong in IT is a very expensive mistake. Selecting the wrong system not only stymies the business, it means the investment must be repeated. In the most extreme cases the cost can exceed the initial investment by factors of hundreds

Many reluctant CIOs would like to find that silver bullet that repositions technology in the organization as a true enabler. While a slick app on an iphone may provide some gratification, the true path to success is through a good IT strategy, implemented with vigour and patience.

It takes a long time to put the right technology in place and create real business value (Gartner believe up to 15 years ). The new cloud based platforms might accelerate this, if you pick the right platforms in the first place.

For the reluctant CIO to become a digital leader they need to identify and realise opportunity for business improvement and value through IT. This might be a whole new set of skills and finding a trusted advisor is the key to success.

Is your organisation likely to get on the digital bus?

Invest to succeed

strategic wrapper
strategic wrapper

As I have described many times in this blog, investing in IT solutions is notoriously risky. Just 1 in 5 projects succeeds and failures can bring down companies and governments. How then do enterprises manage this risk?

The answer is challenging to the project sponsors, who just want IT to get on with the job. With other areas of the business they assign accountability and expect the business unit heads to deliver on outcomes. With IT this approach is ineffective given the number of stakeholders and the limited ability to control events.

One example that springs to mind was when I introduced a recruitment and on-boarding system. The project was well run with a solid business case and good governance. Unfortunately the HR staff were too busy to contribute as a result of a high recruitment load from a major mining project. Rather than delivering a poor product, I slowed the project to allow them to engage. The final system was very successful, but the project ran over budget and over time.

To deliver on time, budget, scope and value, you need a strategic approach. The best way to do this is with a strategic wrapper, run by someone who can bridge the business / IT divide. They should by preference be independent from project delivery.

The wrapper has 4 components as per the diagram above:

1. Framing question. This is probably the most important step and is designed to test the business engagement. In an accelerated workshop format, the key senior stakeholders agree to the high level problem statement and commit to change. A great outcome is an email from the CEO to all staff “We are making this change for this reason and expect it to deliver this”.

2. Business case. A well written business case will surface any inconsistencies between the project and the organization’s strategy. It then sets out the options, scope, benefits, costs, risks and timeframe. Once this is agreed by all stakeholders, you can use the document as a bible for all future steps.

3. Project governance. The people delivering the project will put in a governance process. This needs to be made accessible to senior stakeholders and you need a highly experienced individual to ensure that you make the right calls on the difficult decisions.

4. Value delivery. This step is so often missed out on IT projects. Organizations commit to the investment, they should also commit to the return. An independent analysis of returns against the business is guaranteed to focus the efforts of business unit leaders.

The strategic approach will cost money – typically 10% of the cost of a project. The approach is likely to deliver many times this benefit from a focused project that does not spend money on unnecessary features; cost reductions and quality improvements from best practice processes; and more business value delivered at the end of the project.

Does your business approach IT investment this way?

How much should we spend on IT?

Budget evolution
Budget evolution

Times are tough, as everyone playing in the consulting game would know. The March quarter Westpac pulse survey shows business is generally getting more optimistic, but this has not translated into increased sales and revenue. Organizations have streamlined and cut back on costs over the last 3 years and the IT department has participated generously in this (with another 10% cut in overall expenditure last year).

Is it still reasonable for executives to ask whether there are further cost savings available? The answer is of course yes and no. To illustrate I have taken a graph published by MIT’s CISR – a fantastic resource for IT research. The graph represents the IT spend graphed against technology maturity. In this case they measure maturity in the effectiveness of an enterprise architecture.

The baseline is 100% for an IT Department in an immature organization. This is typified by different services being offered to different parts of the business and dispersed infrastructure. If you are in this position you are definitely spending too much on IT.

A solid effort on standardizing hardware and software, consolidating infrastructure and improving procurement will deliver a 15% saving. The next 10% comes from standardizing and simplifying business processes onto core enterprise systems.

The surprising outcome is where businesses go next. Once the IT monster has been tamed inside the IT department and the business, organizations become more comfortable about investing in IT. They actually increase their IT spend as it delivers real business value and the IT budget ends up 20% higher than when they started.

So where do you think your organization is on the maturity curve?

Great customer service

a satisfied customer
a satisfied customer

A colleague recently told me of a poor experience she had with the IT department. She was involved in an international video conference and one of the remote sites could not connect. A call to the IT department went to voice mail. When IT was finally roused, they called the remote end, could not make contact so left a message and placed the incident on hold.

The impression this left was of an incompetent IT department, leading to the comment “… if they can’t even set up a video call, why would we trust them with any part of the business strategy?”

So how does an IT Department become excellent at customer service? It may surprise you, but I have a few simple steps (simple to say, difficult to do).

1. Process. The IT department needs good processes to ensure that calls are properly prioritised, escalated, resolved and reported upon. The ITIL incident, problem and change processes are essential. Add in knowledge, service level and configuration management and you’re cooking with gas.

2. People. Staff with a great customer service attitude put their heart and soul into effective communications and getting the customer back up and running. The challenge is to elucidate this talent within the constraints of agreed process. Sometimes front line staff have to go around processes or bend policies, but this must be the exception rather than the rule and non-compliance must be reviewed without blame. It may be an opportunity to improve the process or to re-enforce the reasons why things are done a certain way.

3. Technology. Good people and processes using a well adapted technology is a baseline for any organization to be successful. An IT service desk should have up to date tools – excel spreadsheets only work in small organizations and software as a service applications are available at a very competitive price.

4. Continuous improvement. Every poor interaction with a customer is an opportunity to improve customer service. Measure satisfaction with each interaction, identify underlying causes of dissatisfaction. These can be classified in an improvement register to tackle the high impact, low effort initiatives first. The video conferencing example from above should be solved with changes to process if it is a systemic or high impact event.

There are two qualifications to the above which need to be understood by decision makers. First, customer service improvements are neither free nor immediate. When you invest, the service delivery manager should be held accountable for real improvements in customer service. Second, if the systems that people use are not well adapted to their work, they will be dissatisfied no matter what the IT department does. Effective and timely investment in technology, done correctly, will immediately boost morale in the company.

So how happy are you with your technology?

Upgrade or perish

Good old technology
Good old technology

The Voyager 1 spacecraft was launched in 1977 and will continue operating until 2020 (43 years), approximately 18 billion Km from earth. The NASA team built a dedicated control room for this and other deep space missions. This means they can continue to use the original computer and communication systems through the decades without continually upgrading operating systems.

A few years ago I visited the European Space Agency Operations Centre in Darmstadt, Germany where they had developed new approaches to dealing with the technology cycle and were building shared control rooms for their multi year missions like Rosetta and Cluster II. This is a complex challenge as operating systems become unsupported, programming languages change and engineers move on or retire.

Unfortunately most organizations do not have the luxury of ignoring the upgrade requirements from the technology cycle. IT departments put significant resources into continually upgrading products, often for no tangible business improvement. One of the biggest challenges around upgrades is the computer operating system. In April 2014 the XP operating system will no longer be supported by Microsoft and yet 38% of computers worldwide still use XP.

So how should organizations still running XP approach the end of support milestone. I believe that there are 3 items to discuss at the very highest level in the organization:

  1. The Risk. The primary risk is that when XP stops being supported, Microsoft will no longer issue security patches for discovered vulnerabilities. So how many vulnerabilities remain in XP and how serious is it when they are exploited? The Stuxnet worm (used to destroy uranium enriching centrifuges) used 4 previously undiscovered vulnerabilities. It is a fair bet that someone out there has discovered more vulnerabilities and is waiting until end of support to deploy them and maximize return on investment.The end of support for XP is particularly attractive to hackers. You could end up with malware that is almost undetectable and provides hackers access to systems long after XP has disappeared from your network.
  2. The resources required. There are 3 areas that will cost (and often dearly) – new licenses (either for the operating system or to update old software that does not run on 7); – testing for all the existing applications (almost guaranteed that some will not work first time); and the change project (including designing and deploying the new components and training). $1200 to $2000 per computer is the Gartner estimate, and I ran a project for 900 seats at $1.2M.
  3. The technology options. It is really too late to start an enterprise upgrade project and have it completed inside a year. Even if you get organized internally, the integrators have their resources fully committed to enterprises that have started before you. The situation is particularly serious if your desktop management systems are not up to date.I suggest that you need to look at procuring a cloud based managed desktop. Talk to a few vendors to get a pilot up and running while you develop your procurement documents. Identify and prioritize application testing and ensure that there are nominated business reps to own the test outcomes. Start working with the HR department on a bring your own computer strategy. Most importantly, write a business case that frames exactly what you are trying to achieve and minimize the scope to tackle the core issues, leaving the “nice to haves” until the new technology is bedded in.

One last piece of advice – if your organization “simply does not have the money” for an upgrade, secure your superannuation and check out Seek.com. In the end, upgrades are non-negotiable for anyone except NASA!

Don’t get comfortable, the internet of things is coming

Flat out
Flat out

The role of a chief information officer in a large company has its challenges. They have to intermediate between the messy world of business and the even messier world of IT. Their focus is on the risks, costs and opportunities of today and they have few resources to prepare for the future.

I would argue that the next big challenge in IT is something that most CIOs are not ready for. This is the integration of information technology (IT) with operational technology (OT). It is a question of how we manage the internet of things – devices communicating over the internet without human interaction.

To give a personal example, as CIO I supported the operation of a newly purchased ore crushing machine (OT) at a remote mine site. The machine needed to run optimization software that was hosted on the vendor’s computers. This meant connecting the machine through our corporate network (IT) to the vendor. The vendor had no security accreditation and did not offer the security tools that we insisted on from our regular IT suppliers.

The machine had been purchased and the investment in a second communications link was substantial. In the end we accepted an increased security risk, given the costs of mitigation.

There are 3 big challenges with the internet of things:

  1. Security. As soon as we connect devices to the internet, there is massively increased opportunity for malicious attack. Hackers from anywhere in the world may obtain access, as highlighted by Mandiant. Many suppliers of OT do not have the resources to invest in properly secured systems.It is just a matter of time before serious mechanical or safety incidents occur. The Stuxnet virus destroyed hardware used to enrich uranium in Iran, but also infected over 200 Australian based devices. The Australian Government Computer Emergency Response Team found that 35% of attacks were non-targeted and indiscriminate.
  2. Integration. As the complexity of internet of things devices increases, so does the ability to store and utilize data. This data needs to be exchanged efficiently with corporate IT systems, however there are few standards.One example I came across recently was from an engraving firm. They had a web site through which customers could place their orders. To get the details into the connected engraving machine required them to rekey all the data, leading to errors and wasted time.
  3. Purchasing. The people buying OT hardware and software have a focus on the performance of the system. They are often less expert at understanding the license conditions and costs of ongoing support. It is not uncommon to see the same corporate license purchased more than once in an organization.

Some organizations are taking the bull by the horns. At the Australian Broadcasting Corporation, they have put the engineering services for recording and digital editing under the CIO. The critical infrastructure providers such as the utilities and airports have invested in professional approaches to OT. For many however, this is another problem just waiting to happen.

Do you have any plans for the internet of things?

Will we all be playing games at work?

Playing games
Game on

One of the most interesting pick from Gartner’s technology trends for 2013 was the imminent impact of gamification on the enterprise of tomorrow. The argument goes that 70% of Americans hate their job, but many go home at night to complete routine tasks in front of a computer screen by playing computer games (from Angry Birds to Resident Evil). Now if games developers have created scenarios where people want to achieve, why should we not do this in the workplace?

There are good examples of gamification being used for marketing, customer engagement and training. I have been wondering how the game strategy might be manifested in the dreary workplace of IT systems that I know and love. I decided to pick an area that I know– IT service desks – and imagine a gamed environment.

There need to be 3 components in a good game – an objective, a reward and a compelling environment.

1. The objective. Service desks should be measuring 3 key areas – staff productivity, service level breaches and customer satisfaction. The last of these is fairly difficult to manipulate (unless your father owns a chocolate factory).

For staff productivity, the obvious approach is to measure number of calls actioned. A more interesting strategy would be to measure how long it takes an analyst to fill in fields and move around the screen, very much like hand eye co-ordination games.

Service level breaches are often a result of poor interactions between first and second level teams. Providing visibility to expiring service levels and meaningful rewards could motivate the second level staff to pick up tickets and find speedy resolutions.

Customer satisfaction is the gold standard of measures (especially net promoter scores). The front line staff can have a major impact, but ultimately the result shows how well the whole IT team is working. The environment needs to make it easy for customers to give feedback.

2. Rewards. For sure there is merit in conventional rewards against objectives, but they have to be used carefully within the context of a game. True gamification requires that the rewards are integral to the game. For example a service desk analyst might get an “immediate escalation power” as a reward. This lets him or her prioritise a call in the queue and may improve their customer satisfaction score, leading to further reward.

Analysts at the second level, may accumulate a virtual currency (e.g. tchotchkes) every time a call is solved through a known problem that they resolved. This would encourage them to quickly analyse escalated tickets and create, then solve problems. The tchotchkes may be used to buy training on new technology, to develop system improvements or just to browse the internet. For many analysts visible mastery is reward enough, for others they can see work as an epic quest.

Games could have some level of randomization to add interest and fairness. The supervisor could create a shiniest shoe award one day or a best overheard service call reward.

3. The environment. Maybe the most challenging area for change is the visual and social environment. The screens for conventional service desk tools are a myriad of tabs and fields, a long way from the background in Call of Duty. Analysts could arrange their own screens, introduce background graphics and link their own visuals to objectives (e.g. a fire breathing dragon appears when service levels are breached).

Of more importance is the social environment. Staff must feel part of a great team, with a mixture of healthy competition and collaboration. A visible leader board can provide status to successful analysts. The game must provide opportunities for high score gamers to coach lower achievers and create team outcomes where everyone can win together.

Staff might get stressed about the scores that they do achieve, leading to higher absenteeism and higher turnover. It might be that having game objectives that are not explicitly linked to personal performance objectives is an advantage.

One of the exciting aspects of gamification is that it gives management a whole new set of levers to pull. With sufficient measurement and continuous improvement, managers should be able to adapt the games to deliver the organizational outcomes they wish to achieve, without the unintended consequences that are inevitable in any measurement regime.

How do you feel about going to work to play a game?

Is technology too expensive?

Leap of faith
Leap of faith

Successful business leaders ensure that the scarce resources available to them are best used. They focus on all aspects of spending and ask is it absolutely necessary? Is there a cheaper way of doing this? Can we squeeze out more for the same cost?

Given the challenges of the last few years, most of the low hanging fruit has already been harvested. The competitive pressure has not come off and CEOs are looking to balance an increased demand for services with a reduced ability to attract income. There are 3 main options to achieve this:

1. Transformational change. Radically changing the operating model through acquisition, amalgamation or strategic repositioning is an option. James Carlopio from the World Future Society suggests that these efforts fail 50-80% of the time.

2. Intermediation. This is where the relationships between suppliers and consumers is modified and may be as simple as consolidating suppliers to achieve discounts. This strategy can sometimes be affected with little of the risk associated with business change.

3. Incremental. Typically this involves turning the handle on business processes to make them more effective, reducing cost and improving quality. Technology is likely to be a core component and the biggest risks are around organizational change.

As a CIO I have been involved in a number of successful incremental change projects. One example was the introduction of a logistics management application in a large not for profit organization.

The new application had many technology challenges causing delays and frustration amongst the users. The business processes were standardized and simplified, which made some users feel disempowered. Fortunately there was a clear vision from senior management on what they wanted to achieve. The turning point came when a major disaster struck, requiring a highly complex logistics operation.

The simplified processes improved productivity of staff who were working 18 hours per day. The on line nature of the application meant that geographically dispersed stakeholders collaborated effectively. The biggest impact came from being able to analyse the supply chain and optimize ordering, reducing delivery time by a factor of 6 and costs by 80%.

Of course for every success story, there are litanies of disasters where IT investments have soaked up huge amounts of money. I have a few tips for making sure that you get value if you are investing scarce resources:

1. Create a business case. This clearly states the expectations behind business drivers, strategic outcomes, options, scope, benefits, costs, risks and timeframe. If the costs and risks outweigh the benefits, cancel the initiative early.

2. Assign accountability. You need to have individuals who are fully accountable for the business case and in particular the delivery of business benefits. The expectations should be clearly stated in the individual’s personal performance objectives

3. Excellence in delivery. Running IT projects is risky. The concensus from a number of surveys on IT projects is that just 1 in 5 are fully successful. A solid project methodology, experienced project managers and executive support focused on delivering the promised benefits will increase your chance of success

4. Connect initiatives. Running a series of disconnected IT initiatives will lead to lower agility and higher costs in the long run. Plan your IT like you would plan a city to make sure that your roads connect and you don’t build an abattoir in a residential area.

How confident are you about investing in organizational change?

Excuse me CEO, just one question please?

It's tough at the top
It’s tough at the top

Gartner runs a CEO survey every year and in his blog, Mark Raskino asked what questions we should be asking in these surveys. The focus is on how the CEO sees the current state of IT and how it needs to change to support the business.

In my time as CIO, I have often wanted to ask my CEO that killer question that reframes his view of IT. I am not sure that I ever quite succeeded, but the accelerating pace of change driven by technology is probably making some CEOs nervous. Time to hit them with the big one ….

But first I need to frame the state of play as I see it.

The executive and senior management in many organizations are disappointed with IT and do not trust the IT department to deliver the technology that they need for transformation. IT departments provide solutions too slowly; they are too expensive and overly restrictive. The existing solutions are often not fit for purpose. CEOs don’t want to restrict innovation and profit by forcing all technology solutions through IT, so they are allowing the business to buy their own cloud solutions.

The IT departments are frustrated by the way that the business engages with IT issues. Best practice approaches to architecture, IT governance or security are only paid lip service by business leaders. I hear comments like “the business really needs to improve its maturity to be successful with IT”. Furthermore IT budget are constantly under pressure and IT management is having to focus increased effort on supporting products that they had no part in procuring.

A classic Mexican standoff, with the majority of guns pointing at the unlucky CIO!

So how does the CEO think IT should be run in their organization?

Do you believe that following IT best practices would deliver the right IT solutions for your business?

The best practices are there to ensure agility, quality, alignment, risk management and costs control – exactly the problems that organizations are experiencing. IT best practices stretch well beyond the IT department and can only work when the CEO is committed to them. The nexus of the question is who the CEO trusts to fix IT.

If the CEO does not trust the CIO, do they trust ISACA, ITSMF, or PMI (the best practice organizations)? If they don’t trust these industry groups who do they trust? Please let me know your thoughts

Just do these 5 things!

Food in Laos
Recipe for success

I am passionate about making organizations work better through technology. We could vastly improve business performance and prevent wanton destruction of wealth. With the resources freed up we can tackle poverty, the environment and global inequity – or am I getting carried away?

The agenda is clear and many would agree that the solutions are clear – but not simple. Every organization should be doing the following 5 things:

1. Corporate governance of IT. Technology is not a separate thing to the business, it needs to be managed by management and not by the IT department. There are best practices (Cobit5, ISO38500) but the real implementation challenge is that many senior managers do not have the skills and knowledge to make the right decisions about the technology in their business.

Implement a corporate governance of IT best practice and develop your senior staff to be excellent in its application

2. Enterprise architecture. This must not be confined to the IT department, it must become a central component of all business initiatives. Enterprise architecture is very difficult to do well despite the best practices (TOGAF, FEAF etc).

Invest in an enterprise architecture and use it broadly for business decision making

3. Continuous improvement. If you have ever taken delivery of a new enterprise IT system, it probably resembled a bath tub and not the speed boat that you expected. It takes time to update practices, fix bugs and improve processes. This should never stop, even when you realize that the system has grown into the beautiful sleek machine that you were expecting.

Formalize continuous improvement in all areas of the business, maybe through Six Sigma and an Improvement Register

4. Service management. It is now almost universally accepted that the only way to run IT in complex organizations is through a service management approach (ITIL, ISO20000 etc). In my view this approach should be extended to other internal service departments such as HR and finance.

Commit to a service management maturity level of 3 and above

5. Execution methods. Execution of technology projects is notoriously tricky, with 70% not delivering to expectations. Those that do deliver use proven methodologies run by high quality people. Project management, business process management, software development lifecycle, security, and information lifecycle are 5 key areas to look at.

Develop and nurture excellence in execution to deliver 90% on time, on budget initiatives

All organizations can benefit from the above approach, but the government sector is probably most in need. Citizens who see their hard earned tax payments go up in smoke through the likes of the Queensland Government Health Payroll debacle should be insisting on a plan from politicians. This was a $6M technology project that cost $1.2Bn (or $1000 from my family).

Commit to the above 5 steps and not only will IT disasters be less likely, we should also get IT enabled and connected governments. From this we can expect transparent government, a citizen centric approach, better social inclusion and at a reduced cost.

This would be a good start on the quest for a better world!

So how can we make this happen?