Tag Archives: Corporate governance of IT

What they don’t know

Birthday cake
Surprise!

Have you ever been to a dinner and known that one of the guests is about to get a surprise? The tingling excitement seeing their normal carry on persona until “it” happens and everyone shrieks in laughter. Well I sometimes feel IT / Business meetings are a bit like that – each side sharing what they think is important and when problems happen they ask “how could they have not known about that?”

The big IT decisions are taken in leadership governance forums, structured to get the right level of input about the opportunities and threats from the business, and likewise from technology. The trouble is that they don’t know everything that we know (on either side of the table). In fact often we don’t think they have sufficient understanding of the realities of the world we live in (again common to both sides).

People have to take decisions based on their understanding of the relevance and quality of the information in front of them. And if you want to get good outcomes, you have to take good decisions. So how do you develop effective governance in the organization. I have a few tips:

  1. The business side needs to see technology literacy as a core development requirement of its leaders. This is not about giving them an i-pad, but teaching them about the value of frameworks, the role of enterprise architecture and service models. Formal courses are required here and an increased technology focus in MBA courses would be a good start.
  2. There just has to be less optimism around IT solutions and more realism. Yes they are the free lunch that accounting firms drool over (while the IT folk work through lunch); but miracles don’t happen, they are dragged out by strong leadership teams steering a steady course and holding to realistic business outcomes – just like the team did with the Collins Class improvements.
  3. The people mix has to be right. You need governance teams with perceptive insight. These may not be the operationally focussed IT staff who have been promoted for brilliantly resolving the ceaseless IT outages. More likely it is the analysts or architects who will develop to GOVN7 competencies.
  4. The information that is shared has to be just right! The governance meetings may take up only a few percentage of the working week. What information to share and what to leave under the covers becomes very important. For project governance, this is reasonably well understood. As you move to programme, portfolio and business process governance, it comes down to having the right leaders with the perceptive insights of what is really important.

I have been a member of a State Government programme board for one of the largest IT projects in the country. We used to receive 300 page board packs, supplemented with consultants’ reports that ran to 100 pages each.  Fortunately we had perspicacious board members who knew where the really important information was – and it was very rarely in the executive summary!

So how do you think we can improve knowledge on both sides of the table?

Gregory House for CIO?

The right approach?
The right approach?

Being in a household full of teenage kids, it is hard to find TV programs that everyone wants to watch. One series that we all agree is intriguing and entertaining is House – the story of a brilliant doctor saving his patient’s lives through his intellect. Along the way he struggles with drug addiction, dysfunctional personal relationships and, most intriguingly, managing a high performing team.

I see all sorts of similarities between this evidently contrived medical environment and my experiences as CIO trying to get the best out of my team for their own sakes and to deliver to the organization.

So how does Dr House stack up against my principles of what makes a good leader and especially a good CIO?

  1. Integrity. For me this trait stands above all others in importance (as it does for any executive). On the face of it, House lacks integrity – he lies consistently, is always taking money off Wilson and almost always avoids answering questions. Behind this somewhat dispiriting façade, you know that House holds certain values with incredibly high integrity. He puts his patients first in front of his career or image. He is open and honest about the life that he leads, even if it doesn’t fit society’s norms; and he bases his decisions on fact and not prejudice.
  2. Strategic thinking – CIOs need strategic bones in their bodies (see The Reluctant CIO!) and this takes a certain thought process. They have to be comfortable “in the fug”, not having the full picture but still being confident enough to move in one direction. This is House’s life: a patient presents with lots of data, but insufficient information to diagnose. He has to weigh up the risks of each test or treatment against the risk of inaction (usually the patient will die). He never just sits and holds his head; he always picks a path and follows it.
  3. Domain expertise – This is a tricky area for CIOs; they need domain expertise but it needs to be in the right area. They should not be experts in configuring routers or writing code. They do need to be great at managing risk, optimizing architecture, process management and governance functions. House is the ultimate domain expert in managing risk. He doesn’t know the diagnosis any more than his team (until the last 5 minutes), but he can weigh up the risks of various options and tells the team to “Go!”
  4. Communications – A core requirement of a CIO is to communicate the opportunities, challenges, risks and achievements of information technology. In this area you would have to say that House fails dismally, at least at face value. He interacts rudely with his patients (he would rather not talk to them) and prefers to hang out in the morgue or with coma guy. To counteract this perspective, we know that House is the best asset of the hospital, so somehow the word has got out. Maybe he really does know how to communicate – just in unconventional ways.
  5. Relationship building – I have always thought that the relationship web that a CIO weaves is his or her biggest asset. The CIO must work up, down and across developing trust and enthusiasm. House has a strange set of relationships with Cuddy (up), his team (down) and Wilson (across). The recurring challenge with his team is to let them make their own decisions (and mistakes) but not let them kill the patient (which sometimes happens). This is like any CIO challenge – let the Operations Manager manage operations, but know when you have to step in to save a disaster.

So how would you like to be in Houses’ team? A mixed blessing I think!

Awesome Bill

Bill Gates on Q & A
go Bill

I watched with great fascination the visit of Bill Gates to Australia this week. His session on Q&A was excellent with great questions from a diverse audience. He was also good at the Press Club lunch, although the questions from the press were decidedly average (proving that no journalist can go a lunch and desist from drinking a full bottle of wine).

Bill was spot on the money with his message – that properly targeted resources can make a real difference to the tough problems in the world. He showed us the outcomes, highlighting the reduction in infant mortality as a key indicator of success. He also highlighted the influence that the Bill and Melinda Gates foundation has had in driving towards that success.

This set me to thinking why a “software geek” should be so effective when countless billions of aid money from other sources has done less. I think there are a few imperatives that he has learned as a CEO of Microsoft that stand him in good stead for the task:

1. Outcome driven. There was very clear purpose in the work that Bill presented. The purpose could be expressed simply (eradicate Polio) and no matter how complex the issues, all initiatives could be measured against this target.

2. Information Technology. Bill knows that IT is really about the information and not the technology. You have to gather good information, work out what the problem / opportunity is, postulate a solution, implement and measure, react to the outcomes with new programs or improvements to existing programs. Technology allows you to do this at scale, but information and analysis point you in the right direction.

3. Governance. Bill understands how powerful a force governance is. As the world’s richest man, he must be tempted to decide unilaterally, but evidently that is not his style. His position on GM foods was telling – don’t stop the science, but put in place governance structures for countries to decide whether the risk outweighs the benefit.

I contrast this with my experience as CIO for the International Red Cross. I was besieged by donors wanting to put technology in the hands of the poor. The purpose was to provide wings so the poor could fly! I would emphasise that technology costs resources to operate and unless the value proposition is clear it withers (as happened to innumerable high tech aid projects). Where resources are needed is in the systems and data that can be used to improve livelihoods.

Well done Bill for squeezing $80M from Julia for his cause celeb, and well done for inspiring us to keep trying to make the world a better place. I have just one request – please don’t die before you eradicate polio!

Excuse me CEO, just one question please?

It's tough at the top
It’s tough at the top

Gartner runs a CEO survey every year and in his blog, Mark Raskino asked what questions we should be asking in these surveys. The focus is on how the CEO sees the current state of IT and how it needs to change to support the business.

In my time as CIO, I have often wanted to ask my CEO that killer question that reframes his view of IT. I am not sure that I ever quite succeeded, but the accelerating pace of change driven by technology is probably making some CEOs nervous. Time to hit them with the big one ….

But first I need to frame the state of play as I see it.

The executive and senior management in many organizations are disappointed with IT and do not trust the IT department to deliver the technology that they need for transformation. IT departments provide solutions too slowly; they are too expensive and overly restrictive. The existing solutions are often not fit for purpose. CEOs don’t want to restrict innovation and profit by forcing all technology solutions through IT, so they are allowing the business to buy their own cloud solutions.

The IT departments are frustrated by the way that the business engages with IT issues. Best practice approaches to architecture, IT governance or security are only paid lip service by business leaders. I hear comments like “the business really needs to improve its maturity to be successful with IT”. Furthermore IT budget are constantly under pressure and IT management is having to focus increased effort on supporting products that they had no part in procuring.

A classic Mexican standoff, with the majority of guns pointing at the unlucky CIO!

So how does the CEO think IT should be run in their organization?

Do you believe that following IT best practices would deliver the right IT solutions for your business?

The best practices are there to ensure agility, quality, alignment, risk management and costs control – exactly the problems that organizations are experiencing. IT best practices stretch well beyond the IT department and can only work when the CEO is committed to them. The nexus of the question is who the CEO trusts to fix IT.

If the CEO does not trust the CIO, do they trust ISACA, ITSMF, or PMI (the best practice organizations)? If they don’t trust these industry groups who do they trust? Please let me know your thoughts

Just do these 5 things!

Food in Laos
Recipe for success

I am passionate about making organizations work better through technology. We could vastly improve business performance and prevent wanton destruction of wealth. With the resources freed up we can tackle poverty, the environment and global inequity – or am I getting carried away?

The agenda is clear and many would agree that the solutions are clear – but not simple. Every organization should be doing the following 5 things:

1. Corporate governance of IT. Technology is not a separate thing to the business, it needs to be managed by management and not by the IT department. There are best practices (Cobit5, ISO38500) but the real implementation challenge is that many senior managers do not have the skills and knowledge to make the right decisions about the technology in their business.

Implement a corporate governance of IT best practice and develop your senior staff to be excellent in its application

2. Enterprise architecture. This must not be confined to the IT department, it must become a central component of all business initiatives. Enterprise architecture is very difficult to do well despite the best practices (TOGAF, FEAF etc).

Invest in an enterprise architecture and use it broadly for business decision making

3. Continuous improvement. If you have ever taken delivery of a new enterprise IT system, it probably resembled a bath tub and not the speed boat that you expected. It takes time to update practices, fix bugs and improve processes. This should never stop, even when you realize that the system has grown into the beautiful sleek machine that you were expecting.

Formalize continuous improvement in all areas of the business, maybe through Six Sigma and an Improvement Register

4. Service management. It is now almost universally accepted that the only way to run IT in complex organizations is through a service management approach (ITIL, ISO20000 etc). In my view this approach should be extended to other internal service departments such as HR and finance.

Commit to a service management maturity level of 3 and above

5. Execution methods. Execution of technology projects is notoriously tricky, with 70% not delivering to expectations. Those that do deliver use proven methodologies run by high quality people. Project management, business process management, software development lifecycle, security, and information lifecycle are 5 key areas to look at.

Develop and nurture excellence in execution to deliver 90% on time, on budget initiatives

All organizations can benefit from the above approach, but the government sector is probably most in need. Citizens who see their hard earned tax payments go up in smoke through the likes of the Queensland Government Health Payroll debacle should be insisting on a plan from politicians. This was a $6M technology project that cost $1.2Bn (or $1000 from my family).

Commit to the above 5 steps and not only will IT disasters be less likely, we should also get IT enabled and connected governments. From this we can expect transparent government, a citizen centric approach, better social inclusion and at a reduced cost.

This would be a good start on the quest for a better world!

So how can we make this happen?

How do we benefit from technology? Wrong question!

Bandah Acheh 2005
Destroyed by a tsunami

We all know “it” is coming, although we really don’t understand exactly what “it” is. It has something to do with new ways of working, new business models, changing customer habits and connectedness. For certain it is all driven by changing technologies and information technology is at its heart. Businesses want to be on the wave and are asking how to achieve this. I think it would be more useful to frame the question the other way:

How do we stop technology from destroying the value in our business? I have three easy steps:

1. Be excellent at running technology within your business. There are a host of best practices for IT out there, and while there are differences in approach at the edges, they basically agree about the major concepts. The business leaders must mandate a level of maturity to these business practices.

The key areas that should be in place are: Quality & improvement (e.g. ISO9000, Six Sigma, Continuous Service Improvement); Corporate governance of IT (e.g. ISO38500, ValIT); Service management (e.g. ITIL, ISO20000 or my new favourite Cobit5); Execution methods (e.g. BABOK, PMBOK, Prince2, CMMI); and architecture (e.g. TOGAF, FEAF or Zachman).

2. Make technology a core component of strategic planning. You should be rewriting your business strategy with some urgency if it does not have technology as an important component (yes this applies to every business). The market analysis that informs the strategy should include a technology evaluation (use your CTO if you have one).

Once you have current state, transition state and target state identified, you need to model the organization. This is called enterprise architecture and will identify what needs to change (people, technology, processes) as you progress. With this you can estimate costs and create a business case around the strategy.

3. Drive accountability. You now have a strategy, an investment plan and expected benefits (increased profit, more loyal customers, better compliance etc). Make key staff accountable for delivery on time, on budget with all benefits realized. Be particularly careful to manage scope and do only those things that truly drive the benefits.

The above is not the complete recipe for success – you still have to get the right strategy, but it is likely to eliminate a key cause of failure. Unfortunately I do not see many businesses doing this.

This year in the UK alone we have seen retailers Jessops, HMV, Blockbuster and Republic go into administration. There has been a huge destruction of wealth that should be sheeted back to their boards. I very much doubt that any of these chains were following the principles above.

Are you thinking about how you prevent technology changes from destroying your business?