Matthew Sainsbury investigates how the role of chief information officers is evolving and how directors can stay ahead of growing technology risks.
Traditionally, boards have not concerned themselves too much with technology. In board meetings, the activities of the CEO and CFO have always been of intense interest to directors, but others in executive management, such as the chief information officer (CIO) or chief technology officer (CTO), have found themselves largely left to their own devices.
The perception was that accounting errors or the mismanagement of staff could lead to catastrophic issues for the organisation and were important for directors to keep an eye on. In terms of risk profile, as long as the proverbial lights stayed on, IT was not a concern. That is not the case any longer.
With the impact that technology is now having on organisations across all industries, boards are finding it increasingly important to check in with what the CIO is working on.
CIOs, in turn, are being expected to adjust to a new job description. No longer are they simply the people that keep the lights on; CIOs are expected to behave as business leaders, have a strategic vision and find ways of using technology to counteract or gain a competitive advantage over others in their sector.
In other words, the CIO is now core to the success of the business. IT analyst firm, Gartner (Twitter @Gartner_inc), has outlined the “new” CIO leader’s top 10 priorities as follows;
- Understand your environment.
- Create your vision.
- Shape and inform expectations.
- Create clear IT governance.
- Weave business and IT strategies together.
- Build a new information systems (IS) organisation.
- Develop a high-performing IS team.
- Manage enterprise and IT risks.
- Communicate your performance.
These priorities cover both the demand and supply sides for the use of technology in a business.
In Australia, we have seen the benefits of an organisation having a visionary CIO leading its technology strategy. The Commonwealth Bank of Australia’s Michael Harte, for instance, is said to exemplify a CIO that checks off Gartner’s 10 priorities and as a consequence, the bank is able to leverage its IT to competitive advantage, while also “keeping the lights on” and remaining compliant with regulations.
The risks of having an inadequate CIO in the modern business environment are severe. In a highly regulated environment, such as financial services, a poor IT strategy can potentially lead to criminal data loss. But less tightly regulated environments can still suffer damages from a poorly performing CIO. IT infrastructure that is not able to handle a robust social media strategy can cause reputational damage when dissatisfied customers are not properly managed on Facebook or Twitter.
A CIO of a retailer that does not implement a robust data analytics program will find his or her organisation struggling to compete with the personalised offers and discounts that its rivals can create.
Security is also a problem when an organisation lacks a CIO willing to think about the longer-term health of the organisation.
Consider the following scenario: Microsoft will shortly cease to support Windows XP and without security patches, organisations that continue to use the operating environment will be left wide open to malicious hacking and data theft. This has been common knowledge for a long time, but many organisations are only now realising that they need to find a solution to the problem. Many will find they need to pay $200 per computer for a year of custom support from Microsoft in order to continue to use Windows XP securely (and that dollar price will rise for the second and third year of custom support).
Resolving some of these strategic challenges and creating a culture where IT has a leadership role within the organisation seems simple on the surface – let the CIO join the many CEOs and CFOs that either have permanent seats on the board, or regularly report directly to the board.
The thinking goes that by having the CIO directly part of the highest level of strategic conversations within the organisation, the CIO will be more inclined to take a leadership role.
The problem that many boards face in adopting that strategy is that their organisation’s CIOs are not Michael Harte and are not really in a position to be the leader that the organisation needs them to be.
“Most CIOs get to where they are in the organisation because they know more than anyone else about technology and so we have got this really bad habit of promoting people to a level of incompetence,” says Greg Spencer MAICD, principal consulting partner at Beyond Technology Consulting.
“It’s fine for them to be very strong technical people, but with little or no executive management experience, they’re getting promoted on the basis they’re the smartest people in the technology room, not because they have an in-depth understanding of business challenges or opportunities.
“This becomes a limiter on the business because when thrust into a position of strategic importance, these CIOs don’t engage with the business well and instead adopt an attitude of ‘I don’t need to know the detail. I’m just going to protect the people here from themselves’.”
In the future, it will be expected that CIOs are also business leaders, but until that new generation of CIO with both technical and business understanding is able to emerge, a board should be looking to gain input from the CIO, but then also looking for further information resources in order to develop a more rounded understanding of the technology needs of the organisation.
Peter Boyle, managing director of corporate reporting solutions at business publisher CCH, says that when it comes to corporate risk, boards should be drawing on outside expertise in order to understand and then properly execute an IT vision.
“The IT risk is not just security related; it can also be the quality of data they send to other people,” says Boyle.
“For instance, we’ve got the tax department looking at inter-company transactions internationally and how the government is going to take an inter-government stance with other governments on controlling the reporting of data.
“That data has to come out of those systems and, quite often, the information has been put in without the understanding of how it’s going to work and the CIO might not have the necessary answers to meet potential new mandates.
“I’ve been in the game for quite some time and I like to pride myself on helping out with all the technology developments, but every so often something new does come out.
“I don’t think that individual board members can keep abreast of everything they need to in order to understand the technology demands on their businesses. That’s when they need to have people advising them.”
Directors do not need to be aware of the specifics of the technology that their organisations are operating with, but they do need to have a high-level, strategic understanding of what is going on and of how conducting business is fundamentally different in the digital age.
“Technology simply enables the business to generate more revenue, better serve its customers or be more efficient,” says Tom Crampton, CEO of IT security company Trusted Impact. “I remember speaking with a CEO not that long ago, who said to me: ‘I have a proposal from my team; they all want to get iPads into the organisation.’
“My response was ‘how is it going to make their jobs easier or quicker?’ and I could see the light bulb go on.”
According to Crampton, one of the issues that many directors struggle with is a fear of asking the “proverbial stupid question”.
He says directors do not necessarily need to understand the details of IT, nor take steps to self-educate themselves on it to a great depth. They already understand the company’s strategic direction, so all they need to do with regards to IT is be prepared to ask the simple empowering questions of what is the business objective, how will it be measured, who will be accountable and what are the unique risks that must be considered and managed.
Should a board set up a separate IT audit committee? “That concept has both pros and cons,” says Crampton. “It might enable a smaller group to better understand how the company could proactively respond to new opportunities in the digital age, the role that technology plays in it and better appreciate the unique risks it presents. On the downside, it might also mean that the board ignores the broader discussion because it is being handled by the committee, and therefore no longer worries about the issue.
“That’s the con – no board member can ignore IT, because IT is so fundamental to the success of the business now.”
John Walters, managing director of technology specialist Nextgen Distribution, and director of technology company Anittel and the Royal Australian Regiment Foundation, has a strong technical background. For him, the most effective way of getting enough knowledge on technology into the boardroom is by engaging regularly with subject matter experts who also understand that the interests at board level lie at a strategic level.
“The conversations that directors should be having are around who the real IT thought leaders in Australia are and how can they get briefings at a board level with those people so they can get across where IT is going and how they can stay ahead of the transformation curve,” Walters says.
Even if the board is to give the CIO a seat at the table, he says it is critical that the board gets that outside expertise in for a second look.
“The CIO might not want independent thought leaders coming in for these briefings, because it might start provoking especially difficult questions for him or her,” says Walters. “But it is important that the CEO or chairman takes the lead in getting the consultants in.”
Spencer adds: “The board should also understand who to talk to in the event of a crisis. With information security and privacy presenting more acute risks to the business, the chairman does not want to be waiting for a critical event before looking for independent trusted advice.”
One emerging trend in the technology industry itself may prove invaluable for boards in terms of gaining information – the consolidation taking place among the industry’s largest vendors.
The likes of Oracle, HP, Microsoft, Dell and Cisco are making investments in acquiring smaller organisations in order to be able to offer a “stack” to the market – a set of products and services that provides an end-to-end solution that a company could run its entire IT infrastructure on.
By investing in these platforms, a company would be able to easily receive updates and new innovations from its vendor of choice, which would easily integrate with the existing technology. Further, as an important customer for the vendor, the company would gain access to advice and subject matter experts from its technology partner.
Walters, whose company Nextgen Distribution sells Oracle stacks to companies, has seen organisations take advantage of this in the past.
“These vendors utilise their investment globally into innovation for where they think technology is going. That’s free advice, right?” says Walters. “I would of course match that up with an independent adviser as well, but it provides boards with additional access to information.”
BECOME AN INNOVATION ACCELERATOR
Businesses are being transformed by new technologies, especially those that bring more intelligence and mobility to their operations and products. Some companies – known as “innovation accelerators” – are driving this transformation and are likely to surge ahead, according to a new study.
The study, commissioned by Red Hat and conducted by Harvard Business Review Analytic Services, found that innovation accelerators share these six common characteristics:
- Their commitment to technology-driven business innovation starts at the top.
- Their approach to innovation is structured and managed, but they value speed over perfection and cut through bureaucracy.
- They value diversity of thought and experience, collaborating fluidly across functions, hierarchy and traditional corporate boundaries.
- Their CIOs are significantly more likely to spend their time on activities that are strategic to the business.
- They have strong IT departments that actively and productively contribute to the corporate innovation agenda.
- They are more likely to invest in and reward innovation.
While these six traits can help build a roadmap for organisations seeking to harness IT for business transformation in the digital age, the study’s report notes that there are a number of barriers to overcome.
These include functional silos, rigid ideas about roles and responsibilities, calcified processes, outdated compensation structures and technology infrastructures that were not designed to support the kinds of open and agile customer-engaging systems required today.
BE WARY OF THE IT ADVICE YOU RECEIVE
Most directors are nervous around technology discussions and approach big IT decisions with trepidation. But Richard Lew, a director at Mentor Technology Group, believes that part of the problem results from where their advice is coming from and what influences that advice.
He says most ideas requiring technological innovation come from the top down. For example, directors or senior executives may hear of things being done elsewhere and would like to do something similar. They understand the outcomes they want, but do not know how to achieve them. So they ask their internal IT and technology staff.
However, Lew cautions: “To rely on people that didn’t bring the vision to you in the first place, who didn’t share in its birth, for the implementation of that vision implies a reliance on your ability to communicate it (with all its implications) and their ability to become visionary about the project.”
He adds: “IT managers embedded in a business are usually deprived of the time, resources, conversation and exposure to what is happening outside their worlds. Many are promoted to the level of IT manager from within. That means that they have a career of seeing only what is in front of them – in the business. They tend to ‘keep the technology lights on’ and respond to the day-to-day requirements of the business. They operate using the skills available to them and are rarely accustomed to looking laterally, outside the organisation, for innovative opportunities to improve. They have legacy systems, legacy recommendations and usually a subservient outlook. They do not drive change or innovation and if they do, it is often ‘boys with toys’ stuff. They recommend the latest upgrade of what they have already done and have. And they tend to reinvest in what they have already implemented.”
Lew believes some IT managers also choose to implement certain products because this enhances their experience on their CVs or they may persist with certain products to prove their original advice to be sound.
He also warns directors to question the allegiances of vendors and the consultants they bring in. “Their service is often very comprehensive, but is the advice to the benefit of your business or the vendor’s?”
Lew believes the solution lies in the role and engagement of the CIO or CTO.
“The CIO and CTO roles have to include a vista that brings in the outside world. It should be given to someone that understands technology and how it is delivered and what it can do, but that person should not be highly technical. It is a role for a business ideas person more than a techie. It is the creativity and the broad view that should be valued.
“The person needs to have the ability to communicate and inspire and to see the opportunities and the risks at the same time. He or she also needs the ability, experience and self-confidence to become the CEO’s knowledge centre for the information management and technology aspect of the business.
“This is why there is such a growing demand on unaffiliated, consulting CIOs and CTOs – creative and inquisitive minds that see what is happening in the world, who can bring opportunity to the board and can look objectively at vendor offerings and ask the right questions, and can advise without fear or favour.”
Already a member?
Login to view this content