• SENIOR IT OFFICER
• Communications Infrastructure...
• IT Applications Manager / IT...
• Senior Project Manager - Melbourne
• Team / Technical Lead

What ICT leaders do

Paul Willmott, Information Age

14/12/2005 13:48:59

Something's gone very wrong with the structures, processes, and policies that govern how a business makes ICT decisions and who within the organisation makes them. Most companies have such frameworks-commonly referred to as ICT governance-in place today. In the best cases these systems help ICT and business managers work together to make smarter ICT investments that deliver real value.

Despite these well-defined rules, ICT and the business too often lack a common understanding of the company's basic objectives and have conflicting opinions about technology options and priorities. A good deal of research shows that this misalignment usually results in failed ICT initiatives and high costs.

The problem is that ICT governance systems have become a substitute for real leadership. Companies are relying on tightly scripted meetings, analyses, and decision frameworks to unite CIOs and business executives around a common vision for ICT. But committee meetings and processes are poor stand-ins for executives who can forge a clear agreement among their peers about ICT investment choices and drive the senior-level conversations needed to make tough trade-offs.

For several reasons, leadership can achieve what governance systems by themselves cannot. First, ICT leaders earn the trust of their business colleagues, often by demonstrating that they understand the company in business terms, by examining ICT options as business investments (rather than as technology solutions), and by managing the ICT function as a business-using business metrics to quantify results, for example. Trusted, credible leaders articulate a vision for ICT's role in the company and ensure that this vision is clearly understood by managers throughout the organisation. They inspire other executives to pursue new ICT-enabled business opportunities and have enough clout to keep managers focused on the right issues and on making the most effective decisions.

Governance systems by their nature lack the focus, energy, and high-level attention that an individual leader can provide. Meetings and rules can't make executives trust each other-trust is built at a personal level. Processes can't command the attention executives give to trusted peers. In some companies, for instance, business leaders send delegates to technology committee meetings; they would never shrug off a meeting with a respected colleague, however. Systems alone don't forge common visions or inspire action; without a leader, governance systems are like a vehicle without an engine.

In companies with strong ICT leaders, governance constitutes a much more flexible set of managerial activities, involves fewer people and fewer meetings, and is typically tailored to fit the ICT leader's style, much as executive committee activities often reflect a CEO's leadership approach.

As companies turn their attention to growth and place bets on new ICT investments, they can no longer allow systems to substitute for strong ICT leadership. The executive team must be more creative about identifying leaders, helping them succeed, and redesigning governance systems to support these leaders rather than to compensate for their absence.

A tale of two banks< Consider the case of one large European bank: the effectiveness of its ICT strategy was being undermined by a leadership vacuum. The head of retail banking was pushing hard for new systems and processes to improve customer relationships, the CEO wanted to consolidate operations across organisational boundaries, and the CIO's top priority was to renew the bank's core applications and systems.

The bank had a clearly defined ICT governance structure in place for resolving exactly this kind of alignment issue. A committee of business and functional executives followed a step-by-step process for analyzing and reviewing ICT options and setting priorities. But the bank still lacked a clear vision for ICT's role in supporting the bank's overall strategy. The committee weighed the relative merits of the options against one another rather than using a common understanding of general priorities to assess each initiative. The committee was simply not capable of becoming the driving force in resolving these conflicting senior agendas. How could it be? It would be like asking a nation's legislative body to act as a leader. In the end, the CIO hijacked the process to push his ICT agenda forward.

In stark contrast, at another European bank competing agendas are resolved by an ICT leader (in this case, the CIO) with the clout to get executives to discuss options and reach a consensus-even if it isn't the decision they would make on their own. More important, the bank has fewer major conflicts over ICT investments, because the CIO has effectively integrated a common vision for technology with the corporate strategy, thus avoiding lengthy debates about which investments are desirable.

The CIO has clout because he earned it. He is regarded as a peer by the other executives; he understands the bank's businesses and thinks about them in the same way the other executives do; he uses their language; he thinks about initiatives as business options (not technology ones) and assesses them with the appropriate metrics; and he understands the constraints of the businesses and works within them. For instance, he's careful to plan, sequence, and finance necessary investments within the constraints of the bottom line of each business unit.

At this second bank, ICT governance is less formal and therefore far more effective than at the first one. Because the CIO has excellent working relationships with the business leaders, they use personal discussions to make quick decisions collectively rather than resorting to formal meetings. This approach has enabled the CIO and his executive colleagues to consolidate several committees at different management levels into a single executive ICT council that understands the bank's ICT strategy and makes investment decisions accordingly.

Our analysis of the ICT decisions at these two banks highlights a very clear message. The bank with an ICT leader makes business-focused ICT decisions that have helped increase its earnings each quarter and are supporting revenue growth in core businesses. In contrast, the bank relying on governance processes to act as a "ghost leader" has stalled; costs are high and transformation is slow.

Lead ICT governance-don't be led by it In companies with strong ICT leaders, the ICT governance structures are more efficient and streamlined and less bureaucratic than in companies without such leaders. Over time, leaders figure out what tasks can be achieved through relationships and what must be accomplished through more formalised assessment and decision-making processes. The balance varies, of course, depending on the leader's style, the top team's chemistry, and the specific processes required to get things done.

An efficient process typically gives the executive ICT committee the space to solve higher-value problems. One company's executive council, for instance, focuses on detailed analyses of how to implement new investments with maximum speed in order to reap the expected benefits as soon as possible. In particular, the council examines how to communicate its ICT decisions to employees throughout the organisation's business and ICT-management ranks.

Some companies streamline ICT governance even further, by integrating it with existing business governance processes. At one European insurance company, the executive committee that makes most of the major business decisions also handles ICT. The executive team believes this approach is more effective because ICT choices aren't viewed as separate and parallel to business decisions but as one aspect of them. Unfortunately, many other companies try to solve the problems that stem from a lack of leadership-incoherent ICT strategies, competing agendas, missed opportunities for the businesses to leverage ICT, misalignment and miscommunication between ICT and business managers-by ladling on more governance. These companies assume that greater alignment and better ICT decisions would result from clearer rules, more meetings, different people at the meetings, more rigorous analysis of business cases, or more forms and checklists.

They are wrong; additional ICT governance measures don't work and instead often exacerbate the problems. When one European financial-services company tightened its governance procedures, for instance, business executives became even more disaffected and participation plummeted. At another company, governance has evolved into a mammoth system of checks and balances, involving long, arduous meetings and multiple committees-a process intended to allow managers to question or defend the business case for new investments aggressively. ICT governance can always improve, but never enough to compensate for a lack of ICT leadership; there is no substitute for the sheer power of having leaders who trust and respect each other. Indeed, ICT leaders trump governance alone in three other important respects.

Leaders address issues that governance misses Companies structure their governance systems to decide whether to increase or cut investments in technology. They rarely use these processes to examine the broader questions regarding ICT value that leaders routinely confront: what is the role of ICT? How do we measure and improve the impact of ICT on the business? What innovations should we be exploring? What strategies are our competitors pursuing? And what constitutes best practice?

Leaders accommodate different executive styles; governance doesn't

Some business leaders prepare for ICT committee meetings by getting input and advice from their own managers and by reflecting on how they operate in their own domains. Others prefer going over issues and potential options with the CIO.

Some executives delegate responsibilities to trusted subordinates; others wish to exert total control by conducting personal reviews after the official ICT committee has met and then making a decision. Leaders understand these stylistic differences and accommodate them. In many companies, however, governance is a process that doesn't allow for much flexibility - rules restrict when and how decisions are made, and business leaders are expected to fall into line.

Leaders are accountable Executives routinely accuse ICT of managing projects poorly or of failing to translate business needs into ICT solutions. ICT, for its part, often blames business for a lack of involvement and quality input. Leaders must be accountable where governance isn't; the buck stops with them. The way forward True ICT leadership is rare. It results only from a deliberate effort by the executive team - and often in reaction to specific circumstances. At one company that had grown through serial acquisitions, for instance, the top team concluded that strong ICT leadership was needed to bring coherence to the company's fragmented systems. In other cases, ICT leaders emerged at companies that depended increasingly on performance outside their home market or where the CEO integrated ICT into the company's management culture.

The common denominator is that the executive team must take responsibility for finding an ICT leader and then commit to making that person successful. Three lessons emerge: 1. Hire creatively Too often, CEOs and their top teams rely on stereotypes about who should lead ICT. Finding the right person with the necessary skills isn't easy, since the role is fraught with paradox. An ICT leader must be a businessperson who understands ICT: an executive-like the CEO-who can create change but who individually may not have the clout within the organisation to make things happen, and who is a peer of business leaders yet respected as "one of us" by the ICT staff.

CEOs sell their companies short by searching solely for CIOs to fill this role. Banks in North America and Europe have asked chief financial officers or chief operating officers to lead ICT. One large global energy company rotates business executives into the role for a set period to ensure both that someone with business skills runs ICT and that the business units are then seeded with ICT-savvy managers. 2. Help ICT leaders succeed

The ICT leader must be part of the executive team to get results and to build the necessary relationships and credibility within the company. CIOs who are perceived to be operating managers-not leaders-rarely sit on the management committee and often report to executives other than the CEO. The solution isn't to clear space at the table for an operating manager; instead companies should search for an ICT leader who adds value to the management team.

Obviously, the ICT leader needs the right resources to succeed, but an explicit mandate within the company-including a role in the decision-making process-is equally important. The management team may opt, for example, to give the ICT leader veto rights over any project that isn't compatible with the company's ICT architecture. One European telecommunications company made the ICT leader its process architect. Business and functional leaders still operate the processes but must convince the ICT leader in order to change them.

3. Create the conditions for aligning ICT and business Alignment won't come about simply from discussions between ICT and business units. Instead, clear frameworks for decision making and alignment must be forged within these boundaries. The company's strategy should be specific enough for ICT and business leaders to discuss trade-offs rather than debate what the strategy means, for example.

In some cases, performance frameworks help to align business and ICT. One telecommunications company, for instance, uses business rather than technology metrics to review and compensate its ICT leader.

The difference between companies with strong ICT leaders and those that use governance as a substitute for leadership is striking (exhibit). Executive teams with a strong ICT leader make better, faster decisions about technology than do companies that rely solely on a governance system-no matter how effective it is. This article was first published in the August 2005 issue of McKinsey on ICT and is reprinted with permission.

About the authors: Eric Monnoyer is a principal and leads McKinsey's ICT practice in France. He specialises in ICT performance management and is based in Paris. Paul Willmott is a principal in McKinsey's global ICT practice and specialises in ICT organisation and governance. He is based in London.

References: 1Andrew M. Appel, Amit Dhadwal, and Wayne E. Pietraszek, "More bang for the ICT buck," The McKinsey Quarterly, 2003 Number 2, pp. 130-41.

[sidebar]

Corporate governance in ICT still crucial

By Prof Vijay Varadharajan

There have some clear trends in the corporate world in the recent time which impact on accountability, governance and ICT strategies. On the one hand, in the wake of the Enron and Worldcom accounting scandals, the regulations a corporation needs to implement to ensure its integrity are open to increasing scrutiny. This has given rise of a growing number of initiatives such as the Sarbanes-Oxley Act and Basel II designed to ensure that high standards of corporate governance become part of day-to-day business culture.

On the other hand, over the recent years corporate boards have become increasingly aware of the company's dependence on ICT. From Y2K to Denial of Service attacks (DoS) to spam to compliance to government regulations, there has been an increased sensitivity to ICT risk for boards.

Despite this many boards have no or minimal exposure to the issues involved with ICT strategies and their impact on corporate decision making. The situation is particularly significant given that information assets can range anywhere up to 40 to 50 per cent of corporate capital spending. In general the practices of boards monitoring ICT investments and their influence on decision making may vary a great deal. Boards often tend to apply bits and pieces of policies and rules borrowed from other companies.

The common current state of affairs is that not many boards understand to the extent needed the operational dependence of their companies on ICT systems and their role in overall strategy. In fact, Basel II and the Sarbanes-Oxley Act highlight the fact that board directors and executive management have a duty to protect the information resources of their companies.

If the board is unable to exercise its oversight on ICT activities and investments of the company, then it could put the company at risk in the same way as failing to do audits. In this climate of increased accountability for boards and corporations for their actions, this could potentially lead to a dangerous situation.

Current state of affairs This state of affairs in boards with respect to ICT is in complete contrast when one compares it to other areas such as auditing that affect corporate strategy and control. For instance, the tasks of an audit committee of a board are more or less well defined, and there are generally accepted accounting principles on which they can be based (such as the US NYSEGuidelines).

Similarly, there are also guidelines that a board's compensation committee can resort to in making and explaining their decisions to the shareholders. In the case of ICT governance, there are not well established ones, though the recently proposed Australian Standard AS 8015 is probably one of the first being developed to provide guidelines for directors on the effective, efficient and acceptable use of ICT within their organisations.

At present, in many companies, often it is the CIOs who have the responsibility to manage the corporate information assets; they are often faced with a difficult task when they receive no or little inputs or advice from the boards. Some companies have addressed this issue more thoroughly by establishing board level ICT governance committees, which are on a par with their, say audit and compensation committees. Examples include Procter & Gamble and FedEx.

Where are we now? In some sense, the question is no longer whether the board should be involved in ICT decisions but how? Of course, there is no one-size-fits-all model and there are a range of factors that need to be considered. These include the nature of the industry segment the company is in and the competitive situation, the company's history and its offerings, its financial position, and the role of ICT in the company and the quality of its ICT management. The strategy that works for a food retailer may not be suitable for a large transportation company or for an Internet content provider company.

I would say the more important issue is what help one can provide to the board to help them to ask intelligent questions and recognise their company's characteristics with respect to ICT; what are the issues that the board needs to consider when it comes to ICT and how should the board go about getting information and help to make decisions. For instance, what issues the board needs to consider that involve ICT decisions and how can these be used to develop ICT governance policies addressing the company's strategic and operational needs.

ICT governance issues At a high strategic level, perhaps the two key areas for the board are (a) how much does the organisation depend on reliable, secure and cost-effective ICT for its daily operations and (b) how much does the organisation rely on ICT for its competitiveness and development of new products and services.

Addressing these questions will involve a range of issues at a more detailed level such as • Is it more important for the company to have reliable and proven ICT systems and communications or state-of-the-art computing? • If the ICT systems go down and the services are interrupted for say several hours how will this impact the business, revenue and customers? How critical is the business continuity in ICT operations? • What security and disaster recovery procedures are in place, and how are they managed and kept up to date? How much is the management aware of these responsibilities? • How important it is for the company to have access to new technologies and services to compete with its competitors in the industry? • How much innovation and new technologies play a role in the company's operations for increasing its market share and growth? • How to go about discovering new opportunities for the company based on developments in technologies and executing them? • How does the company compare with its competitors in terms of ICT systems, infrastructures and applications and are there mechanisms in place for regular benchmarking? • When moving from one technology to another, how important and how long one should maintain the previous systems for recovery from failure? Are there procedures and polices in place for migration of systems and technologies in the company? • Does the company have appropriate ICT systems and infrastructure to create and develop new intellectual property and assets? • Does the company have strategies and mechanisms for identifying and evaluating risk and exposures? Does the company have security policies and strategies for managing risks? • Does the company have appropriate secure mechanisms and procedures and management schemes for updating them? Does the company have policies and implementation procedures for fast response in the case of attacks? • Are there policies and procedures in place to secure archiving of corporate information? • Does the company have strategies to appropriately monitor and detect unauthorised conduct which may lead to litigation of the company?

In addressing such strategy and governance matters, it is necessary for the board to have policies and mechanisms to conduct an oversight and identify the issues such as the above and refine them further to specific tasks and get regular reports to take appropriate actions and decisions. As mentioned earlier, depending on a range of specific characteristics of the company, the solutions may differ. For some companies, it may be sufficient for the board to have ICT experts to serve on one of their existing committees such as the audit committee.

However, for companies where ICT systems and infrastructures form an essential part of conducting their business and operations and enhancing their market growth, it is critically important to have a board-level ICT oversight.

This needs to be achieved by establishing an independent ICT governance committee, which can provide inputs and advice to the board. The committee should have at least one ICT expert and this person should operate at a peer level to other board members. The role of this ICT expert is to analyse in-house thinking and challenge them if appropriate.

The ICT expert should be highly skilled in communicating technology issues to board members in a non-jargon manner and should explore new opportunities for the company; the person should encourage the board to think about the "bigger picture" and its impact on the business.

This implies that this person should have an overall view of the organisation needs and system architecture as well as the dynamic changes on technology and their potential.

As the pressures on the boards to be increasingly accountable for technology as well as ensuring the operation of critical ICT systems for the provision of services, the need for board level ICT governance will become greater. As more and more companies increase their reliance on ICT systems and infrastructures to change their strategies and compete more effectively, ICT governance at the board level will become even more significant. In this context, with the increasing concerns on unauthorised conduct and security of information and services, the role of ICT security on the board level technology governance is bound to grow.

Vijay Varadharajan is Professor and Microsoft Chair in Innovation in Computing at Macquarie University, and Technical Board Director, ACS