Saturday, February 25, 2017

Hiding in Splendid Isolation

She was hard to understand at first. Over the phone I heard sobbing, a stream of tangled words, and sirens. After she calmed down, she told me all about the accident. I tried my best to get the details and assure her that we could take care of her and her car. This was my first taste of being on a help desk at an insurance company. I was taking a real call from a real customer, and I was expected to solve real insurance business issues. The CEO wanted everyone to have some exposure to the front-lines of the business, and as an IT guy this was a visceral real world experience. This simple exercise taught me a lot about the insurance business very quickly.

During the development of Windows NT Microsoft used the expression “eat your own dog food”. Once the operating system was sufficiently developed, all the NT designers and coders were expected to use it on their own development machine. What better way to expose real bugs than by making you use your own tools? If you work for Ford, you should drive a Ford and you will get first hand experience with the products you make and service.

Several years ago I worked for the President of a credit card bank whose office was right in front of noisiest place in the whole company – the call centre. I never knew what volume level to expect from the neighboring cavern of helpful voices, and after a number of meetings in his office I asked him why he chose to have office so close to such apparent chaos. His answer was clear and simple, “I have a direct ear to the business, and I know exactly when something happens. I know when business is good and when it’s bad just by gauging the volume of chatter.”

That philosophy has followed me over the years, and begs the question of why do CIOs and senior IT leaders seem to quarantine themselves from their customers? Hiding in splendid isolation behind barriers of technology they don’t experience their own services, nor do they vicariously live as one of their customers. It’s too easy for CIO’s and senior IT leaders to focus on operating technology without ever having to use the tools their departments build and maintain. Excuses include, “I’m too busy”, “that’s for my staff to worry about”, or the worst, “I’m not a customer, so why would I use our products?”

If you’re a CIO or senior leader you can’t afford to be too busy to learn about your customers. Get out of your office and spend time with real customers and ask them about their experiences with your systems. No staff in the world are responsible for your learning – you need to be personally engaged with your customers to really know and understand the purpose of your job. Finally, I would argue that there is always a way to use your products. The best CIOs and senior IT leaders I know in higher education have worked towards degrees, performed research projects, or taught courses at their institution at some point in their career.

At Simon Fraser University we were experiencing significant problems with technology in a particularly large classroom. After talking to the prof I was invited to come and listen directly to the students’ concerns. I spent a few minutes explaining the core problem and addressed any questions related to the issue. They were appreciative of the conversation and since we had some time left over I opened up the discussion to any other comments they had about our systems. Suddenly I felt like I had opened up a floodgate – from registration issues to booking advisors they had a seemingly infinite number of concerns. That day I became the student and it may have been the most valuable classroom learning experience I’ve ever had.

For some CIOs, spending time with their customers may seem like an inefficient use of their time. They may feel any issues or concerns could be dealt with via email or Twitter. But without real world exposure to your customers’ dreams and aspirations, you run the risk of losing touch with the core value proposition of IT. So get out from behind your desk and your devices, talk to your customers, and eat your own dog food.


Wednesday, February 8, 2017

IT Projects are Innovation Investments

Sometimes as a CIO I feel like Bill Murray’s character Phil in the movie Groundhog Day. Every few years I seem to wake up and do the same project all over again. But the good news is that I am seeing the project with a different perspective each time, and hopefully learning more each time.

For example, over 20 years ago I ran an email and calendaring system replacement project. We moved an entire insurance company from a mainframe email system to a bright and shiny new client/server email and calendaring system. Everybody believed it was an IT project. The shift from the big clunky green screen terminals to PCs with a graphical user interface was a big technology shock for the whole company. We all viewed the project as a massive technology change, so of course we simply labelled the project as an IT project. The business case to justify the change focused almost entirely on the how the new technology would improve the efficiency of the company.

Fast forward a decade and as a CIO I upgraded a large research university to new email system. This time the change had a somewhat different focus. Although the change brought a vastly new technology into use, the project also had to focus on how to change a culture with firmly rooted processes in existing systems. The calendaring component of email was such an integral component of everyone’s workflow that socializing the innovation became just as important as the technology. Our business case emphasized the need to help people through the dramatic process changes invoked by the new technology.

Another decade later and I’m the CIO at an even larger institution and I find myself championing the move towards a new email system. But this time the business case is intensely different. We are not debating the merits of particular technologies because that’s a well understood activity. Nor are we concerned with how to socialize the new innovation because that’s also a well worn path. The debate now focuses on the strategic impact of the project on our organization. Today we are concerned about ethical issues arising from where our data should reside.

This evolutionary path requires a different kind of business case that addresses much more fundamental questions.
  • Is it safer to keep data on your own premises where you can keep a watchful eye on it? 
  • Can a behemoth IT services company afford to provide better security than your local IT department? 
  • Are the people who are going to use a new system comfortable with their data residing in a potentially foreign jurisdiction? 
  • Will the users of a new system be fully cognizant of what could happen to their personal information in world where data flows are borderless? 

These are not technology questions.

The fundamental nature of how organizations view IT projects has transformed. Culturally, organizations are so familiar with technology change that it is not nearly as dramatic as it once was. The traditional technology components have faded so far into the background that we can no longer use the traditional IT model. When even a simple email upgrade becomes a strategic decision, we need to think differently about all IT projects. Organizations must view IT projects as innovation investments where their business cases provide answers to far more strategic demands.

Much like Bill Murray’s Phil from Groundhog Day, I’m getting better every time I wake up with the same project. On the morning I wake up and the radio is finally playing a different song, I’m sure we will be replacing email with global telepathic interconnectivity … and that will be a fun project.

Wednesday, February 1, 2017

SFU and the EDUCAUSE 2017 Top 10 Issues

Every year EDUCAUSE publishes the top 10 issues in higher education IT. I look forward to reading the list each year because it is an excellent gauge of how we fare compared to the industry at large. The top 10 helps us understand the key trends in IT for our industry, guides our planning about where we may need to invest, and provides us with confirmation about where we are already allocating resources.

Here is this year’s list:

  1. Information Security: Developing a holistic, agile approach to reduce institutional exposure to information security threats
  2. Student Success and Completion: Effectively applying data and predictive analytics to improve student success and completion
  3. Data-Informed Decision Making: Ensuring that business intelligence, reporting, and analytics are relevant, convenient, and used by administrators, faculty, and students
  4. Strategic Leadership: Repositioning or reinforcing the role of IT leadership as a strategic partner with institutional leadership
  5. Sustainable Funding: Developing IT funding models that sustain core services, support innovation, and facilitate growth
  6. Data Management and Governance: Improving the management of institutional data through data standards, integration, protection, and governance
  7. Higher Education Affordability: Prioritizing IT investments and resources in the context of increasing demand and limited resources
  8. Sustainable Staffing: Ensuring adequate staffing capacity and staff retention as budgets shrink or remain flat and as external competition grows
  9. Next-Gen Enterprise IT: Developing and implementing enterprise IT applications, architectures, and sourcing strategies to achieve agility, scalability, cost-effectiveness, and effective analytics
  10. Digital Transformation of Learning: Collaborating with faculty and academic leadership to apply technology to teaching and learning in ways that reflect innovations in pedagogy and the institutional mission

From Simon Fraser University’s information systems perspective, I have some observations about how these top 10 issues relate to several of our key initiatives.

  • The #1 issue is Information Security. Given the serious breaches at the University of Calgary and Carleton University within the past few months, it is clear that Canadian universities are not alone in our concerns about security. Our efforts at SFU in this area are being led by the cross-functional, cross-departmental Security Council. They have introduced a number of changes and will continue to improve our security posture. 
  • Three of the top 10 issues are data related. Using data and predictive analytics to improve student success (#2), focusing on using data management and business intelligence tools to improve decision-making (#3), and improving data management (#6). All three of these issues are being addressed by our Enterprise Data Warehouse and Business Intelligence project. The scope of this project includes the development of a comprehensive data model and data warehouse to support our analytics requirements, the implementation of tools to leverage the integrated data, and the development of the appropriate data governance and data access policies to ensure the success of the new systems.
  • The concept of providing strategic IT leadership (#4) to the institution is the foundation of our Vision for One I.S. Full realization and implementation of this vision is currently under development through our information systems strategic planning exercise.
  • The creation of the new IT Fund in the 2017-2018 fiscal year is essential to the development of an IT funding model that will enhance innovation and facilitate growth (#5). Similarly, this new fund will help us with ensuring adequate funding for the staffing of projects needed to proactively respond to expanding demands for information systems across the campus (#8).
  • Optimizing IT to ensure our stakeholders get the most value for their investment (#7) is being discussed across SFU. We are currently in the process of creating a new model for prioritizing demands for administrative systems resources. The Administrative Systems Priority Setting Committees have been restructured and these new committees will launch soon. In conjunction with this change we are introducing a project scorecard and prioritization model that will create a more systemic, consistent, and transparent approach to ranking information systems investments and allocating our resources.
  • Our new an Enterprise Architect position is expected help us define our current information systems architecture and map out the path to the future next generation enterprise IT model (#9). This is a visionary role requiring close integration of data, process, and technology.
  • Our Educational Systems Stewardship Committee (ESSC) regularly discusses the many and varied issues related to the digital transformation of learning (#10). These are complex discussions blending pedagogical and technological challenges together. 

Clearly we have a lot of work to do, but the good news is that SFU information systems initiatives are addressing key higher education industry trends. We are allocating our resources and investing our funds in the right places, and I’m excited about our future.

Tuesday, December 6, 2016

Connecting Silos in the Canadian Digital Infrastructure

Note: this article is cross-posted on the Simon Fraser University site

I was recently travelling across Canada by car driving past grain elevators and wide open spaces, giving me time and space to reflect on a number of ideas. The prairies typically give a driver lots of time to ponder a wide variety of themes, but one in idea in particular was how we as a nation work together remarkably well on national digital infrastructure, despite the vast seemingly empty plains.

For example, after almost two years as President of CUCCIO (Canadian University Council of CIOs) I have had the opportunity to observe the how the organization interacts with rest of the Canadian digital ecosystem. Late last year Universities Canada published “Canadian Universities and the Digital Future.” In that document they posed the question, “What do Canadian universities need to become digital leaders?” Their answer to the question consisted of a five actions based on their digital technologies survey from the fall 2015:
  1. The sharing of best practices and evidence-based technology investments.
  2. The development of national strategies and greater coordination among all levels of government, service providers, and universities. 
  3. Improved collaboration both within and between institutions.
  4. Improved capacity for institutional change management. 
  5. More sustainable and flexible funding models and resources. 
What is particularly interesting is how the CUCCIO organization is already delivering solutions in each of these five action areas and directly assisting Canadian Universities to become digital leaders. I would like to address each action separately.

1. The sharing of best practices and evidence-based technology investments.

This first recommended action is CUCCIO’s founding raison d’etre. This type of sharing is why we felt compelled to created CUCCIO in the first place. As Chief Information Officers responsible for our institutions’ digital infrastructures, we derive enormous value from both participating and contributing to CUCCIO. Every CUCCIO meeting is an occasion for the IT leaders of universities across Canada to share digital best practices and technological learning experiences, while also taking the rare opportunity to pause and reflect on the future. CUCCIO meetings create the unique atmosphere and environment necessary for the all leaders of university digital infrastructures to freely share experiences, ideas, successes, and failures in a mutually supportive, non-judgemental, and unconstrained environment.

2. The development of national strategies and greater coordination among all levels of government, service providers, and universities. 

As President I have seen CUCCIO interact with an astounding array of government and national IT organizations. We work closely with Compute Canada on national computing initiatives, including the wildly successful 2016 CANHEIT & HPCS co-hosted conference. The Executive Directors of CAUBO and CANHEIT work together regularly on a wide variety of higher education administration activities. The Leadership Council for Digital Infrastructure was created in 2012 at a forum initiated and facilitated by CUCCIO. Leaders from CUCCIO meet regularly with leaders of parallel international organizations through CHEITA (Community of Higher Education International Technology Associations). CUCCIO contributes on a constant basis with CANARIE through their CIO Advisory Council. Research Data Canada works closely with CUCCIO for support and several CUCCIO members are directly involved. Finally, CUCCIO is our national voice with the largest technology vendors including Microsoft, Amazon, D2L, Gartner, and the Educational Advisory Board. With almost 60 universities participating in CUCCIO, there is no other organization in the higher education sphere in Canada that is so broadly and deeply connected.

3. Improved collaboration both within and between institutions.

Fundamental to the success of CUCCIO is its ability to mobilize IT resources from across Canada to solve particularly critical national digital infrastructure issues. The CUCCIO Security Special Interest Group (SIG) is instrumental in sharing best practices around national IT security issues, and coming together to communicate immediately about emerging security threats to the community. Project management tools and techniques are shared nationally through the CUCCIO Project Management SIG and the recently created Client Services SIG will help improve customer experiences throughout our digital infrastructure. Via ad hoc conference calls to deal with emerging issues, the CUCCIO Executive Director brings together the right mix of people with digital infrastructure skills to help resolve impending issues such as reacting to protection of privacy challenges or rampant ransomware attacks. Finally, CANHEIT, the annual sharing of higher education digital technology ideas, experiences, and changes is facilitated and seed funded by CUCCIO.

4. Improved capacity for institutional change management. 

I would argue that you cannot “manage” change, but you can socialize change in a mindful and conscientious manner. This realistic approach to change requires help and support. It requires sources of experience and lessons learned. It requires an open community of like minded change leaders who are open to sharing their learning moments and scars. Access to nearly 60 university digital leaders via CUCCIO is like a security blanket for change. Technological change is an inevitability, and no matter what changes, there are very few times I am doing it alone. I always have someone else in the CUCCIO community that is travelling a similar path. I can always learn from their experiences, and glean vital help and advice from them.

5. More sustainable and flexible funding models and resources. 

Funding is always a contentious issue, particularly if the arguments are devoid of data. But CUCCIO has been leading a national benchmarking initiative for several years. The data from this work is invaluable in understanding the digital infrastructure investment in each university. This body of knowledge has been constructed using appropriate factors that account for digital infrastructure environments that vary by several dimensions across Canada. Quite successfully, the CUCCIO benchmarking helps us all understand what are comparable and appropriate costs throughout the national infrastructure. This understanding forms the basis for justifying any proposed funding models and allocating appropriate resources. Fact based benchmarking also helps the entire community improve our negotiating stance with vendors, leading to contracts where our national digital infrastructure can have greater control over key issues such as data management and privacy.

Clearly CUCCIO is central to helping Canadian universities become digital leaders. I strongly urge everyone involved with CUCCIO and everyone who works with CUCCIO to spread the message about the strategic significance of the organization in the Canadian digital ecosystem. Much like isolated grain elevators on the prairies in a deep winter storm, without CUCCIO, the higher education digital infrastructure in Canada would simply be a sparse set of silos devoid of connectivity and community.


Tuesday, July 12, 2016

Higher Education IT Trends: 2016

Note: this is cross-posted at the Simon Fraser University site.

As part of my duties as President of CUCCIO I am expected to give the President’s report to the Annual General Meeting. At the June meeting my talk included some observations about trends and changes in higher education IT I have seen in the past year. Several folks have asked me to share these ideas so I wrote this blog post as a summary of the speech.

1.      Cloud computing isn’t a big deal

Cloud computing is simply a fact of life and we are dealing with it. Every organization has its own approaches and strategies that suit the uniqueness of their institutions and legislative domains. From Dalhousie University’s fascinating cloud first strategy to SFU’s cloud consumer and provider strategy, every university is dealing with it.

2.      Security is compelling and demanding and ubiquitous

The recent ransomware attack at the UofC has raised the profile of IT security in a jarring and shocking manner. Not only was the university forced to pay an embarrassing ransom, but more importantly, all their IT systems were shut down for 10 full days which has an immeasurable fiscal impact. Universities can no longer hide behind the veil of academic freedom to continue to justify a network security blanket that resembles cheesecloth.

3.      IT isn’t a cost, it’s an investment

Conversations with President’s, Provosts, VPs of Finance, and Research VPs are reflecting a new perspective of IT. In the past the conversation about IT was typically all about the cost. Now the conversation is changing; we are talking about how to extract value from the investment in IT. These are investments helping the university achieve educational, academic, research, and community objectives.

4.      Social media is no longer special, it’s just media

We are now talking about a digital experience, not just a learning experience for our students. We are creating digital strategies that engage our stakeholders and integrate new media changes into everything happening on campus. From a media perspective, traditional IT is like a millstone around the neck of media innovation. “Social” media is no longer unique – it is the media.

5.      Benchmarking is community building

A number of universities across Canada participate in a benchmarking initiative. This sharing of IT data exposes our strengths and weaknesses in a measurable manner. The act of sharing such sensitive data requires an unusual level of community trust. Emerging from this trust is a stronger community of shared interests. If I see a similar school with interesting metrics I can simply pick up the phone and to ask what they are doing and how they are doing it. The ability to compare and contact is priceless, and it builds a stronger and healthier higher education IT community.

6.      IT used to provide technology with a service component; now IT provides service with a technology component.

Our clients don’t want technology; they want the service delivered by the technology. The entire emphasis of our information systems organizations has clearly shifted from technology to services. We are becoming client-centric and the shift to out-sourcing (cloud computing) is accelerating that change. In a more cloud oriented world, we do increasingly less with baseline technology and we become integrators of a basket of services from a wide variety of providers.

7.      There is no such thing as IT strategy

IT departments expend a lot of energy developing technology strategies. Nobody cares. Much to IT’s chagrin, they are discovering that IT staff are the only folks in the institution reading the strategy. Today, real IT strategy is part and parcel of the fabric of the university strategy. The best IT strategies are the ones embedded into the university strategic plan.

As we wrap up the current academic year and entering into the summer months, we have the opportunity to reflect on these trends and think about how we should respond to them effectively. I look forward to a new academic year with more changes and a new series of ever-changing IT trends.


Sunday, October 18, 2015

Why Does IT Cost So Much?

Note: I originally published this article in University Manager Magazine Fall 2015 issue


Across Canada and around the world, senior university leaders are watching their IT budgets continue to grow. In an era of greater cost scrutiny, this expanding demand from IT seems counterintuitive and senior university leaders are increasingly questioning why. The simple answer is that IT costs are growing because universities are using IT more broadly and more systemically in everything they do. Yet that answer does not fully capture the big picture. There are many forces driving up costs and we need to understand what we can control and what we cannot.

A Brief History of IT Cost, Complexity, and Importance

The diagram below outlines the changing role and characteristics of IT university organizations as they have evolved over the past few decades. Every year we discover new and useful applications of information technology in the university. Every year we add new technologies to the portfolio of systems we are required to support. Constant technological innovation means constant increases in technology utilization, penetration, and dependency in all aspects of university research, administration, teaching, and learning. As the importance of IT grows on our campuses, so does its complexity and cost.

Today we have a reached a point where IT is ubiquitous. Every participant in the university experience uses information technology. From board members accessing key documents on iPads, to researchers collecting data from underwater observatories, to students rating their professors online, we all utilize some aspect of IT every day.

In this environment, many of the cost drivers are no longer in our control. With internal and external forces driving change we face a vast array of controllable and uncontrollable cost drivers.

Uncontrollable Drivers of Cost Growth

The uncontrollable drivers of IT cost growth are all around us. We live in an environment of constant technological innovation and a university is not an island of splendid isolation. Key areas of uncontrolled drivers of growth in IT expenses are:

Breadth of Demand

Information systems are used by everyone on campus. Everything we do is impacted by IT. Every process on campus - from traditional financial transaction processing to more modern applications such as plagiarism detection - has an inherent IT component. In everything we do, we demand more and more information technology to get things done at the university.

Depth of Demand

The average person brings 1½ IT devices on campus with them every day; often a laptop, an iPad, and a smartphone. Not only are we using more systems, but we are using more devices to access those systems. IT must keep the response time fast while seamlessly supporting all points of access.

Increasing Compliance Demands

We are experiencing increased demand for information systems to support legislative compliance in areas such as privacy, copyright protection, and freedom of information. Today, a lawyer is often consulted before a new system is even considered. The legal and compliance implications of any system are adding a new layer of cost and complexity to everything we do in IT.

Increasing Security Demands

The IT world has become an increasingly dangerous place. Hacking has transcended simple acts of theft into high-stakes criminal cyber-attacks. We used to build firewalls, then we reinforced the firewalls. But that’s not enough anymore. The attacks are coming from inside and outside our boundaries. New security protection requires artificial intelligence tools to detect attacks inside the perimeter. These new layers of security are vastly more complex and expensive. 

Any Device

Increasing demand to support whatever technology the client desires is expensive. We used to set some base standards for personal computer access to our network. Our clients no longer tolerate that approach. Now we have to install infrastructure and software to support every device imaginable: Apple PCs, Windows PCs, Linux PCs, Apple tablets, Android tablets, Windows tablets, Blackberries, and more. 

Any Time

IT department budgets were established at a time when information systems were accessed during regular business hours. Today, accessibility to systems is expected 24-hours-per-day, 7- days-per-week. Not only is availability demanded, but round-the-clock staff support is required. This broadening of system and support availability requires more money to implement and sustain. 

Any Place

Similar to the Any Time cost driver, IT departmental budgets were established to support systems within the physical boundaries of campus. Those days are gone. Distributed learning, distance education, and multiple campuses across the globe now require access to all of our systems from anywhere. Building technical infrastructure to support the networking demand of this new world increases IT capital and operating costs.

Quality of Software

I taught a first year undergraduate business course recently. When the students discovered I was the CIO they told me “Your systems suck.” They were right. Compared to the cool apps they commonly use (Facebook, LinkedIn, Twitter, Instagram, etc.) our systems fail in comparison. Satisfying these growing quality expectations is expensive.

New Teaching and Learning Technology

We are seeing new innovations in teaching and learning technology generate increasingly large video and image databases. For example, flipped classrooms require new technology to record and store vast volumes of video data. In-class student response systems demand instantaneous responses, requiring greater wireless capacity. Students come to our universities expecting the best classroom experience possible. The cost to renovate and upgrade our classrooms to new and rapidly changing technology accelerates the growth of IT and its commensurate expenses.

Exponential Research Data Volume Growth

Research data demands are driven by several changes in the nature of research computing. For example, research using vast arrays of sensor networks leads to huge growth in pure data volume. Not only do we have to store the data, but we have to transmit it over our networks and back it up in our archive systems. This massive growth in data demand is outpacing Moore’s Law and driving up costs.

The full force of these drivers is affected by factors outside the university. The best we can do in these areas is to strive to manage their impact on our bottom line and on our clients’ expectations.

Controllable Drivers of Cost Growth

There are several cost drivers within our control. The way universities manage IT is the real culprit. The controllable drivers of IT cost growth are insidiously hidden behind seemingly unassailable campus myths. Some key areas of cost drivers that are in our control include:

Distributed IT

The growth of independent, isolated, and silo IT departments that are separate from central IT lead to duplication of efforts, ineffective standards, conflicting technologies, and highly risky security incidents. At many universities, IT expenditures for non-central IT are often higher than central IT. These non-central IT expenditures have none of the rigour and control typically applied to central IT funding. 

Redundant Systems

Distributed IT responsibilities leads to the implementation of independent IT systems without a coordinated plan, creating overlapping and redundant systems. Disproportionate cost increases are needed to fund the inefficiencies.  

Data Integration

Data created by distributed IT departments and disparate systems cannot be integrated effectively. With multiple sources of data, there is duplication and redundancy in each of these systems. Resolution of data conflicts among multiple systems or multiple IT departments is expensive.

Independent IT support, overlapping systems, and duplicated data issues arise from a genuine need to be responsive to unique and highly specialized local needs. But without disciplined management, the costs and risks are excessive. Controlling these cost drivers is a non-trivial management responsibility that lies within IT, academic, and administrative leaders. Lack of control is acceptable only if the associated risks and costs are formally understood and accepted.

IT Is an Investment

Traditional IT departments spend almost 75% of their budgets on operational support work such as help desk, data centre management, and maintaining applications software.  Only 25% of the budget is left for system enhancements and new projects which leaves little room for innovation and creativity in the application of IT and a grim future for IT at our universities.

As a result of budget challenges, universities need to shift their perspective on IT funding. Instead of viewing it as a necessary evil to keep everything up and running, expectations of IT need to change. We need to view IT as an investment in the future. IT is an institutional investment opportunity to improve productivity, capacity, quality, and performance of all aspects of the academy. Chief Information Officers (CIOs) must be challenged to move from the traditional 75% maintenance and 25% projects model to a new order. Universities need to invest in growth by setting an expectation that IT will spend 25% on maintenance and 75% on investments.

An investment focus requires the university to create prioritization criteria for IT investments, then ensure all institutional IT spending is assessed against the criteria. The IT organization becomes a creative partner with every university department in applying the prioritization mechanism to identify and implement revenue opportunities, quality improvements, cost efficiencies, and risk mitigations.

The diagram below illustrates the shifting emphasis:

Finding the Real Costs

Measuring the real and full IT cost in a higher education environment is complex because IT funding comes from a variety of sources. With a multiplicity of sources comes challenges in measuring the real spend. Where do all the hidden costs lie? Challenge the budget status quo: if all IT funds are not managed by the central IT department, understand why. 

Getting an accurate picture of who does IT work can be hidden behind the heroic generalist. With distributed IT staff we see generalists who do everything from HR work, to financial transactions, to IT support. Counting those resource costs as part of the overall IT spend is difficult. Particularly when centralizing management of work.

Other costs are masked by unnecessary duplication. Many technologies are actively converging and some university organizations have not adapted. For example, audio-visual technology and IT are converging into a unified technological ecosystem, yet in many institutions they remain managed by distinct and disparate departments.

Shifting to Investments

Moving to an investment model means changing the university’s IT portfolio. What do we stop doing? Consider spending less time doing IT commodity work like administering email systems and moving the resources up the food chain. Can we centralize all email on campus to a single email system with one set of administrators? Can we outsource this work to a provincial shared service provider or outsource it to the cloud? After all, teaching, learning, and research are not dependent on our email administrative skills. 

Those administrative resources are best re-purposed to leverage technology in areas such as pedagogy or high performance research computing. Examine every commodity IT activity as an opportunity to move to a new service provision model. But they must be products and services we understand well – never outsource something you cannot manage. 

When IT is no longer viewed as a cost, but as an investment, each project is an individual value proposition with a positive return on investment (ROI). IT projects are no longer bottom line expenses – they are opportunities to create products or services where the benefits exceed the risks and expenses.

Maximizing the Value of Your IT Spending

Moving to an investment-driven IT organization means thinking differently about the complete cost structure. There are several emerging best practices in managing IT expenses. 

The most effective best practice in IT cost containment is moving to a common infrastructure. A common information systems platform for the entire institution means making the diplomatically difficult decision to centralize the management and control of all information systems. One IT department equals one procurement process for all of IT and a single source of the truth for all data. 
Another best practice is developing shared provincial services for higher education IT. Much like provincial regional networking organizations like ORION or Cybera provide low cost shared bandwidth across the province, shared services in areas such as Disaster Recovery Planning (DRP), data centre management, and IT procurement can lower costs for all higher education institutions. BCNET is the Canadian leader in this approach. CANARIE is also pioneering services above the network that can be shared nationally.

The cost-saving best practice receiving the most attention in the press is cloud computing. Essentially an outsourcing economic model, cloud computing delivers significant costs savings in some commodity IT services. Any cloud decision requires a careful business case that assesses the quantitative and qualitative benefits against the long-term risks and hidden costs. When properly assessed and closely managed, cloud computing lowers IT operating costs.

IT contracts tend to be written once and then ignored. But there can be gold lurking in the contract details. What software was purchased years ago in a bundle that is no longer being used? ERP contracts are rife with these gems. Has staff, student, or faculty headcount declined? Many licensing contract fees vary by the number of enterprise users, and vendors do not always feel obliged to notify customers when billing could decrease.

What can the university stop doing? Develop metrics such as tracking usage rates of technology over time. Then calculate the ratio of the number of users of each technology to the operating cost of that technology. Use these numbers to justify shutting down or outsourcing technologies that are not providing an appropriate ROI.

Apply these best practices across the full portfolio of IT products and services and use the savings to re-invest in the projects the institution needs to move its strategic vision forward. The table below highlights these top five best practices:


Why does IT costs so much? First, the outside world continues to demand more IT services from universities. Second, universities are diplomatically delicate in their treatment of controllable IT costs. What we do about these cost drivers depends on how we manage expectations from the outside and how we apply leadership, strategy, and discipline to information systems management within the institution.

The new world of IT is inexorably growing in depth and breadth across all campuses. Our dependency on IT grows more every day, leading to an inevitable growth in cost. The role of IT has increased over the years, leading to a commensurate increase in expense.

Managing costs in an environment where external drivers dominate the landscape is difficult. There are internal factors the university can control, but the most effective strategy is to set new expectations.  The CIO must focus on a vision for the future and shift the budget model to support the new world of ubiquitous IT. 

Sunday, September 7, 2014

What is a CIO?

I needed to develop a clear definition of my job as CIO to a new boss recently. Initially my plan was to do a quick check of the internet, look for a good definition and pass it on. Wow - was I disappointed! 

After having been a CIO for over a decade, I could not find a decent description of the job. I realized I had to put the effort into writing what I thought was a realistic description of role. So here it is:

The role of a CIO is to create, implement, and sustain an information systems vision for the organization. Implementation of the vision requires integration of the people, processes, data, and technologies from across the organization needed to deliver information systems. Success is measured by realizing the benefits and controlling the risks of information systems throughout the organization by managing value, volume, and quality.

To accomplish this role, the CIO needs to be allocated certain non-negotiable responsibilities including:

  • Strategy and planning for the future of information systems in the organization,
  • Stewardship (governance) of information systems decision-making processes,
  • Investment portfolio management of information systems projects, 
  • Organization structure required to support information systems,
  • Ethics and principles needed to create acceptable information systems standards,
  • Leadership of ICT directly, and other IT units indirectly,
  • Information systems policies, principles, and procedures,
  • Quality of operational systems, and
  • Adapting the organization to the inevitability of process and technology induced change.

No discussion of the CIO's role is complete without outlining the scope of the role. In any organization the CIO mandate includes all information systems at the organization, not just the central information systems department. The CIO creates the information systems context needed to deliver the clients’ content, which encompasses all aspects of all information systems used in any dimension of the organization.

To deliver on the role and scope that I have defined, a CIO's mandate must include certain core functions:

  • Develop and sustain all information systems supporting the organization's core mission,
  • Implement any new system software, continuously improve production application systems, and provide organization-wide data stewardship to enable the business needs of the university,
  • Design and manage an enterprise architecture mapping all the technologies, applications, and data for present and future systems at the organization,
  • Create, enhance, and support the technical infrastructure of the organization,
  • Ensure the privacy, security, and legislative compliance of information assets are diligently and proactively protected,
  • Implement project management tools and skills to ensure consistent delivery of information systems investments (projects) on time, in scope, and within budget, and
  • Continuously improve operational processes needed to support and run information systems.

Hopefully this short description helps anyone else trying to do the same search I attempted. 


Tuesday, April 30, 2013

How Do You Manage a CIO?

I was listening to a pair of Chief Information Officers (CIOs) discuss the unusual problems they faced on a daily basis and how these difficult issues limited their future career options. From their perspective, they could not satisfy the myriad conflicting client demands on their limited IT resource pool without forcing them to always be the bad guy/girl in someone's eyes.

What I found most interesting about this and other conversations with CIOs was not the complexity of the job. Everyone knows it's a tough one. The shiny gem of truth was that the CIO job is not the end game plan for most people in the role. In retrospect, I realize I have yet to meet a CIO who sees their current job as the top rung in their ladder of career aspirations. Which makes managing a CIO an interesting challenge. If you were a CIO's boss, how would you manage her or him?

Standard HR doctrines aside, there are some unique aspects to the role and the CIO's future ambitions may influence their current behaviour. For example, IT organizations deliver tools to improve the business. Sometimes they build them from scratch, often they integrate vendor products, and sometimes they simply manage the vendor contract. But where does the CIO see her or his personal future? Building from scratch means a larger internal department; some CIOs find that approach appealing because it can translate into more power and influence inside their organizations.

Other CIOs see their next role in the vendor world. Maybe they want to go work for that exciting world-wide software company that makes your ERP system. Or perhaps they are pining for the new wave excitement of Google. Either way, the business choices they make in their current role may be tainted by their aspirations for a future role. IT procurement decisions may be biased towards the vendor organization where the CIO sees their next job.

The CIO who wants to stay within the organization but move to a line-of-business role may have other biases. They might be focusing an inordinate and inappropriate amount of time and effort on a user department to the detriment of other departments. Unbalanced emphasis of IT support to a favoured line-of-business can easily lead the strategic IT mission astray.

So imagine yourself as the CIO's boss. How do create filters to detect these biases and behaviours? You can't win an argument about the technical aspects of a decision, because that's the CIO's realm of subject matter expertise. But you can test for bias before you hire any CIO. As part of the selection process, ask CIO candidates pointed questions about their future ambitions. Ascertain their goals beyond the CIO job. Do they see themselves eventually joining a vendor or moving to an IT client role? How long does the candidate see himself or herself remaining as a CIO?

Another solution lies in building a stewardship (governance) model for IT. An effective stewardship model ensures the IT decision-making lies in the hands of the business and the CIO's role is to facilitate the process. Biases are easy to spot when the business wants to go one way and the CIO is going elsewhere. If business leaders prioritize projects, CIO preferences must be justified by facts or they will fail.

You can't be sure the stewardship model eliminates all biases. But a robust benefits realization process is another key checkpoint. Have you built a project management process that ensures benefits are tracked and measured against promises made in the original business case? Benefits realization forces the CIO to ensure project commitments match results. If not, there is a failure appreciation moment - an opportunity to learn from mistakes. Is the strategic mission of the organization aligned with the CIO’s personal mission?

The best way to ensure a CIO’s heart and mind are in line with the organizational vision is ask the CIO to craft an IT strategy through collaboration and consensus with business partners. Don’t let IT write the strategy in splendid isolation. Set clear expectations requiring broad-based contributions. Assess the CIO’s ability to work together with all IT stakeholders. Once the plan is published, measure the IT department's performance against the strategic business goals - not the technology goals.

CIOs may always complain about how hard their job is. But I think the person with the much harder job is the CIO's boss. Their challenge is to give him/her a hope for the future. What is the personal end game plan for the CIO and does it match the organization’s needs? Successful CIOs need a glimmer of career opportunity leading to the next step of the ladder within your organization. Groom the CIO to become the VP of Administration, or COO, or CEO. Without internal opportunity, the CIO will create their future elsewhere.


Monday, April 1, 2013

Any IT Organization Structure Is Ephemeral

In the process of introducing a new organization change a few years ago. One of my staff took me aside and said she understood why I had to make the changes, but she didn't really like the affect it had on her. I told her not to worry, because no IT organization structure is permanent. If she didn't like our current organization, I asked her to be patient and wait for the new one. I was already thinking about the next organization change before I had completed the latest one.

Organization structure exists to solve a problem. Once that problem is solved, it is probably time to change the organization again because there are new problems and new opportunities. The shelf life of any major effective IT organization structure is two years. Anything beyond a couple of years means IT has stagnated. External changes in the form of new technologies, or internal changes driven by new problems have arisen and the IT organization structure has to change to survive.

Think about implementing an ERP system. The sheer scope of the project typically consumes the full attention of everyone in the IT organization. The wise CIO creates an organization structure dedicated to ensuring the success of the project. The ERP becomes priority #1 by virtue of the size and impact of the implementation.

But once the ERP is implemented, the IT organization's attention has to shift. Expectations of IT change from the implementation of one big project to a plethora of follow-on projects. The organization's emphasis shifts from the management of a big bang strategic project to the management of a portfolio of tactical projects. To succeed with the new emphasis, the perceptive CIO creates a new organization structure.

This constant change approach can be difficult for some external groups to understand. For example, HR never likes organization changes. Not because it means more work for them, but because it means turmoil in the institution. Their job is to promote stability and constant IT change does not fit the typical HR model. Across the organization, most departments are not compelled to change nearly as rapidly as the IT department. External and internal change vectors are less common in departments like accounting or procurement.

But the fundamental rules of IT change constantly. Working in IT is like working in an accounting world where the generally accepted accounting principles (GAAP) change every year. If GAAP changed every couple of years in the real world, then the accounting department would have to re-organize much more often. That is what makes IT organization changes so special. Our rules change almost daily. We can't afford to wait. The world of technology passes us by if we don't have the right people focusing on the right things. We get stale, old, and unwanted pretty quickly if we aren't structured to take advantage of the latest and greatest technologies.

Value generation from new systems-based processes or market-grabbing technology-driven innovation can only come from nimble IT organizations. Agility in IT comes from a simple willingness to change everything, especially the organization structure. Organizations get value from information systems organization that can turn on a dime.

The external IT environment has already changed from the time you started reading this article. Have you thought about what that means to your IT department's structure? If you aren't already thinking about your next IT organization change you should be thinking about your next job ... maybe in accounting?


Thursday, December 6, 2012

The Decline and Fall of Traditional IT

IT (Information Technology) as we know it came to a fork in the road several years ago. The traditional IT department used to deliver technology with a service component. Now we provide service with a technology component.

What does this really mean? Let me provide several examples of the transition from information technology to information services:
  • The IT department used to deliver technology projects. Now the department delivers project management services. These services include IT functionality, but not exclusively.
  • IT departments used to build a complex infrastructure of networks and servers and workstations. Now the department delivers an enterprise architecture articulating how everything fits together.
  • Staff members in IT were the back office geeks. Now the department trumpets service-orientation with world-class help desks and sophisticated escalation processes.
  • Security was a deny first, enable later process. Now the department defines security by corporate policies. These policies follow national and regional privacy laws, enable multi-layered authentication for a variety of roles, and facilitate freedom of information legislation.
  • IT departments used to hand-craft software to meet every nuance of an organization's processes. Now the department staff are master negotiators working with a sea of vendors to deliver information services written by a vast array of industry subject matter experts who have never set foot inside the organization.

These are the facts crafting our new reality. The implications for the future of IT are undeniable. The decline and fall of traditional IT is complete. Organization do not need, nor do they want, a traditional information technology department. What they crave is a world-class information service organization.


Friday, October 19, 2012

Chaos Theory for IT

I made a career shift several years ago from financial services to higher education. Being in IT leadership, I wasn’t concerned with making the change. From my point of view I was simply doing a similar job, just different industries. What I discovered was a fascinating cultural shift from a centralized top-down environment to a distributed consensus-based world.

Moving from organizations with enforced technology standards to a one-size-fits-none world was an interesting transition. Personal computing tools in a corporate environment were locked down and well controlled. In a higher education environment, particularly universities, funding comes from many sources and technology decisions can sometimes be made in many places.

I could debate the relative merits of technology in these different worlds, but the most fascinating difference is the decision-making process. Utilitarian efficiency experts may argue that top down is the obvious preferred approach. Decisions get made and everyone simply follows through. Logical.

But do the best decisions get made in this model? The university world provides an interesting counter-example. Major decisions are made with extensive socialization of the underlying issues. Building consensus in this world is like pulling back an elastic band or a slingshot. The more effort you put into developing consensus (or pulling back the elastic), the more buy-in, understanding, and acceptance you have to the solution. When you launch your initiative and let go of the elastic, everything goes faster.

My lesson from implementing large IT projects in this model: invest the time in developing consensus and you will see the return. It is worth the time and effort to build consensus first, because you have everyone’s support later. The time upfront is saved by reducing grief and re-work during the implementation.

The process of consensus-building starts with engaging the key thought leaders across the organization. The next step is to make it interesting for them. What do they want from it? Once you get their input, use it. Apply their comments in a meaningful way. Consensus doesn’t mean everyone gets to make the decision. But it does mean that everyone at least has the opportunity to contribute.

Ultimately, consensus is about relationship building. Whether you work in a top-down hierarchy, a centralized bureaucracy, or a distributed chaoscracy, the one consistent factor is your ability to create confidence in the decisions made and the path forward.


Tuesday, October 16, 2012

IT and the Holy Grail

I can't help but notice how many IT leaders, myself included, list "strategic planning" on their resume and their LinkedIn profile and any other personal profile. It makes me wonder if strategic planning is the holy grail of IT. Any single topic with so much attention begs the question: do we put too much faith in our ability to plan?

To answer the question, let's borrow a trick from mathematics and think about strategic planning by working backwards from the end state. Consider where you are today and how well a plan from five years ago could have predicted your current predicament. Could you have planned out an enterprise IT strategy that accommodated Google Apps and Bring Your Own Device and ubiquitous Apples and staff with multiple IP addresses? And could you have predicted the need to balance all of this with ever growing privacy legislation? What about the decline and fall of outsourcing (witness General Motors turfing HP/EDS)? If these events were unpredictable half a decade ago, why do you think you can plan out the next five years?

Over the past few years I have had the wonderful opportunity to read several IT strategic plans as well as write a few. They are all remarkably similar. With my eyes closed I can tell you the titles of the first three sections: Mission, Vision, and Values. Creativity doesn't seem to be considered a valuable asset in strategic IT planning. Yet without creativity, how can we imagine the future? 

The process to write these plans is fun to watch. Sometimes these strategies are built in a conscious fashion using a formal planning approach; sometimes these strategies emerge through convulsive reactions to change in the world around us. Some groups start with an enterprise architecture; some groups start with a crisis. No matter what the motivation, everyone has a plan. You may develop it elegantly, or you may stumble into it wretchedly, but it is human nature to crave a plan for the future.

The problem is that the accuracy of your plan five years from now has a plus/minus of 100%. In other words, the rounding error for any IT strategic plan is roughly equal to the entire contents of the plan.

So how do we reconcile the need to plan with the inability to plan well? Military strategy sometimes comes in handy. Think about the brilliant Canadian victory at Vimy Ridge in 1917. After years of trench warfare stalemate, a technique of rolling bombardment was introduced. The shells landed just-in-time and just-in-front of the advancing infantry, thereby preventing the enemy from emerging from their bunkers in time to mount a credible defense. 

Maybe we need rolling strategic plans. Instead of trying to predict an accurately future IT state, set some basic objectives (invade Germany and capture the Kaiser) for the long term. Then figure out what you need to do in the shorter term to work towards those goals (capture the next trench). Then revisit and adjust the long term view every year. 

So, five years ago, an IT plan could have easily said, "investigate web-based productivity tools." A year later it may have said "assess vendor product roadmaps for web based productivity tools." The next year may have said, "compare cloud-based tools for productivity services from Microsoft and Google and what are the performance issues." Finally, the next year the plan may have said, "evaluate Google Apps service from Apple and Android devices and determine the impact of privacy legislation on their usage." 

Narrowing the scope from broad strategy to practical implementation is the ultimate measure of success for any strategic plan. The real holy grail of strategic planning is accomplishing real work. It isn't about the plan. It's about what the planning process enables you to accomplish.


Tuesday, August 28, 2012

How do you measure an IT department?

As part of a consulting engagement my client wanted to know how well their IT department compared to similar IT departments in the same industry. I began by collecting data comparing the customer's IT department to peer organizations in the same industry. I knew before I started that there may be some apples to oranges comparisons. What surprised me was that I was comparing apples to flying saucers. I discovered the real issue is determining how to define an IT department before making any quality judgements.

In this particular study I looked at organizations within the same somewhat regulated industry. Organizations with similar revenue and customer volume had IT departments that varied in size by over 200%. So what was really going on here? First, it was clear to me that everybody has a different names for the same thing. Second, there are no obvious rules about boundaries. Let's look at both dimensions sequentially.

Names can be deceptive. For example, within IT there is often an infrastructure group. Assuming that includes server support, does it also include network support? If that includes network support, does it also include the phone system? If it includes the phone system, it probably includes the automated call response software and support staff. If you include these staff, do you include the telephone operators? If the operators are included, then do you include the call centre and business help line staff? Now we have an organization that reaches directly from the external customer to the back-end server.

I know this example may be extreme. But where do you draw the line? Let's think about boundaries. Does IT end at the pure technology of servers and network gear? Or does it go further? Think about applications development. IT usually includes the programmers, but not always. What about the analysts that work with both the business and the programmers to develop the requirements? Sometimes they are called business analysts, sometimes systems analysts. They do the same work, but the systems analysts typically reside in IT and the business analysts do not.

Defining IT by roles performed simply doesn't do the trick. As I reviewed the organizations in the study, there seemed to be no consistency. One IT department ran the printing operations for the whole organization. Another included web content development. Contrary to intuition, you cannot define an IT organization by the functions it runs.These seemingly arbitrary distinctions depended on history, available skills, and ultimately, political machinations.

Names are nearly meaningless and boundaries fluctuate continually making comparisons challenging. But the rules creating IT boundaries are remarkably consistent across all organizations. The ability for IT to influence these changes is negotiating power.  The degree of negotiating power accumulated by IT defines its boundaries. Building negotiating power comes from cumulative value-building. Every transaction between IT and a customer creates or destroys the clients' perception of IT's value. If IT provides great service, clients are more willing to work with IT. As a result, they become more willing to support IT in political bargaining when the organizational boundaries are inevitably revised over time.

Back to the original question - how do you measure an IT department? I would propose that you define the worth of your IT department by its return on service (ROS). If clients feel they get great service, the long term reward to IT is greater scope - a higher ROS. Conversely, bad service creates negative ROS and a shrinking IT department. A good IT department is one that is growing because it is providing an optimal return on service to clients. The last full measure of an IT department is its return on service.


Tuesday, July 24, 2012

What is the difference between a CIO and an IT Director?

At a recent consulting meeting a CEO asked me “why doesn’t my IT department work well with the rest of the organization?” Before I could answer, he asked another more telling question: “what’s the difference between an IT director and a Chief Information Officer?” The answer to the first question was embedded in the need to ask the second question. If you don’t know the difference, you don’t understand the value of a CIO.

So what is the difference? A Director of IT focuses primarily on technology. A Chief Information Officer focuses on people, processes, projects, and technology as a holistic system designed to achieve the mutual interests of the entire organization.

The Director may engage people, processes, and projects to move technology forward, but only to the extent that these elements support technology initiatives. For the Director, it is all about the technology first, and everything else is secondary. This perspective leads the IT director to confuse the tool (technology) with the product of the tool. When the IT department values the tool more than the purpose of the tool, its values become misaligned with the values of the overall organization.

A CIO is part of the DNA of the entire organization, not just the techie side of it. A CIO is deeply engaged in the core mission of the organization where technology is viewed as a means to an end. The objective of the CIO is to achieve the goals of the organization. To a CIO, the technology is part of a bigger mechanism that works as an integrated machine to achieve the mission and vision of the whole organization. The only way to achieve such ambition is to integrate people, processes, projects, and technology from across the organization into a seamless system. Boundaries among delivery groups become irrelevant as the CIO works closely with every partner and stakeholder in the organization to achieve the broader mission.

My answer to the CEO’s first question: your IT department does not work well with the rest of your organization because you have an IT director, not a CIO.