Tuesday, July 12, 2016

Higher Education IT Trends: 2016

Note: this is cross-posted at the Simon Fraser University site.

As part of my duties as President of CUCCIO I am expected to give the President’s report to the Annual General Meeting. At the June meeting my talk included some observations about trends and changes in higher education IT I have seen in the past year. Several folks have asked me to share these ideas so I wrote this blog post as a summary of the speech.

1.      Cloud computing isn’t a big deal

Cloud computing is simply a fact of life and we are dealing with it. Every organization has its own approaches and strategies that suit the uniqueness of their institutions and legislative domains. From Dalhousie University’s fascinating cloud first strategy to SFU’s cloud consumer and provider strategy, every university is dealing with it.

2.      Security is compelling and demanding and ubiquitous

The recent ransomware attack at the UofC has raised the profile of IT security in a jarring and shocking manner. Not only was the university forced to pay an embarrassing ransom, but more importantly, all their IT systems were shut down for 10 full days which has an immeasurable fiscal impact. Universities can no longer hide behind the veil of academic freedom to continue to justify a network security blanket that resembles cheesecloth.

3.      IT isn’t a cost, it’s an investment

Conversations with President’s, Provosts, VPs of Finance, and Research VPs are reflecting a new perspective of IT. In the past the conversation about IT was typically all about the cost. Now the conversation is changing; we are talking about how to extract value from the investment in IT. These are investments helping the university achieve educational, academic, research, and community objectives.

4.      Social media is no longer special, it’s just media

We are now talking about a digital experience, not just a learning experience for our students. We are creating digital strategies that engage our stakeholders and integrate new media changes into everything happening on campus. From a media perspective, traditional IT is like a millstone around the neck of media innovation. “Social” media is no longer unique – it is the media.

5.      Benchmarking is community building

A number of universities across Canada participate in a benchmarking initiative. This sharing of IT data exposes our strengths and weaknesses in a measurable manner. The act of sharing such sensitive data requires an unusual level of community trust. Emerging from this trust is a stronger community of shared interests. If I see a similar school with interesting metrics I can simply pick up the phone and to ask what they are doing and how they are doing it. The ability to compare and contact is priceless, and it builds a stronger and healthier higher education IT community.

6.      IT used to provide technology with a service component; now IT provides service with a technology component.

Our clients don’t want technology; they want the service delivered by the technology. The entire emphasis of our information systems organizations has clearly shifted from technology to services. We are becoming client-centric and the shift to out-sourcing (cloud computing) is accelerating that change. In a more cloud oriented world, we do increasingly less with baseline technology and we become integrators of a basket of services from a wide variety of providers.

7.      There is no such thing as IT strategy

IT departments expend a lot of energy developing technology strategies. Nobody cares. Much to IT’s chagrin, they are discovering that IT staff are the only folks in the institution reading the strategy. Today, real IT strategy is part and parcel of the fabric of the university strategy. The best IT strategies are the ones embedded into the university strategic plan.

As we wrap up the current academic year and entering into the summer months, we have the opportunity to reflect on these trends and think about how we should respond to them effectively. I look forward to a new academic year with more changes and a new series of ever-changing IT trends.


Sunday, October 18, 2015

Why Does IT Cost So Much?

Note: I originally published this article in University Manager Magazine Fall 2015 issue


Across Canada and around the world, senior university leaders are watching their IT budgets continue to grow. In an era of greater cost scrutiny, this expanding demand from IT seems counterintuitive and senior university leaders are increasingly questioning why. The simple answer is that IT costs are growing because universities are using IT more broadly and more systemically in everything they do. Yet that answer does not fully capture the big picture. There are many forces driving up costs and we need to understand what we can control and what we cannot.

A Brief History of IT Cost, Complexity, and Importance

The diagram below outlines the changing role and characteristics of IT university organizations as they have evolved over the past few decades. Every year we discover new and useful applications of information technology in the university. Every year we add new technologies to the portfolio of systems we are required to support. Constant technological innovation means constant increases in technology utilization, penetration, and dependency in all aspects of university research, administration, teaching, and learning. As the importance of IT grows on our campuses, so does its complexity and cost.

Today we have a reached a point where IT is ubiquitous. Every participant in the university experience uses information technology. From board members accessing key documents on iPads, to researchers collecting data from underwater observatories, to students rating their professors online, we all utilize some aspect of IT every day.

In this environment, many of the cost drivers are no longer in our control. With internal and external forces driving change we face a vast array of controllable and uncontrollable cost drivers.

Uncontrollable Drivers of Cost Growth

The uncontrollable drivers of IT cost growth are all around us. We live in an environment of constant technological innovation and a university is not an island of splendid isolation. Key areas of uncontrolled drivers of growth in IT expenses are:

Breadth of Demand

Information systems are used by everyone on campus. Everything we do is impacted by IT. Every process on campus - from traditional financial transaction processing to more modern applications such as plagiarism detection - has an inherent IT component. In everything we do, we demand more and more information technology to get things done at the university.

Depth of Demand

The average person brings 1½ IT devices on campus with them every day; often a laptop, an iPad, and a smartphone. Not only are we using more systems, but we are using more devices to access those systems. IT must keep the response time fast while seamlessly supporting all points of access.

Increasing Compliance Demands

We are experiencing increased demand for information systems to support legislative compliance in areas such as privacy, copyright protection, and freedom of information. Today, a lawyer is often consulted before a new system is even considered. The legal and compliance implications of any system are adding a new layer of cost and complexity to everything we do in IT.

Increasing Security Demands

The IT world has become an increasingly dangerous place. Hacking has transcended simple acts of theft into high-stakes criminal cyber-attacks. We used to build firewalls, then we reinforced the firewalls. But that’s not enough anymore. The attacks are coming from inside and outside our boundaries. New security protection requires artificial intelligence tools to detect attacks inside the perimeter. These new layers of security are vastly more complex and expensive. 

Any Device

Increasing demand to support whatever technology the client desires is expensive. We used to set some base standards for personal computer access to our network. Our clients no longer tolerate that approach. Now we have to install infrastructure and software to support every device imaginable: Apple PCs, Windows PCs, Linux PCs, Apple tablets, Android tablets, Windows tablets, Blackberries, and more. 

Any Time

IT department budgets were established at a time when information systems were accessed during regular business hours. Today, accessibility to systems is expected 24-hours-per-day, 7- days-per-week. Not only is availability demanded, but round-the-clock staff support is required. This broadening of system and support availability requires more money to implement and sustain. 

Any Place

Similar to the Any Time cost driver, IT departmental budgets were established to support systems within the physical boundaries of campus. Those days are gone. Distributed learning, distance education, and multiple campuses across the globe now require access to all of our systems from anywhere. Building technical infrastructure to support the networking demand of this new world increases IT capital and operating costs.

Quality of Software

I taught a first year undergraduate business course recently. When the students discovered I was the CIO they told me “Your systems suck.” They were right. Compared to the cool apps they commonly use (Facebook, LinkedIn, Twitter, Instagram, etc.) our systems fail in comparison. Satisfying these growing quality expectations is expensive.

New Teaching and Learning Technology

We are seeing new innovations in teaching and learning technology generate increasingly large video and image databases. For example, flipped classrooms require new technology to record and store vast volumes of video data. In-class student response systems demand instantaneous responses, requiring greater wireless capacity. Students come to our universities expecting the best classroom experience possible. The cost to renovate and upgrade our classrooms to new and rapidly changing technology accelerates the growth of IT and its commensurate expenses.

Exponential Research Data Volume Growth

Research data demands are driven by several changes in the nature of research computing. For example, research using vast arrays of sensor networks leads to huge growth in pure data volume. Not only do we have to store the data, but we have to transmit it over our networks and back it up in our archive systems. This massive growth in data demand is outpacing Moore’s Law and driving up costs.

The full force of these drivers is affected by factors outside the university. The best we can do in these areas is to strive to manage their impact on our bottom line and on our clients’ expectations.

Controllable Drivers of Cost Growth

There are several cost drivers within our control. The way universities manage IT is the real culprit. The controllable drivers of IT cost growth are insidiously hidden behind seemingly unassailable campus myths. Some key areas of cost drivers that are in our control include:

Distributed IT

The growth of independent, isolated, and silo IT departments that are separate from central IT lead to duplication of efforts, ineffective standards, conflicting technologies, and highly risky security incidents. At many universities, IT expenditures for non-central IT are often higher than central IT. These non-central IT expenditures have none of the rigour and control typically applied to central IT funding. 

Redundant Systems

Distributed IT responsibilities leads to the implementation of independent IT systems without a coordinated plan, creating overlapping and redundant systems. Disproportionate cost increases are needed to fund the inefficiencies.  

Data Integration

Data created by distributed IT departments and disparate systems cannot be integrated effectively. With multiple sources of data, there is duplication and redundancy in each of these systems. Resolution of data conflicts among multiple systems or multiple IT departments is expensive.

Independent IT support, overlapping systems, and duplicated data issues arise from a genuine need to be responsive to unique and highly specialized local needs. But without disciplined management, the costs and risks are excessive. Controlling these cost drivers is a non-trivial management responsibility that lies within IT, academic, and administrative leaders. Lack of control is acceptable only if the associated risks and costs are formally understood and accepted.

IT Is an Investment

Traditional IT departments spend almost 75% of their budgets on operational support work such as help desk, data centre management, and maintaining applications software.  Only 25% of the budget is left for system enhancements and new projects which leaves little room for innovation and creativity in the application of IT and a grim future for IT at our universities.

As a result of budget challenges, universities need to shift their perspective on IT funding. Instead of viewing it as a necessary evil to keep everything up and running, expectations of IT need to change. We need to view IT as an investment in the future. IT is an institutional investment opportunity to improve productivity, capacity, quality, and performance of all aspects of the academy. Chief Information Officers (CIOs) must be challenged to move from the traditional 75% maintenance and 25% projects model to a new order. Universities need to invest in growth by setting an expectation that IT will spend 25% on maintenance and 75% on investments.

An investment focus requires the university to create prioritization criteria for IT investments, then ensure all institutional IT spending is assessed against the criteria. The IT organization becomes a creative partner with every university department in applying the prioritization mechanism to identify and implement revenue opportunities, quality improvements, cost efficiencies, and risk mitigations.

The diagram below illustrates the shifting emphasis:

Finding the Real Costs

Measuring the real and full IT cost in a higher education environment is complex because IT funding comes from a variety of sources. With a multiplicity of sources comes challenges in measuring the real spend. Where do all the hidden costs lie? Challenge the budget status quo: if all IT funds are not managed by the central IT department, understand why. 

Getting an accurate picture of who does IT work can be hidden behind the heroic generalist. With distributed IT staff we see generalists who do everything from HR work, to financial transactions, to IT support. Counting those resource costs as part of the overall IT spend is difficult. Particularly when centralizing management of work.

Other costs are masked by unnecessary duplication. Many technologies are actively converging and some university organizations have not adapted. For example, audio-visual technology and IT are converging into a unified technological ecosystem, yet in many institutions they remain managed by distinct and disparate departments.

Shifting to Investments

Moving to an investment model means changing the university’s IT portfolio. What do we stop doing? Consider spending less time doing IT commodity work like administering email systems and moving the resources up the food chain. Can we centralize all email on campus to a single email system with one set of administrators? Can we outsource this work to a provincial shared service provider or outsource it to the cloud? After all, teaching, learning, and research are not dependent on our email administrative skills. 

Those administrative resources are best re-purposed to leverage technology in areas such as pedagogy or high performance research computing. Examine every commodity IT activity as an opportunity to move to a new service provision model. But they must be products and services we understand well – never outsource something you cannot manage. 

When IT is no longer viewed as a cost, but as an investment, each project is an individual value proposition with a positive return on investment (ROI). IT projects are no longer bottom line expenses – they are opportunities to create products or services where the benefits exceed the risks and expenses.

Maximizing the Value of Your IT Spending

Moving to an investment-driven IT organization means thinking differently about the complete cost structure. There are several emerging best practices in managing IT expenses. 

The most effective best practice in IT cost containment is moving to a common infrastructure. A common information systems platform for the entire institution means making the diplomatically difficult decision to centralize the management and control of all information systems. One IT department equals one procurement process for all of IT and a single source of the truth for all data. 
Another best practice is developing shared provincial services for higher education IT. Much like provincial regional networking organizations like ORION or Cybera provide low cost shared bandwidth across the province, shared services in areas such as Disaster Recovery Planning (DRP), data centre management, and IT procurement can lower costs for all higher education institutions. BCNET is the Canadian leader in this approach. CANARIE is also pioneering services above the network that can be shared nationally.

The cost-saving best practice receiving the most attention in the press is cloud computing. Essentially an outsourcing economic model, cloud computing delivers significant costs savings in some commodity IT services. Any cloud decision requires a careful business case that assesses the quantitative and qualitative benefits against the long-term risks and hidden costs. When properly assessed and closely managed, cloud computing lowers IT operating costs.

IT contracts tend to be written once and then ignored. But there can be gold lurking in the contract details. What software was purchased years ago in a bundle that is no longer being used? ERP contracts are rife with these gems. Has staff, student, or faculty headcount declined? Many licensing contract fees vary by the number of enterprise users, and vendors do not always feel obliged to notify customers when billing could decrease.

What can the university stop doing? Develop metrics such as tracking usage rates of technology over time. Then calculate the ratio of the number of users of each technology to the operating cost of that technology. Use these numbers to justify shutting down or outsourcing technologies that are not providing an appropriate ROI.

Apply these best practices across the full portfolio of IT products and services and use the savings to re-invest in the projects the institution needs to move its strategic vision forward. The table below highlights these top five best practices:


Why does IT costs so much? First, the outside world continues to demand more IT services from universities. Second, universities are diplomatically delicate in their treatment of controllable IT costs. What we do about these cost drivers depends on how we manage expectations from the outside and how we apply leadership, strategy, and discipline to information systems management within the institution.

The new world of IT is inexorably growing in depth and breadth across all campuses. Our dependency on IT grows more every day, leading to an inevitable growth in cost. The role of IT has increased over the years, leading to a commensurate increase in expense.

Managing costs in an environment where external drivers dominate the landscape is difficult. There are internal factors the university can control, but the most effective strategy is to set new expectations.  The CIO must focus on a vision for the future and shift the budget model to support the new world of ubiquitous IT. 

Sunday, September 7, 2014

What is a CIO?

I needed to develop a clear definition of my job as CIO to a new boss recently. Initially my plan was to do a quick check of the internet, look for a good definition and pass it on. Wow - was I disappointed! 

After having been a CIO for over a decade, I could not find a decent description of the job. I realized I had to put the effort into writing what I thought was a realistic description of role. So here it is:

The role of a CIO is to create, implement, and sustain an information systems vision for the organization. Implementation of the vision requires integration of the people, processes, data, and technologies from across the organization needed to deliver information systems. Success is measured by realizing the benefits and controlling the risks of information systems throughout the organization by managing value, volume, and quality.

To accomplish this role, the CIO needs to be allocated certain non-negotiable responsibilities including:

  • Strategy and planning for the future of information systems in the organization,
  • Stewardship (governance) of information systems decision-making processes,
  • Investment portfolio management of information systems projects, 
  • Organization structure required to support information systems,
  • Ethics and principles needed to create acceptable information systems standards,
  • Leadership of ICT directly, and other IT units indirectly,
  • Information systems policies, principles, and procedures,
  • Quality of operational systems, and
  • Adapting the organization to the inevitability of process and technology induced change.

No discussion of the CIO's role is complete without outlining the scope of the role. In any organization the CIO mandate includes all information systems at the organization, not just the central information systems department. The CIO creates the information systems context needed to deliver the clients’ content, which encompasses all aspects of all information systems used in any dimension of the organization.

To deliver on the role and scope that I have defined, a CIO's mandate must include certain core functions:

  • Develop and sustain all information systems supporting the organization's core mission,
  • Implement any new system software, continuously improve production application systems, and provide organization-wide data stewardship to enable the business needs of the university,
  • Design and manage an enterprise architecture mapping all the technologies, applications, and data for present and future systems at the organization,
  • Create, enhance, and support the technical infrastructure of the organization,
  • Ensure the privacy, security, and legislative compliance of information assets are diligently and proactively protected,
  • Implement project management tools and skills to ensure consistent delivery of information systems investments (projects) on time, in scope, and within budget, and
  • Continuously improve operational processes needed to support and run information systems.

Hopefully this short description helps anyone else trying to do the same search I attempted. 


Tuesday, April 30, 2013

How Do You Manage a CIO?

I was listening to a pair of Chief Information Officers (CIOs) discuss the unusual problems they faced on a daily basis and how these difficult issues limited their future career options. From their perspective, they could not satisfy the myriad conflicting client demands on their limited IT resource pool without forcing them to always be the bad guy/girl in someone's eyes.

What I found most interesting about this and other conversations with CIOs was not the complexity of the job. Everyone knows it's a tough one. The shiny gem of truth was that the CIO job is not the end game plan for most people in the role. In retrospect, I realize I have yet to meet a CIO who sees their current job as the top rung in their ladder of career aspirations. Which makes managing a CIO an interesting challenge. If you were a CIO's boss, how would you manage her or him?

Standard HR doctrines aside, there are some unique aspects to the role and the CIO's future ambitions may influence their current behaviour. For example, IT organizations deliver tools to improve the business. Sometimes they build them from scratch, often they integrate vendor products, and sometimes they simply manage the vendor contract. But where does the CIO see her or his personal future? Building from scratch means a larger internal department; some CIOs find that approach appealing because it can translate into more power and influence inside their organizations.

Other CIOs see their next role in the vendor world. Maybe they want to go work for that exciting world-wide software company that makes your ERP system. Or perhaps they are pining for the new wave excitement of Google. Either way, the business choices they make in their current role may be tainted by their aspirations for a future role. IT procurement decisions may be biased towards the vendor organization where the CIO sees their next job.

The CIO who wants to stay within the organization but move to a line-of-business role may have other biases. They might be focusing an inordinate and inappropriate amount of time and effort on a user department to the detriment of other departments. Unbalanced emphasis of IT support to a favoured line-of-business can easily lead the strategic IT mission astray.

So imagine yourself as the CIO's boss. How do create filters to detect these biases and behaviours? You can't win an argument about the technical aspects of a decision, because that's the CIO's realm of subject matter expertise. But you can test for bias before you hire any CIO. As part of the selection process, ask CIO candidates pointed questions about their future ambitions. Ascertain their goals beyond the CIO job. Do they see themselves eventually joining a vendor or moving to an IT client role? How long does the candidate see himself or herself remaining as a CIO?

Another solution lies in building a stewardship (governance) model for IT. An effective stewardship model ensures the IT decision-making lies in the hands of the business and the CIO's role is to facilitate the process. Biases are easy to spot when the business wants to go one way and the CIO is going elsewhere. If business leaders prioritize projects, CIO preferences must be justified by facts or they will fail.

You can't be sure the stewardship model eliminates all biases. But a robust benefits realization process is another key checkpoint. Have you built a project management process that ensures benefits are tracked and measured against promises made in the original business case? Benefits realization forces the CIO to ensure project commitments match results. If not, there is a failure appreciation moment - an opportunity to learn from mistakes. Is the strategic mission of the organization aligned with the CIO’s personal mission?

The best way to ensure a CIO’s heart and mind are in line with the organizational vision is ask the CIO to craft an IT strategy through collaboration and consensus with business partners. Don’t let IT write the strategy in splendid isolation. Set clear expectations requiring broad-based contributions. Assess the CIO’s ability to work together with all IT stakeholders. Once the plan is published, measure the IT department's performance against the strategic business goals - not the technology goals.

CIOs may always complain about how hard their job is. But I think the person with the much harder job is the CIO's boss. Their challenge is to give him/her a hope for the future. What is the personal end game plan for the CIO and does it match the organization’s needs? Successful CIOs need a glimmer of career opportunity leading to the next step of the ladder within your organization. Groom the CIO to become the VP of Administration, or COO, or CEO. Without internal opportunity, the CIO will create their future elsewhere.


Monday, April 1, 2013

Any IT Organization Structure Is Ephemeral

In the process of introducing a new organization change a few years ago. One of my staff took me aside and said she understood why I had to make the changes, but she didn't really like the affect it had on her. I told her not to worry, because no IT organization structure is permanent. If she didn't like our current organization, I asked her to be patient and wait for the new one. I was already thinking about the next organization change before I had completed the latest one.

Organization structure exists to solve a problem. Once that problem is solved, it is probably time to change the organization again because there are new problems and new opportunities. The shelf life of any major effective IT organization structure is two years. Anything beyond a couple of years means IT has stagnated. External changes in the form of new technologies, or internal changes driven by new problems have arisen and the IT organization structure has to change to survive.

Think about implementing an ERP system. The sheer scope of the project typically consumes the full attention of everyone in the IT organization. The wise CIO creates an organization structure dedicated to ensuring the success of the project. The ERP becomes priority #1 by virtue of the size and impact of the implementation.

But once the ERP is implemented, the IT organization's attention has to shift. Expectations of IT change from the implementation of one big project to a plethora of follow-on projects. The organization's emphasis shifts from the management of a big bang strategic project to the management of a portfolio of tactical projects. To succeed with the new emphasis, the perceptive CIO creates a new organization structure.

This constant change approach can be difficult for some external groups to understand. For example, HR never likes organization changes. Not because it means more work for them, but because it means turmoil in the institution. Their job is to promote stability and constant IT change does not fit the typical HR model. Across the organization, most departments are not compelled to change nearly as rapidly as the IT department. External and internal change vectors are less common in departments like accounting or procurement.

But the fundamental rules of IT change constantly. Working in IT is like working in an accounting world where the generally accepted accounting principles (GAAP) change every year. If GAAP changed every couple of years in the real world, then the accounting department would have to re-organize much more often. That is what makes IT organization changes so special. Our rules change almost daily. We can't afford to wait. The world of technology passes us by if we don't have the right people focusing on the right things. We get stale, old, and unwanted pretty quickly if we aren't structured to take advantage of the latest and greatest technologies.

Value generation from new systems-based processes or market-grabbing technology-driven innovation can only come from nimble IT organizations. Agility in IT comes from a simple willingness to change everything, especially the organization structure. Organizations get value from information systems organization that can turn on a dime.

The external IT environment has already changed from the time you started reading this article. Have you thought about what that means to your IT department's structure? If you aren't already thinking about your next IT organization change you should be thinking about your next job ... maybe in accounting?


Thursday, December 6, 2012

The Decline and Fall of Traditional IT

IT (Information Technology) as we know it came to a fork in the road several years ago. The traditional IT department used to deliver technology with a service component. Now we provide service with a technology component.

What does this really mean? Let me provide several examples of the transition from information technology to information services:
  • The IT department used to deliver technology projects. Now the department delivers project management services. These services include IT functionality, but not exclusively.
  • IT departments used to build a complex infrastructure of networks and servers and workstations. Now the department delivers an enterprise architecture articulating how everything fits together.
  • Staff members in IT were the back office geeks. Now the department trumpets service-orientation with world-class help desks and sophisticated escalation processes.
  • Security was a deny first, enable later process. Now the department defines security by corporate policies. These policies follow national and regional privacy laws, enable multi-layered authentication for a variety of roles, and facilitate freedom of information legislation.
  • IT departments used to hand-craft software to meet every nuance of an organization's processes. Now the department staff are master negotiators working with a sea of vendors to deliver information services written by a vast array of industry subject matter experts who have never set foot inside the organization.

These are the facts crafting our new reality. The implications for the future of IT are undeniable. The decline and fall of traditional IT is complete. Organization do not need, nor do they want, a traditional information technology department. What they crave is a world-class information service organization.


Friday, October 19, 2012

Chaos Theory for IT

I made a career shift several years ago from financial services to higher education. Being in IT leadership, I wasn’t concerned with making the change. From my point of view I was simply doing a similar job, just different industries. What I discovered was a fascinating cultural shift from a centralized top-down environment to a distributed consensus-based world.

Moving from organizations with enforced technology standards to a one-size-fits-none world was an interesting transition. Personal computing tools in a corporate environment were locked down and well controlled. In a higher education environment, particularly universities, funding comes from many sources and technology decisions can sometimes be made in many places.

I could debate the relative merits of technology in these different worlds, but the most fascinating difference is the decision-making process. Utilitarian efficiency experts may argue that top down is the obvious preferred approach. Decisions get made and everyone simply follows through. Logical.

But do the best decisions get made in this model? The university world provides an interesting counter-example. Major decisions are made with extensive socialization of the underlying issues. Building consensus in this world is like pulling back an elastic band or a slingshot. The more effort you put into developing consensus (or pulling back the elastic), the more buy-in, understanding, and acceptance you have to the solution. When you launch your initiative and let go of the elastic, everything goes faster.

My lesson from implementing large IT projects in this model: invest the time in developing consensus and you will see the return. It is worth the time and effort to build consensus first, because you have everyone’s support later. The time upfront is saved by reducing grief and re-work during the implementation.

The process of consensus-building starts with engaging the key thought leaders across the organization. The next step is to make it interesting for them. What do they want from it? Once you get their input, use it. Apply their comments in a meaningful way. Consensus doesn’t mean everyone gets to make the decision. But it does mean that everyone at least has the opportunity to contribute.

Ultimately, consensus is about relationship building. Whether you work in a top-down hierarchy, a centralized bureaucracy, or a distributed chaoscracy, the one consistent factor is your ability to create confidence in the decisions made and the path forward.


Tuesday, October 16, 2012

IT and the Holy Grail

I can't help but notice how many IT leaders, myself included, list "strategic planning" on their resume and their LinkedIn profile and any other personal profile. It makes me wonder if strategic planning is the holy grail of IT. Any single topic with so much attention begs the question: do we put too much faith in our ability to plan?

To answer the question, let's borrow a trick from mathematics and think about strategic planning by working backwards from the end state. Consider where you are today and how well a plan from five years ago could have predicted your current predicament. Could you have planned out an enterprise IT strategy that accommodated Google Apps and Bring Your Own Device and ubiquitous Apples and staff with multiple IP addresses? And could you have predicted the need to balance all of this with ever growing privacy legislation? What about the decline and fall of outsourcing (witness General Motors turfing HP/EDS)? If these events were unpredictable half a decade ago, why do you think you can plan out the next five years?

Over the past few years I have had the wonderful opportunity to read several IT strategic plans as well as write a few. They are all remarkably similar. With my eyes closed I can tell you the titles of the first three sections: Mission, Vision, and Values. Creativity doesn't seem to be considered a valuable asset in strategic IT planning. Yet without creativity, how can we imagine the future? 

The process to write these plans is fun to watch. Sometimes these strategies are built in a conscious fashion using a formal planning approach; sometimes these strategies emerge through convulsive reactions to change in the world around us. Some groups start with an enterprise architecture; some groups start with a crisis. No matter what the motivation, everyone has a plan. You may develop it elegantly, or you may stumble into it wretchedly, but it is human nature to crave a plan for the future.

The problem is that the accuracy of your plan five years from now has a plus/minus of 100%. In other words, the rounding error for any IT strategic plan is roughly equal to the entire contents of the plan.

So how do we reconcile the need to plan with the inability to plan well? Military strategy sometimes comes in handy. Think about the brilliant Canadian victory at Vimy Ridge in 1917. After years of trench warfare stalemate, a technique of rolling bombardment was introduced. The shells landed just-in-time and just-in-front of the advancing infantry, thereby preventing the enemy from emerging from their bunkers in time to mount a credible defense. 

Maybe we need rolling strategic plans. Instead of trying to predict an accurately future IT state, set some basic objectives (invade Germany and capture the Kaiser) for the long term. Then figure out what you need to do in the shorter term to work towards those goals (capture the next trench). Then revisit and adjust the long term view every year. 

So, five years ago, an IT plan could have easily said, "investigate web-based productivity tools." A year later it may have said "assess vendor product roadmaps for web based productivity tools." The next year may have said, "compare cloud-based tools for productivity services from Microsoft and Google and what are the performance issues." Finally, the next year the plan may have said, "evaluate Google Apps service from Apple and Android devices and determine the impact of privacy legislation on their usage." 

Narrowing the scope from broad strategy to practical implementation is the ultimate measure of success for any strategic plan. The real holy grail of strategic planning is accomplishing real work. It isn't about the plan. It's about what the planning process enables you to accomplish.


Tuesday, August 28, 2012

How do you measure an IT department?

As part of a consulting engagement my client wanted to know how well their IT department compared to similar IT departments in the same industry. I began by collecting data comparing the customer's IT department to peer organizations in the same industry. I knew before I started that there may be some apples to oranges comparisons. What surprised me was that I was comparing apples to flying saucers. I discovered the real issue is determining how to define an IT department before making any quality judgements.

In this particular study I looked at organizations within the same somewhat regulated industry. Organizations with similar revenue and customer volume had IT departments that varied in size by over 200%. So what was really going on here? First, it was clear to me that everybody has a different names for the same thing. Second, there are no obvious rules about boundaries. Let's look at both dimensions sequentially.

Names can be deceptive. For example, within IT there is often an infrastructure group. Assuming that includes server support, does it also include network support? If that includes network support, does it also include the phone system? If it includes the phone system, it probably includes the automated call response software and support staff. If you include these staff, do you include the telephone operators? If the operators are included, then do you include the call centre and business help line staff? Now we have an organization that reaches directly from the external customer to the back-end server.

I know this example may be extreme. But where do you draw the line? Let's think about boundaries. Does IT end at the pure technology of servers and network gear? Or does it go further? Think about applications development. IT usually includes the programmers, but not always. What about the analysts that work with both the business and the programmers to develop the requirements? Sometimes they are called business analysts, sometimes systems analysts. They do the same work, but the systems analysts typically reside in IT and the business analysts do not.

Defining IT by roles performed simply doesn't do the trick. As I reviewed the organizations in the study, there seemed to be no consistency. One IT department ran the printing operations for the whole organization. Another included web content development. Contrary to intuition, you cannot define an IT organization by the functions it runs.These seemingly arbitrary distinctions depended on history, available skills, and ultimately, political machinations.

Names are nearly meaningless and boundaries fluctuate continually making comparisons challenging. But the rules creating IT boundaries are remarkably consistent across all organizations. The ability for IT to influence these changes is negotiating power.  The degree of negotiating power accumulated by IT defines its boundaries. Building negotiating power comes from cumulative value-building. Every transaction between IT and a customer creates or destroys the clients' perception of IT's value. If IT provides great service, clients are more willing to work with IT. As a result, they become more willing to support IT in political bargaining when the organizational boundaries are inevitably revised over time.

Back to the original question - how do you measure an IT department? I would propose that you define the worth of your IT department by its return on service (ROS). If clients feel they get great service, the long term reward to IT is greater scope - a higher ROS. Conversely, bad service creates negative ROS and a shrinking IT department. A good IT department is one that is growing because it is providing an optimal return on service to clients. The last full measure of an IT department is its return on service.


Tuesday, July 24, 2012

What is the difference between a CIO and an IT Director?

At a recent consulting meeting a CEO asked me “why doesn’t my IT department work well with the rest of the organization?” Before I could answer, he asked another more telling question: “what’s the difference between an IT director and a Chief Information Officer?” The answer to the first question was embedded in the need to ask the second question. If you don’t know the difference, you don’t understand the value of a CIO.

So what is the difference? A Director of IT focuses primarily on technology. A Chief Information Officer focuses on people, processes, projects, and technology as a holistic system designed to achieve the mutual interests of the entire organization.

The Director may engage people, processes, and projects to move technology forward, but only to the extent that these elements support technology initiatives. For the Director, it is all about the technology first, and everything else is secondary. This perspective leads the IT director to confuse the tool (technology) with the product of the tool. When the IT department values the tool more than the purpose of the tool, its values become misaligned with the values of the overall organization.

A CIO is part of the DNA of the entire organization, not just the techie side of it. A CIO is deeply engaged in the core mission of the organization where technology is viewed as a means to an end. The objective of the CIO is to achieve the goals of the organization. To a CIO, the technology is part of a bigger mechanism that works as an integrated machine to achieve the mission and vision of the whole organization. The only way to achieve such ambition is to integrate people, processes, projects, and technology from across the organization into a seamless system. Boundaries among delivery groups become irrelevant as the CIO works closely with every partner and stakeholder in the organization to achieve the broader mission.

My answer to the CEO’s first question: your IT department does not work well with the rest of your organization because you have an IT director, not a CIO.


Sunday, June 24, 2012

Appreciating Asymmetrical Advantage (Lean IT)

Competitive weapons

Napoleon said an army marches on its stomach. The ability to provide food, supplies, and shelter to his troops was his primary building block of success. He didn't attribute his victories to the obvious factors of battlefield tactics, great weapons, or excellent training. His focus on logistics was much more mundane, yet infinitely practical. He created a simple advantage that his enemies could not match easily. Can your IT organization identity something it does that no one else does nearly as effectively? Strategy is about advantage, so what makes you so special that it gives you an edge over your enemies?

Creating an effective IT strategy begins with developing an appreciation of your own IT organization’s asymmetrical advantages. What do you have that your competitors don't have? Such advantages can be measured by context, influence, and tolerance. By context, I mean how deep is your awareness of all the market forces affecting your competitive position. Influence means how much you can affect outcomes in your chosen market. Finally, tolerance is the degree to which you are willing accept the risks of competing.

Big vs. lean

Let’s look at the example of a large IT organization vs. a lean one. The lean IT organization typically has a much smaller staff and budget relative to comparison organizations in the same industry, and operates with a minimal margin for error. Leading a large IT organization makes strategy easy. You can afford to "let 1,000 flowers bloom" by experimenting, testing, and making mistakes. Your context is big, your influence is substantial, and your tolerance is high. But a lean IT organization does not have that luxury. These organizations need to leverage every opportunity available and maximize their return from every investment.

The simplest comparison between big and lean is their approach to an ERP system. A large organization can afford to buy, run, and customize their ERP system. They can fine-tune it to every nuance of their specialized processes. But a lean IT organization is forced to rent a standardized version where they accommodate their business processes to fit the system - customization is an unaffordable luxury.

Let’s assume you run a smaller lean IT group. How do you level the playing field? You can start by thinking differently about every aspect of your operations. No IT organization needs their own data centre if they are willing to take the necessary precautions and make the necessary sacrifices to move everything to the cloud. No IT organization needs to customize their applications suite if they are willing to modify their business processes. No IT organization needs to run its own enterprise systems like email, content management, and collaboration software if they are willing to use industry standard software services.

If you actively move in all of these directions, your lean IT organization pushes the implementation, management, and support of conventional and traditional systems out the door. Does that mean you should shut down your IT department? Hardly. What you do with what you have left is your asymmetrical advantage. The core IT staff members become your unique footprint in the industry. These are the folks that understand the business processes at the very core of your organization. These are the folks who will integrate and leverage the low cost tools you have pushed out the door.

The ability to integrate technology and to improve process becomes a strategic advantage of the lean IT organization. You have the remarkable opportunity to focus the intimate business knowledge of your subject matter experts on building unique projects, processes, and initiatives that the big organizations are ignoring because they are too busy running their overly complex in-house information systems.

Should, can, and control

So how do you get there? The lean IT organization uses the concepts of context, influence, and tolerance to whittle down its list of strategic initiatives into two piles. The stuff they can give to someone else is in the first pile. The second pile is the stuff they are uniquely positioned to implement better than anyone else in their industry.

Context dictates what technologies the IT department should operate. What market forces are buffeting your competitive position? If the industry is consolidating, where can you collaborate with other organizations to create shared services? Is this really an activity that gives your organization a competitive advantage? Is this IT function really part of the core business? Ask yourself these questions for all aspects of your information systems.

Influence determines what technologies the IT department can operate. Sometimes you simply may not have the right resources to operate the IT services you might like to keep within your organization. Sometimes geographic isolation or over-subscribed demand for specific technical skills forces you to consider alternative delivery mechanisms outside your IT organization. Often you simply don’t have enough budget money to do everything you would like to do. Don’t operate the functions you cannot properly influence.

Tolerance defines how much control the IT department needs to successfully operate these technologies. What is your risk profile? What is the probability of success? What is the degree of impact if you fail? If you can’t stand the heat then get out of the kitchen. Some IT initiatives are just too risky for the culture and risk tolerance profile of your organization. Stop doing them and give them to someone who is willing to take the risks or can mitigate the risk through systemic factors.

An example

These three factors act like a series of successive filters. For example, if you are considering moving a new data warehouse system to the cloud you need to first assess context. Do you really want to be in the business of managing the servers needed to support the new system? Unless you are a technology company it is unlikely that you would consider server management to be part of your core business, so your context would indicate support for the move.

Now consider your degree of influence: do you really have the database administration skills in your organization to manage the new technology efficiently? A lean IT organization may not be able to afford high-priced data base administrators or may want to focus their precious skills on other systems. Since you would struggle to support the technology internally, the externalization of the system makes sense from an influence perspective.

Finally, are you willing to tolerate the risk by placing this sensitive information in another organization's care? If can successfully write a contract that transfers the risks associated with housing mission-critical data to a third party, then the last filter also supports the move.

In this example all three gates have been opened and the move makes sense. Only when all three filters are aligned should you be willing to make the strategic change, because then you have a conclusive asymmetrical advantage.

Lean on your asymmetrical advantage

Becoming a lean organization is an asymmetrical advantage despite your size. When you are forced to scrutinize every IT investment for maximum leverage and return, you inevitably become more efficient than the big players. For each dollar invested in IT, you gain business improvements that outstrip your larger competitors. Ultimately, your relative size can change your behaviour and gives you a distinct lead over the bigger and slower competitors. You can float like a butterfly and sting like a bee even if you a mere David to your competitor's Goliath. 

As you become more effective, don't lose sight of your core competencies defined by context, influence, and tolerance. Remember, Napoleon conquered all of Europe with a lean military organization. But he was resolutely defeated when he lost sight of his core competencies and let his army starve in Russia.


Thursday, June 7, 2012

The Process Design Blues

Everyone needs a hobby and mine is playing blues guitar. I may not be very good at it, but I'm not ready to sell my soul at the crossroads just yet. What I find fascinating about the blues is how such a simple musical structure becomes a portal into an infinite variety of musical improvisation and creativity. From a basic chord progression of 12 simple bars, the opportunity to innovate is literally limitless. Strangely enough, playing the blues is a great opportunity to think differently about business process.

Having designed many business processes, I have discovered great process design is lot like the blues musical structure: you need to leave lots of room for improvisation within a tightly structured and easy-to-understand framework. Good process design optimizes an algorithm for getting things done, but great process design builds in room to handle inevitable change. Great process design empowers process users to make independent decisions within the framework of the process. Great processes give users the room to deal with the variability of real life while simultaneously enforcing tight controls and high expectations around the key milestones in the process.

The concept of using a loose/tight process design makes some folks uncomfortable. Traditional thinking dictates highly structured and specific steps with no room for independent thought. And that is exactly where traditional process thinking fails - not leaving any room for autonomous and liberated thought. If you want processes to be agile and adaptive to change you need to leave room for human intelligence and creativity to engage. But business processes are not like Grade 2 art class. You need to be very disciplined at the key milestones. Each key milestone in the process needs to be measurable and comparable. Exceptional rigour around defining these process checkpoints ensures the process is executed appropriately. Installing metrics for all milestones ensures managerial control during process execution.

These metrics also enable process improvements over time as the process is executed repeatedly. You need to experiment continually with improvements to the process and measure the results. Measuring the change helps you understand the effect of the change. By comparing multiple executions of the process over time you begin to identify new and better ways of running the process. If you can't measure it, you can't improve it.

As a manager you need to carefully weigh your own engagement in the process. In between these highly controlled and evaluated milestones, you need to empower your staff. Leave the decision-making between milestones up to the discretion of your staff. They should be given your absolute trust to make the right decisions between milestones. After all, you did hire good people didn't you? So give them the opportunity to shine. If you are not comfortable with the room to maneuver you have given them between milestones then you need to re-think the process design. Are there other milestones you need to build into your process? Remember not to overdo it, or the milestones become millstones and the whole process slows down and looses it flexibility and agility. Finally, remember not to abdicate your responsibility to monitor the process for performance variations. If the variations are too extreme, then you need to get engaged.

As an example of this process design philosophy, let's examine a key strategic process for any organization - the project management process. You must be absolutely tight around several key milestones. The first is the project charter. It has one simple objective: define, in certain and quantifiable terms, why you want to do the project. The act of requiring this document as a milestone demands extensive analysis, collaboration, and consensus building before the document is submitted for approval. As a process owner, you do not need to manage the analysis work, but you absolutely must assess the results of the analysis and use the project charter to make the crucial go or no-go decision.

The next milestone is the Project Plan. This document is the contract between the project team and the sponsor. As a contract, it articulates the specific scope, budget, timeline, resources, and risks of the project. Once again, the process owner does not need to engage in the detailed analysis and development work. The project staff members are more than capable of building the components such as a work breakdown structure. However, this contract document is of mission-critical importance to the project sponsors. As a project process owner your role is to ensure the results of the analysis stand-up to significant, extensive, and careful scrutiny. The Project Plan milestone sets the stage for the most expensive stage of the project, so you want to use the milestone to be absolutely positive the project is ready to move to the next stage.

Once you have an approved plan, the execution begins. A well-written project plan has specific execution milestones defined. These milestones report on completion of activities according to scope, budget, and timeline of the plan with a change control mechanism. Once again, the project sponsor and project owner need to be actively informed and engaged in reviewing these execution milestones. If milestones are meeting promises (or appropriate change requests are approved), then the project manager and her/his team are perfectly capable of implementing the work between milestones without interference. However, if the project misses milestones, then the process owner and sponsor must engage in the project's detail work.

Assuming everything goes well the final milestone is the Project Closure. At this milestone you decide if you did what you said you would do. Are all the expected project products and services completed to a satisfactory quality level? Will the organization reap the benefits promised in the project charter? The sponsor and process owner review the original project charter to determine if the project delivered on the promises made. This milestone is used to determine if the project is truly finished. These two leaders do not need to be involved in the final development work for the product or service, but they do need to ensure it is are completed properly, hence the existence of a milestone at this point in the process.

Throughout this project management process there are specific and explicit expectations in each of the milestones, and liberal room to empower project managers to use their judgment and make decisions throughout the process. The worst project management methodology I have ever seen consisted of 14 binders, each 2" thick. They were never opened and never used. Conversely, the best project management methodology I've ever seen was a single 1" binder that was well thumbed with lots of coffee stains. It was a process that left lots of room for individual creativity within a tight context of specific milestone-based deliverables.

I can always tell when I hear great blues. The old familiar structure is always there, yet the great artists make every blues song sound unique, inspiring, and wonderful. Just like great blues music, great processes can lead to business innovation and creativity. But don't let them run amuck or you will get 20-minute guitar solos that bore your audience to tears.