Thursday, March 29, 2012

The Perfect IT Department

We spend a lot of time developing IT strategies. A typical strategy starts with a mission, vision, and purpose. I've read several IT strategic plans recently and I have come to the conclusion that organizations have become pretty good at developing these documents. Execution of the plan is tricky, but successful implementation is also becoming a more commonplace skill.

What seems to be missing from these plans is the opportunity to dream. We have become quite good at mechanically developing goals and objectives, then putting in place the processes to get them done. Results are delivered on time, on budget, and in scope. What falls through the cracks is creativity. Creativity is the spark that ignites innovation.

Sometimes we need to dream.

I recently read the actual text of one of my favourite speeches of all time. It was an eye-opener because the passion of the speaker seemed to overwhelm the actual written word. But the text is just as powerful as the delivery. A key line of the speech:
"I have a dream that one day every valley shall be exalted, and every hill and mountain shall be made low, the rough places will be made plain, and the crooked places will be made straight;"
I don't have Martin Luther King's eloquence, but his idea is powerful. Let us dream first. The reality and implementation follow the dream. If we were to dream about the perfect IT department, what would it look like? Imagine an IT strategy where contributors were asked to close their eyes and dream of the perfect IT department. What if we could simply imagine what we want to be when we grow up?

Here's my dream IT department ...
Under ideal circumstances, the information technology department is seamlessly integrated into all processes at the organization. The department provides secure and reliable access anywhere, anytime to dependable high performance information technology services. The people who provide the service are trusted and inspire confidence in the technologies they deliver. The department generates innovative ideas supporting the purpose and mission of the organization. Similarly, continuous process improvement ideas are sourced from the information technology department in a collaborative manner.  New projects are delivered within promised timeframes and budgets. Ongoing services meet or exceed customer expectations. People in the information technology department enjoy their work and their customers enjoy working with them. The culture of the department embraces an outstanding client-centric service ethic. Clients of the department embrace technology and enthusiastically work with the department to build a better future for customers and the organization.
Would not the dream create a better mission, vision, and purpose? Once you have the dream, you have the fuel to inspire an exciting strategy. A strategy where IT really can change your world. A strategy where you can make the rough technology plain and the crooked systems straight.


Wednesday, March 28, 2012

Who Should IT Report To?

One of the perennial debates in IT is the question: whom should the IT department report to? The CEO? The finance department? The social media team? The head of research and development? The question is like asking how many angels can dance on a micron of silicon. At the risk of appearing to dodge the question, I suggest IT reports to everyone.

Tradition says IT should report into Finance. Historically IT departments evolved out of a corporate need to automate billing, payroll, and other fundamental and crucial financial transactions. Naturally it made sense for IT to report into the finance department. But times change. IT is an integral part of everything everyone does in an organization. IT is an essential part of the value proposition of any product or service. From pizza stores providing real-time delivery tracking to universities providing online degrees, the IT function affects every aspect of the business relationship.

I saw the issue first hand when I was the financial controller for a large IT department. I reported into a CIO whom I greatly admired and respected. One piece of career advice he gave regularly was "never let IT report to Finance." At the time I had a hard time understanding his reasons. Our CFO was a great guy and I worked closely with him because of my particular role in IT. The way our company was organized, both the CIO and CFO reported to the president and everything worked extraordinarily well.

Then the company was sold.

As the new buyer dissected our organization they made an interesting discovery. The single most expensive physical asset in the organization was the IT infrastructure. But instead of leveraging IT as an integrated value generation mechanism, the buyer viewed it a financial asset to divvy up among disparate interests in the new organization. Like a pirate looting plunder, the new owners did not recognize the real value of the treasures they had captured. The assets were squandered because they were only seen from a financial perspective and not a business perspective.

The acquiring company's IT group reported into the CFO and the results of the merger seemed to confirm my boss's advice about the IT reporting relationship with Finance. But in hindsight, that was not the real problem. They were an old style organization where the IT department had a weak voice. IT did not see itself as part of the business. They saw themselves as technology order-takers, not as leaders of the information systems strategy and execution.

As a CIO I've reported into the Finance side of organization and quite enjoyed the relationship. However, the organizational reporting relationship never biased the organizational decision-making process. IT decisions are investments with long term implications for organization success, but financial systems should never receive preferential or biased prioritization simply because of organization hierarchy. Strategic engagement of IT requires broad organization involvement that transcends arbitrary organization structures. A self-aware IT organization perceives itself as reporting to the entire organization, not just the sole linear strand of the hierarchical organization chart.

So how can IT report to everyone? It starts with an attitude - a collective state of mind defined by the IT departmental culture. It requires an open approach to all relationships across the organization and is manifested in a desire to collaborate and integrate and deliver. This open IT culture is rooted in a mutuality of respect among all departments. Whether it is finance, human resources, or manufacturing, the IT folks need to earn their respect by delivering on promises and meeting expectations.

Once the culture is established, relationships are continuously nurtured. You can't do that if you think you have one boss. Much like a consulting company has many customers, an IT organization has a multitude of clients. Specialized treatment of one client because of an organizational reporting relationship comes at the expense of servicing others. A nurturing and open IT culture flourishes in an environment where all clients become the centre of their universe.

Of course the official reporting relationship needs to be comfortable and supportive of the open IT culture. When IT reports to the CEO, this balanced perspective is assumed. In other reporting relationships, the need to be open may be less obvious. The CIO's role is to help everyone understand the need for an IT that meets the needs of the many, not the few.

As to the career advice from my old boss about never letting IT report to the CFO? I disagree. Sometimes IT should report to the CFO. But sometimes it shouldn't. It depends on the particular business model and the technical acumen of the leadership. What matters is that IT has a strong and respected voice throughout the organization. That can only be achieved by a open, service-oriented IT organization. One that identifies with the business and sees itself as part of the organization's bloodstream. One that sees itself as reporting to everyone.


Thursday, March 15, 2012

Your IT Department Only Needs 6 People

I have a confession to make. I am home repair retarded. I can't fix anything around the house that requires tools more complex than screwdrivers and hammers and paint. But I do know exactly what I want done, how I want it done, and what it is worth to me. So I hire experts. When I needed to build a shed I hired folks who spend their lives specializing in home construction and repair and they did a better job than I ever could have done. While they built my shed, I spent my time working on things that I'm good at. We were both productive.

Similar logic applies to IT departments. There can be an almost infinite amount of IT work in any organization. From upgrading the ERP to enabling BYOD (bring your own device), the choice of opportunities is vast. The challenge is not what to do, but what to ask someone else to do. Where does IT draw the line between internal vs. external work?

IT needs to maximize the value of existing resources on the most important activities and deliver other services through new channels and creative partnerships. They cannot do everything internally. To understand what can be divested, organizations must assess IT’s core competencies. Core competencies in an IT organization are functions that are central to supporting the mission of the organization.

The three criteria for assessing whether any particular IT function is a core competency are:
  • External service providers cannot perform the function more efficiently for lower cost, 
  • Performing the function internally maintains appropriate control of the function in the organization, and 
  • The knowledge needed to perform the function is central to the long-term success of the organization. 

Focusing the organization on core competencies requires reviewing the major activities performed by IT and deciding what to keep and what might be delivered in a new manner. Non-core competencies are often well served by partnering with a service provider whose sole specialization is the best possible delivery of that service. This approach is similar to hiring contractors to build my shed. Home construction is not my core competency, so I found someone who specializes in that line of work. Alternatively, why build a shed in the first place if my neighbour has extra space in his shed available for a cheap price?

If you were obliged to take this approach to the logical extreme, the process of assessing core competencies could lead to externalizing almost all the IT work. If an organization were to go to this extreme, what should be left? What are the ultimate core competencies of any IT department? I would suggest the minimal IT organization would consist of only six roles:
  1. Chief Information Officer 
  2. Enterprise Architect 
  3. Project Office Director 
  4. Business Administrator 
  5. Security Manager 
  6. Operations Director 

In this new IT world, there is still a need for a Chief Information Officer (CIO). This individual is responsible for making sure all the organization's IT needs are met. But the CIO's organization becomes a lean team of five staff. Let me describe each of the roles in the next few paragraphs.

The CIO drives IT through visionary leadership that inspires all staff and earns the confidence of clients. The CIO leads the organization's IT with strategic thinking and operational decisiveness, and is capable of bringing the entire organization through sustained periods of significant IT change. The CIO is a leader whose advice and guidance is respected for all information technology issues. These issues may not necessarily be part of the IT function, but the leader needs to be sufficiently well respected across the organization to be sought out for advice and guidance on any IT matter. The CIO ensures appropriate stewardship processes are in place and establishes information systems ethics.

If the bulk of the IT work is no longer a core competency, then the new challenge becomes how to link all the external service providers (contractors, hosted services, outsourcers, etc.) together. The Enterprise Architect (EA) owns this responsibility. The EA's first job is to understand and articulate how technologies, applications, and data interrelate. The second part of the job is to build a roadmap of where each of these functions will evolve. Defining context, setting direction, and linking external sources into a seamless information technology service is the role of the EA in this optimized organization.

With multiple service delivery providers come multiple projects. The organization needs to set non-negotiable project management processes and checkpoints to control vendor projects. Consistency of project delivery is essential to the management of expectations by IT's clients. The Project Office Director is accountable for all projects, irrespective of whether the staff are internal or external. Integrated and seamless delivery of project results are demanded and this director is responsible for ensuring everyone works together as single project team.

Since external suppliers will do most of the IT work, contract management and business relationships are essential to the success of the new IT organization. The Business Administrator manages the RFP writing, plans the operational and capital budgets, and handles the business affairs of the IT. The Business Administrator works closely with suppliers to negotiate IT services and projects required by the overall organization. The negotiations are done within the context of the enterprise architecture and the Project Office Director sets the project service delivery expectations.

The importance of IT security, data privacy, and compliance requires the presence of a full time Security Manager. The ideal IT environment would have unassailable policies, practices, and standards that are proactive, not reactive. Strong policy and enforcement is essential if external service providers are to be trusted with an organization's IT assets. The Security Manager is responsible for creating the policies and ensuring the appropriate practices are in place to enforce them as part of all contract negotiations.

The Operations Director is accountable for all production services. These operations must deliver according to service level agreements with external providers. This Director creates meaningful performance and capacity metrics. These are measures that the IT organization's clients understand. The Operations Director works closely with vendors to provide them with growth patterns for usage. Expected demand forecasts become part of the contract negotiation process and the Operations Director is responsible for meeting these needs by working with vendors.

Arguably, an IT organization could easily be larger than six people. But if you had to boil the organization down to its absolute minimum, these are the six roles you do not want to externalize. They are your fundamental core IT competencies.


Wednesday, March 14, 2012

IT Governance is Dead. Long live IT Stewardship.

There was a windstorm on Vancouver Island last night - one that blows off the Pacific and seems to make the whole island shudder. There was a weird noise that seemed to be coming from inside the house. As I lay in bed, the last thing I wanted to do was wander around the house looking for the problem. So I kept telling myself it was just my imagination and everything was ok. Then BLAM! Something fell inside the house. There was no making excuse anymore. I had to leap out of bed and deal with it.

IT governance has become one of those issues. For the past ten years the holy grail of IT has been governance. But the wind has been shaking the house of governance for sometime now. Over the years I have seen a number of organizations create governance structures and governance models and governance committees. Typically these models are well planned and follow all the appropriate literature. Some processes achieve moderate success while others continue to struggle.

Typically the CIO creates the governance model, chairs the meetings, sets the agenda, and drives the action. They are attempting to govern IT in the enterprise. But they are attempting to govern someone else’s assets. What gets forgotten in these models is the reason for creating IT departments in the first place. IT departments exist to support the strategic and operational goals of the business. IT was created to realize the dreams and aspirations of their stakeholders. The assets are not theirs to govern. The mistaken notion that IT can govern someone else's property is the root of the problem.

I suggest we shift our thinking from governance to stewardship. Stewardship is the responsibility to take care of something belonging to someone else. By moving from a model where IT attempts to govern someone else’s assets to a model where IT recognizes the true ownership of the assets changes everything.

In a stewardship model, the needs and concerns of IT clients actively influence the decision-making process of the IT department. The decision-making process becomes transparent to stakeholders. The clarity creates trust among the IT department’s clients.

The intention of a stewardship process is to engage clients in enterprise IT decision-making. The organization uses an open and transparent process where clients actively and regularly participate in guiding the future of technology at the organization. The role of the IT department is to facilitate the process of decision-making, not to govern the decision-making.

The purpose of a vibrant stewardship model is to engage IT stakeholders in the prioritization of work and the selection of the criteria that determines those priorities. Successful stewardship allows customers to influence and guide IT planning, policy, and priorities for the entire organization. All appropriate stakeholders discuss information systems investments in a collaborative fashion.

Stewardship is the open, honest, and responsible management of something entrusted to your care. Governance is about making decisions that set expectations, grant power, or measure performance. These are two different worlds representing significantly different mindsets. Governance can lead to IT forgetting its role in the organization and attempting to assume more responsibility than is appropriate. Stewardship is about helping the organization realize its information technology dreams and aspirations.

In case you were worried about my house, everything was okay. The wind blew open a poorly fastened door and a painting that was loaned to us by my mother-in-law was blown to the floor. I fixed the door so it will never shake loose again. Hopefully I have improved my stewardship of my mother-in-law’s painting.