Post on 26-Oct-2014
description
The Role of the CIO in
Effective IT Strategic Planning Through Corporate
Governance
by
Ivory S. Banks
This paper critically examines the CIO’s role in effective IT strategic planning within the
confines of corporate governance. It will include a brief comparison of previous governance
models versus 21st century governance models and how each have impacted and will impact the
role of the CIO. It begs the question if there is a one size fits all model or framework that can be
applied to an organization to achieve success in strategic planning and business alignment? In
addition, the paper will examine why and how two game changing facets of IT that did not exist
a decade ago, cloud computing and social media, will fit into the CIO’s strategic plan.
Corporate governance, as defined by business C-suite executives, may be developed and
executed differently than IT governance, as defined by technical C-suite executives and are
seemingly separate efforts. However, best practices CIOs have echoed the notion that the two
must be orchestrated as a concerted effort to foster and accomplish the overall strategic objective
of a corporation. “It is impossible to have strong corporate governance without strong IT
governance” (Moore, 2009). The technological evolution taking place is reshaping the way
organizations align IT and business to the point that IT has become the business. It forces
today’s CIO to be more agile and forward thinking in his or her strategic planning.
We are the survivors of a nearly post-financial apocalyptic era where corporations
learned they were not too big to fail. The most profound takeaway from the fall of these
corporations, relevant to this topic, is executive leadership is not a silo of people who sit atop the
corporate ladder and make decisions which only affect shareholders. The best practices of the
CIO also echo the essential common theme that proper IT strategic planning is aligned with the
mission of the organization for profitability, sustainability through innovation, and growth.
Paradigm shifts in IT have a prolific impact on the corporate structure and consequently the role
of the CIO.
New technologies such as cloud computing and social media are impacting multiple
business functions across organizations like enterprise application management, infrastructure,
marketing, and finance to name a few. How can a CIO strategize effectively utilizing his or her
resources, knowledge, and the ever-changing trends of information technology? It also begs the
question if there is a one size fits all model or framework to achieve success in strategic planning
and business alignment? Ironically, any rigidity is strategic planning is actually the opposite of
strategic.
The CIO -- a technological acrobat
Imagine a Cirque de Soleil performer who changes his costume to fit the theme of the
show, be it “O” or “Zanadu” and each show is a chorographical masterpiece of intricate dances
and fantastical acrobatic feats. All of the actors, be it main characters or a supporting cast rely
on the precision and timed movement of their peers on stage. There is always a main character
in these shows and a storyline that governs how the characters will move, while the musical
score captivates and help build the anticipation of the audience. Now, imagine if the lead
character in “O” came dressed as the lead character of “Zanadu” and the acrobats decided to
perform the choreography of “Zanadu” during the “O” show. This disorganization would not
only cause confusion to the audience, but it would be of catastrophic consequence to the
acrobats.
The CIO, much like a Cirque de Soleil performer has a role to play and is governed by
several themes that drives his or her focus for IT strategic planning. Obviously, the storyline for
technology changes rapidly and in order for a CIO to be effective, he or she must be agile and
flexible to these changes which are affecting the technological and operational structure of
corporations. The days of simply managing a menu of software applications, help desk
operations and staff, and equipment maintenance issues are a thing of the past for today’s CIO.
He or she has to be a “technological acrobat” when it comes to crafting and implementing IT
strategies that will ultimately govern the outcome of the organization’s growth, profitability,
sustainability, and lest one not forget innovation. The challenge also is to convince senior
management to make complementary changes to its process, policies and organizational
structure, or in other words, corporate governance (Nevens, 2004).
Walking the tightrope
Throughout this study of the different perspectives on IT strategic planning and
governance, two diametrically opposed views are common. One group of strategists supports the
idea of liberal and decentralized governance of IT or the pancake structure (Schneckenberg,
2009). This idea of a pancake structure allows for a more autonomous employee decision
making capability relying on the competence of the individual (Schneckenberg, 2009). Andriole
(2012) tends to agree, arguing that organizations need to rethink governance and authority and
embrace the growing trend of decentralization and the distribution of computing power. Another
group of strategists prefer a stricter approach based on the premise of protecting corporate
integrity and rightfully so for the time. In the past, governance of technology was a top-down
approach that fostered a hierarchal drive for standardization and centralization and left little
room for flexibility (Andriole, 2012). The 1990’s technological infrastructure called for
standardization and centralization (Andriole, 2012). To be effective, these antiquated
methodologies for managing an infrastructure are not conducive to the technology trends of
today and are perhaps, no longer best practice for C-level leadership to follow.
However, organizations must be careful and to Andriole’s (2009) credit, he cites the
responsibility of the organization to govern in such a way to ensure the actions of individual
employees do not compromise the integrity of the organization’s infrastructure. The age of Web
2.0 gives free reign to collaborate and communicate via blogs, wikis, and social media without
understanding the technology or the consequences (Schneckenberg, 2009). Imagine such
behavior in a corporate infrastructure both internally and externally and one can understand a
company’s opposition to liberal governance. The former example also serves as evidence of the
need for a CIO to be directly involved in the process of helping the organization to understand
the technologies that are an advantage to the business. Similarly, Robert Stephens, vice president
of Best Buy and founder of Geek Squad, agrees with the viewpoint of providing balance by
cultivating a culture of freedom to innovate but within guidelines, also referred to as “freedom
with fences” (Stephens, 2011). He cautions, the role of the CIO is to set the tone for a
disciplined, safe and secure environment to be “playfully innovative” (Stephens, 2011). As the
industry provisions and almost demands more flexibility, the conundrum is how does the CIO
protect the infrastructure and cultivate an atmosphere of innovation, sustainability, and growth
while ensuring ROI (return on investment) to the organization’s shareholders? If the ever-
changing trends of technology are a circus, the CIO is an acrobat, and this paradox of a balance
act is his or her tightrope.
IT and business – a syncing ship
The CIO has several key objectives and that is to figure out this strategy, align it to the
business, and then be willing to change it. He or she must be as dynamic in approach to planning
and implementing as technology is to changing. Rigidity in applying and sticking to any
particular business model is the opposite of strategic. It would be oxymoronic to apply a static
framework to something so volatile as planning for technology. Can a CIO really plan for
technology? In order for a CIO to be effective in strategic planning and proving to his or her
business counterparts the validity of IT objectives, the tools used to develop these plans must be
just as agile as the business itself. MacKay (2004) agrees that developing strategic direction
matters and thus model frameworks should be developed and implemented on the basis of
change. For example, MacKay’s (2004) four box strategy planning model applies different
approaches to strategic planning based on predictable environments with stable goals, predictable
environments with ambiguous goals, complex environments with stable goals, and complex
environments with unstable and conflicting goals. The flexibility of these models makes sense
and the role of the CIO is to figure out which model makes sense for his or her organization.
Luftman's (2007) alignment maturity model underscores the need for IT-business
alignment to mature along with the growth of the organization. So taking into account
Luftman’s model, organizations lack maturity in at least one of these criteria of maturation;
communications, value, governance, partnership, scope and architecture, and skills (Kempaiah &
Luftman, 2007). Costello (2010) takes the Luftman Model a step further by identifying specific
steps for the CIO to conjoin IT initiatives with the overall business strategy. Locate the area in
the organization where ideas originate, evaluate the influence of the leaders in those areas,
identify the approval flow of the ideas, and make the case for how the CIO’s goals produce better
outcomes for the business (Costello, 2010). He goes on to spell out the steps that identify the
CIO as the one with the “PR bullhorn” for his or her strategic plan. This may be referred to as
business maxims (Broadbent, 2004). Business maxims draw on the balance between synergy,
autonomy, notwithstanding the strategic plan (Broadbent, 2004). The CIO works to set formal
processes, develop skills, and align IT with key business objectives. In parallel, customers,
products, process, and services are constantly evolving and therefore so must a company’s
business (Broadbent, 2004).
Corporate maturation is a reality and supports the fact that developing strategy is not an
end state but a continuous journey (Broadbent, ???). Here, let it be reiterated that the
fundamental basis of successful strategy planning is a concerted effort between technology and
business leadership. Significant time and effort needs to be spent developing short and long-
term goals for information and technology (Broadbent, 2004). The CIO’s job is to maintain a
close relationship with business counterparts to gain a concrete understanding of business needs
(Costello, 2010) and leverage opportunities for change to evolve the business while meeting
those needs. The CIO should not only be allowed to sit at the C-suite table, he or she should be
integral member of the board. When it comes to IT within an organization, the CIO to the CEO
is much like a U.S. Army general is to the president during war time. He or she is in direct
communication with what’s going on with the employees internally and how external trends in
technology impact their day-to-day operations. It is for this reason that it makes sense for CIOs
to provide their perspectives directly to the CEO. CIOs, as members of boards, can bring a
strategic view of technology as it relates to specific value-chain areas of high-level governance,
finance, accounting, and corporate strategy (Woosley, 2010).
It is in this role that the CIO is a visionary. In said vision, the CIO has to recognize when
certain technology trends, though seemingly unconventional to the corporate infrastructure,
cannot be ignored because of uncertainty. The impact of such trends as social media and cloud
computing on corporate governance is inevitable despite skepticism among organizations.
You can run but it wouldn’t be strategic to hide
History has shown time and again that resistance to change in technology ultimately
results in the demise of an organization (Hugos, 2011). This examination of IT strategic
planning would be remised if it did not speak to specific technologies which are reaching
ubiquity in the public domain. A little over a decade ago, cloud computing and social media did
not exist when the centralized way of governing corporate infrastructure were paramount. How
we look at corporate infrastructure and IT governance is rapidly increasing the complexity of the
CIO’s role as we transcend into the era of technology democratization and social networking
(Moore, 2009). A survey conducted by Ernst & Young found that 60 percent see social
networking and cloud computing as an increased risk to their organization (Granado and Tsantes,
2011).
Security concerns have increased over the years with social media because it is exists
both inside and outside of corporate firewalls (Andriole, 2012). CEOs, IT strategists, and
industry experts are among some who believe social media and cloud computing threaten the
fundamentals of governance and consequently corporate infrastructure. Security existed as a
concern when e-commerce sites emerged in the late 1990’s, early 2000’s but imagine what
avoiding the change in business would have done for businesses like Amazon, eBay, and the rest
of the e-commerce industry. Perhaps they would not exist. The CIO has the daunting yet
imperative job of convincing C-level business executives that avoiding integrating new
technologies like social media and cloud computing into the strategic plan poses a greater threat
to the growth and sustainability of the organization.
“The most fundamental strategic risk related to social media is not having a strategy”
(Jacka and Scott, 2011). As the CIO, he or she should use social media as a way to empower the
organization to protect and solidify a positive reputation as an industry leader. A complete social
media strategy should articulate exactly what is to be accomplished by using this medium, be
directly aligned with business objectives, set a time commitment (long or short-term), identify its
target audience and appropriate media channels (LinkedIn versus Facebook) and ensure this
evolution is properly staffed and funded (Jacka and Scott, 2011). As if the CIO does not have
enough on his or her plate, deploying a social media strategy may compound more work and
become counterproductive to the organization’s mission. Social networking would not be
considered a value-chain priority. Therefore, this may be a reason to outsource this evolution as a
part of the strategy to focus on core competencies within the organization.
Cloud computing introduces another nuance to the role of the CIO in an organization but
as a more prolific priority than social media. According to a recent global report about the future
role of the CIO, 67 percent see cloud computing as a gateway to other roles in business (Chia,
2011). The study also found that 60 percent believe cloud computing has been an enabler for
business strategy and innovation (Chia, 2011). It also presents new challenges as it comes with
greater security risks and in turn greater opposition to adoption by C-level executives. However,
there is a consensus that cloud computing offer practicality in unlimited computing resources,
immediate availability without long-term commitment, and a pay-as-you structure that does not
tie an organization to costly equipment investments (Hugos, 2011).
Despite these advantages, however, there is still resistance to the adoption of cloud
computing out of fear. Relying on the integrity of a public cloud environment to store a
company’s propriety data creates almost inconsolable apprehension about security risks. The
role of the CIO is to present a strategic plan that both consoles and reassures that the benefits of
adopting this new technology are greater than the risks it introduces. It would behoove the CIO
to help his or her organization understand and engage the concept of cloud computing because,
like social media, it enables businesses to stay connected to their clients and add value,
especially in area of services (Swamy, 2010). It speaks directly to the CIO’s job as a facilitator
of business agility.
Cloud computing provides such agility by removing some of the restrictive bureaucracy
when it comes to creating new business (Hugos, 2011). For example, a company called,
Animoto Corporation recently ascertain the services and benefits of Amazon’s powerful cloud
infrastructure. Animoto is an online video slideshow maker which allows customers to create
personal movies online (Bisong & Rahman, 2011). When Animoto made the decision to move
its service to the Internet, over the course of three-days, registration increased from 25, 000 to
250, 000 users which caused them to increase their Amazon cloud computers from 24 machines
to nearly 5,000 (Bisong & Rahman, 2011). Such a swift turnaround and increase in business
would not be possible in a traditional infrastructure. These are the types of examples CIOs have
to use in making the case for new technologies into the strategic plan.
Introducing the cloud into corporate infrastructure is not just about implementing a new
solution because it is popular. Part of the strategy is to know what to implement and why in
order to get the most business value. CIOs need to present a case for cloud computing that
forces a more critical analysis of its benefits beyond that of costs. Frankly, one can make the
case for a lot of business initiatives based on cost. Thus, the CIO should understand the
priorities of the organization as it relates to the corporate strategic objectives and goals. The
reality is the risks of cloud computing exists because they present a problem to the infrastructure
if those risks suddenly become an organizational nightmare. Understandably, organizations are
not comfortable with the fact that vendors are not forthcoming with transparency. It is for this
reason people like John Pironti, president of an IT consultancy firm, advises his clients to limit
their cloud endeavors to commoditized services which don’t impact mission-critical systems
(Kontzer, 2011). Unisys provides another example that illustrates how CIOs should choose their
battles wisely. They should focus on placing the most desired applications in the cloud as
opposed to migrating an entire infrastructure, again avoiding a perceived catastrophe of data
compromise (Kontzer, 2011).
The bottom line is new technologies like social media and cloud computing are
ubiquitous and unavoidable. They are gaining momentum as the links of technology that tie
business, IT, marketing, and innovation together in a way that prevent them from being mutually
exclusive. A strategic plan loses its effectiveness both on the business and IT side if they are not
included. The CIOs job is to determine exactly where they fit and for how long will they add
business value and contribute to the growth.
CONCLUSION
If today’s corporate climate is any indication, there exists a disconnection between C-
level business executives and C-level technology executives. Much of this misunderstanding of
IT in business is based on antiquated rules of thought that it is only there to save money and if
not, there is no use. Perhaps we can thank Nicolas Carr’s scathing “IT doesn’t matter” article in
the Harvard Business Review for this misconception.
The fact of the matter is a corporate strategic plan is empty without a comprehensively
aligned strategic IT plan to complement it. The role of the CIO is to see to it that said strategic
IT plan is as complex and simple, agile and rigid, and as static and dynamic as the business it
supports. He or she is an information technology maven that understands how each component
of business fits in to the grand scheme of the business and weaves a plan that interconnects them
all. Essentially, a CIO’s strategic IT plan provisions to leverage new technology trends, cultivate
the internal talents of its employees to promote innovation and establish guidelines which
coincide with corporate governance.
References
Andriole, S.J. (2012). Managing technology in a 2.0. world. IT Professional, (14)1, 50-57. doi:
10.1109/MITP.2012.13
Bisong, A., & Rahman, S. M. (2011, January). An overview of the security concerns in
enterprise cloud computing. International Journal of Network Security & Its
Applications, 3(1), 30-44. DOI: 10.5121/ijnsa.2011.3103
Broadbent, M. (2004). Where’s the strategy? CIO Insight, 46, 35-36. Retrieved from:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=bth&AN=15231209&site=eds-live&scope=site
Chia, D. (2011, December 5). CIOs’ priority shifts to business services delivery optimization.
The Business Times.
Costello, T. (2010). CIO can drive change to a new strategic role. IT Professional, 12(1), 63-64.
Retrieved from:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=iih&AN=48480484&site=eds-live&scope=site
Granado, J. & Tsantes, G. (2011). Social media at work. CIOInsight, 115, 16. Retrieved from:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=bth&AN=58772130&site=eds-live&scope=site
Hugos, M. (2011). Cloud computing and the new economics of business. In J. Stenzel (Ed.), CIO
best practices: Enabling strategic value with information technology (pp. 99-
140). Hoboken, NJ: John Wiley & Sons.
Jacka, J.M. & Scott, P.R. (2011). The whole world’s talking. Internal Auditor, 68(3), 52-56.
Retrieved from:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=f5h&AN=62830505&site=eds-live&scope=site
Kempaiah, R. & Luftman, J. An update on business-IT alignment: “A line” has been drawn. MIS
Quarterly Executive, 6(3), 165-176. Retrieved from:
http://tychousa9.umuc.edu/ISAS650/1202/9040/class.nsf/0/ca2ce839839a77e085257974
006823b3/$FILE/Alignment%20readings.pdf
Kontzer, T. (2011). GRC in the cloud. CIOInsight, 118, 18-21. Retrieved from:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=bth&AN=65156892&site=eds-live&scope=site
MacKay, J. (2004). Does strategic planning still fit in the 2000s? Retrieved from Berkeley
Consulting website:
http://www.berkeleyconsulting.com/strategic/Does%20Strategic%20Planning%20Still%2
0Fit.pdf
Moore, S. (2009). Corporate governance and the role of IT. Siliconindia, 12(6), 20-22.
Retrieved:http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?dire
ct=true&db=bth&AN=42122484&site=eds-live&scope=site
Nevens, T. M. (2004). Who’s right about IT priorities? McKinsey Quarterly, 24. Retrieved:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=bth&AN=14071880&site=eds-live&scope=site
Schneckenberg, D. (2009). Web 2.0 and the shift in corporate governance from control to
democracy. Knowledge Management Research & Practice 7(3), 234-248. Retrieved:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=edswss&AN=000282845600006&site=eds-live&scope=site
Stephens, R. (2011). Freedom with fences: Robert Stephens discusses CIO leadership
and IT innovation. In J. Stenzel (ed.), CIO best practices: Enabling strategic value with
information technology (pp. 1-40). Hoboken, NJ: John Wiley & Sons.
Swamy, V. (2010). It’s the age of seamless and collaborative technology. Siliconindia, 13(4), 42-
43. Retrieved from:
http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=edswss&AN=000282845600006&site=eds-live&scope=site