Once upon a time (actually not too long ago) a company and its audit firm lost their marbles indulging in innovative accounting and logic belying practices. The event resulted in the former shutting down and the latter being dismantled. Hapless citizens and investors who put their faith in these lost their financial safety nets and were left poorer. The aftershocks felt by the rest of the companies created an industry around consulting services. SOX became a bad word for all CXOs and everyone dreaded facing audits. Compliance gained prominence and everything else was subservient to it.
IT being the foundation of processes and information enabling the enterprise came under the scanner; it was not enough to demonstrate that data integrity and consistency is maintained, it was also important to provide evidence that others in the organization did not violate process that could result in potential loss of control. Thus as the custodian of the physical information assets and the administrator of the logical processes, the IT organization had to fend off auditors of all types at unnerving frequencies.
The FUD factor
Consultants thrived on FUD (Fear, Uncertainty, and Doubt) factor as non-compliance had severe ramifications for the CIO, CFO, COO, and the CEO. Perceptions of risk heightened the tension as any risk classified as high needed immediate attention. Tolerance levels of Boards tended to zero and Risk Committees hounded the functional heads to comply by the written word, who, in turn, turned to the CIO to address the sane and inane collectively.
Whether it is internal, statutory, or third party audit, the basic intent is to review process execution consistently against good practice and compliance to stated policy. Additional frameworks on quality, process maturity, security, and others provide the enterprise incremental value over competitors. Policy, once stated, requires alignment with the real world to ensure relevance; thus, periodic review is critical. When regulatory restrictions impose process change(s) like in case of SOX or PCI-DSS or HIPAA, the enterprise has a limited choice but to comply. Some industries are more regulated than others; some companies pride themselves on their GRC frameworks, the rest follow the path of least resistance.
Options for CIOs
So what are the strategies the CIO can adopt to ensure that s/he does not get beaten up at every audit? CIOs should partner with their Internal Audit teams to work with each functional head and process owner to review and validate not just the process, but also the management of exceptions. If Internal Audit is unable to provide the necessary attention, seek external help; but do not ignore it. S/he should create clear accountability and transparency of every task across the cross-functional teams involved in the execution. It is important to note that people are the weakest link of any process discipline. Internal process champions or BPM experts are invaluable in the quest towards excellence.
Compliance is non-negotiable; our shareholders and regulators expect every part of the enterprise to conform to the laid down policies and principles. Good corporate governance expects no exceptions; despite all the controls we still come across black swans that disrupt the equilibrium and raise the difficulty level. Unfortunately, the enterprise CXOs and the CIO have no choice but to run faster to stay in the same place.
The CFO has traditionally controlled the purse strings ensuring fiscal prudence to keep the enterprise healthy, with adequate financial safety net. As a part of the management team, the discussion and debate ensured that investments stayed aligned to overall company direction. With adequate risk controls, only in rarest of rare cases, the CFO could overrule other CXOs. Recent times have been full of analysis and news that the CIO is no longer in control of the IT budget, now the CFO purportedly controls IT investment decisions.
The CIO being the youngest CXO, not always by age but by role, has evolved only in the last decade or so. Having typically grown from a technology background, he was perceived to lack business acumen and unable to take all aspects into account. The majority migrated and matured with ease, working lockstep with other CXOs, to the benefit of the enterprise.
Post slowdown, “new normal” changed organizational risk appetite; and with finances being scarce, the CFO rose to prominence. Now with growth back on track, why is it that the CIO continues to stay shadowed considering s/he demonstrated higher changeability and adaptation to the environment?
IT budgets have stayed stable over the years; with mature enterprises focusing on bringing down IT operating expense, leaving the capital investments open for discussion. Corporate and IT governance provided the necessary checks and balances on where to invest. So what gives rise to the new paradigm? Does it indicate breakdown of the balance or has the CIO relinquished his/her responsibility now satisfied to stay in the back office? Has the foundation and partnership set by IT crumbled with cost remaining the residual reality with the value being discarded on the wayside?
The cost-benefit debate
IT does incur cost; everyone is aware and acknowledges that a significant portion (40-90% depending on the enterprise, IT maturity, CIO, Board of Directors, etc.) of the budget is allocated to “business as usual”. Where the IT organization and its leader is unable to clearly communicate the benefits or have a dialogue with other CXOs as an equal, irrespective of the good work done, IT gets labeled as a cost thereby nullifying the efforts.
IT also delivers value to the enterprise, customers, employees and the shareholders. Sustained differentiation and competitive advantage in the near term are typically IT enabled innovation. Multiple industry IT and CIO awards, and case studies validate success clearly illustrating value. New disruptions created by mobile consumers, social online engagement, analytics, and many more would find it difficult to survive without a good IT platform and sustained focus. Is the balance shifting?
I believe that recent times have accentuated the value of IT and have created a wider role for the CIO that goes beyond technology lead interventions. Outsourcing the operational activities has also given the IT team an opportunity to focus on what matters. The task of managing the budgets and reporting has become even more important thus creating a stronger bond between the CIO and CFO. With increasing financial acumen, the CIO and CFO are on the same side of the table with the CIO deferring the financial decisions to the CFO. This is re-balancing the equation and not a shift.
“I use seven screens to manage my work and life,” proclaimed a high-ranking Silicon Valley geek working for a big technology company. It amazed everyone on the table who had challenges with two phones, one personal and other company issued, and a laptop. Seven devices, portable and fixed, comprised the stable of computing assets used across various operating systems, capabilities, synchronization with multiple systems, providing segmented information to cater to specific needs of this executive. Asked a CIO in the audience, “How do you remember which device to pick up for what purpose ?” Quipped the multi-device juggler, “Oh, it’s easy…”, and rattled off the work distribution.
Evolution of devices
When smartphones made their mark with the ability to push email and SMS, it ensured that the corporate worker had no option to 24X7 work. The small screen however posed limitations on what one could achieve on the phone. As screens became larger, the phone got bigger and bulkier, redefining the shape and size of what was once a small, pocket-appendage. The good thing is that the phone never aspired to replace the clunky laptop.
The advent of the tablet a few years back had researchers proclaiming the imminent demise of the laptop; déjà vu when the laptop made its appearance. Executives love the soft keyboard on the tablet, plus the ability to scrawl and convert to text but slowly realized speed limits imposed by this input method. Keyboards found their way back connecting to tablets and then everyone wanted spreadsheets and word processors compatible with their other devices. Reading on the smartphone has evolved to allow all types of documents barring few exceptions; the tablet had to compete with the phone and the laptop.
Dil maange more
Manufacturers are experimenting with different screen sizes, 5”, 7”, 9”, 10”, with justifications on why their version makes sense to the users, while the phones now have crept to 4”. Each has found traction with a set of users. segmenting the market by activity or deemed convenience. While initially Wi-Fi was acceptable communication channel, now 3G/4G is a necessity.
One more connected device, one more data plan to manage, the growing monthly expense is not a discussion, the ability to traverse across the screens is insatiable, which are evolving faster than (Charles) Darwin or (Gordon) Moore thought possible. The want rate is keeping pace with this and suddenly the hapless executive has multiple screens not wanting to discard the earlier one as quickly as s/he is acquiring newer ones.
Convergence of sorts
Will the phone and the tablet converge in the future? Many believe convergence is the way forward between the capabilities offered by the phone and the tablet with the new device offering the best of both worlds. Does it mean we will be able to make phone and video calls, surf the net, work on documents and applications, talk to the device, type on it as fast as we do on the humble laptop, and use it for entertainment; all this with clear demarcation and ability to segment usage as well as official and personal data.
I think that it will take longer than we believe it will. May be, there are individuals who will happily put a 7” or bigger device to their ears or use it with a Bluetooth speaker, the majority will manage the convergence or divergence with multiple devices and live with the associated challenges.
An intense debate between two CEOs ensued while I was listening with concentration to them; there was no debate on the need for every business to leverage technology to stay ahead of industry growth curve. Both had experienced success, but there was indeed a bone of contention. One of the leaders vehemently recounted the inability of ERP solutions and vendors to address the market dynamics. He cited many instances where the ERP vendor as well as his IT organization took longer time than business could afford; small solace that his competitors also used the same solutions and thus had similar issues.
The other CEO countered with an equal number of scenarios when the specific ERP had indeed been ahead of others. Now every ERP solution provides a complex array of parameters and settings that can be manipulated to provide functionality for most business processes. This complexity also becomes a bottleneck when any change is required. It is rarely as agile as other smaller solutions that can quickly be customized. CIOs have had difficult discussions on this aspect with ‘business’ and ‘vendor’ alike. The monolithic nature of the solutions indeed poses a challenge. Not that there are too many options, so the technology ecosystem has created multiple layers to manage the agility requirements.
Grudging acknowledgements later, both glared at me as if to validate their arguments and then turned back to each other. Before they could continue, I pitched in with thoughts on the new opportunity that has everyone confused and wondering with benefit statements ranging from better ROI to TCO, time to market, productivity, and the panacea to all ills that face every enterprise that uses technology.
This brought a smile to the face of the second CEO who began to lecture on the future being cloudy and why current IT models will no longer survive. He elucidated the benefits of the new disruptive paradigm the cloud is and why enterprises should be embracing this. Now the other looked imploringly at me to help him and I could not refuse the request. After all I had broached the subject so I had to provide a perspective.
Differing flavors of clouds offer different value propositions; the viewpoint put across by the CEO related to Application and Software as a Service. Both offer an easy way to deploy and get started on any new business area or process. The most widely accepted scenarios are sales force automation and collaboration; for SME, the benefit is limited upfront investments and no worries about managing complex technology. Beyond these mainstream business process remains firmly grounded in corporate data centers.
Irrespective of their physical location, the big ERP remains the same animal: big, monolithic, and complex. Separating processes like sales force or collaboration (read: email, chat, etc.) does not in any way create an opportunity for agile business process alignment for the rest of the enterprise. In fact, with the cloud, the base expectation is that business processes are standard and can thus be uniform across multiple companies. Clouds provide faster start points, but the change ability remains similarly constrained. A question from the audience inquired about ROI models for evaluating Clouds; that is another story for another day.
The two CEOs representing a large business house and a leading global ERP vendor acknowledged the reality and it was time to move on. The CEOs and CIOs listening to the interaction went away with both sides of the coin clear (?) to create their own agenda and discussion in their enterprises.
The other day I attended a congregation of CIOs with a dozen odd vendors sponsoring the event. It was a gathering of 100 odd CIOs who took time off on a Saturday to, amongst other things, patiently listen to the spiel. With representation across industries and a mix of senior and evolving leaders, the learning and networking potential was expected to be high. The investment of time from these leaders carving out a portion from their personal time was expected to yield reasonable value.
Now every sponsor vendor always seeks to disseminate information on their offerings and pitch their wares to every target segment. Traditionally this has taken the form of slide presentations that no one wants to hear. At times even the presenter is seen struggling to do justice to the content as s/he is not the creator of the slides, which, in many cases, are found to have lost their relevance. Futile attempts to change this model of engagement have left the participants numb as they grace such times with their physical presence but rarely with their minds.
Before embarking on the merits of doing business with their company, setting the context with the audience has always been seen as a good idea; and this is what they started off with. The first one off the ground started with data from respected research companies.
What is the business reality today? Not necessarily in order of priority, they are: expectations of growth, exploring new markets or products, driving operational efficiency, cost containment, IT lead innovation, and customer centricity. How do these impact the CIO? The CIO is expected to be a business leader shedding off the technologist skin; s/he should transform and work with other CXOs, overturn the iceberg of IT expense by reducing the operational expenses and by allocating higher amounts to new initiatives.
Slides titled “Changing Role of the CIO” advised the audience members about the need to “wake up and get going”. However, the best part was how their old offerings could now enable this shift!
Storage solutions, security service providers, system integrators offering RIMS, data center solutions, virtualization solutions, and even network solution providers found a way to connect the dots and make the CIOs appear like cretins and kids in school who needed to be reminded of how their performance will be measured. Best part was the repetition of content with the context lifted from the same reports.
We all know that CIOs are a patient lot and do not ruffle feathers easily. But when speaker after speaker repeated the cliché, the unrest in the room began to take the shape of a mutiny. Half way through the program, sparsely occupied seats greeted the incoming speakers; those present had no interest and thus engaged each other on the table in discussions, detached from the proceedings, in voices loud enough to send a clear message across. Over coffee, the vendors were chastised for their immature behavior with a clear message:
We know our reality better than you ever would; we transitioned to being business leaders a long time back; however you are still trying to sell to IT managers believing that the past is frozen. We did impact the expense-line and it was not about IT expenses only which is why you believe that we are not connected to the reality. Our CEOs and other CXOs do not look at us the same way they did a decade back; they partner with us, seek our advice and work together towards the common business objectives.
We are not enamored by hardware, software, new technology; we seek to solve real-life business problems, sometimes with help from technology. So, stop debating the changing role; it happened while you were busy trying to figure out why there is no traction any longer with the CIOs. It is you who needs to change to align to the new age CIO.
Last week I was in a conference of retailers discussing how IT can contribute to growth within their business and to the industry at large. The event had its usual bevy of IT vendors who had availed of speaking slots as well as many deciding to exhibit their products / solutions to target potential customers with their offerings. Attendance being large with representation across retailers, it was a great opportunity for the sponsors to engage.
Sloppy (and usual) vendor-pitches
Every marketing executive, when provided with the opportunity to deliver an address to a captive audience, attempts to put in everything that the company does, regardless whether it makes sense to the target audience. The result is that anyone listening is more confused than s/he was prior to sitting through the presentation. Charts and multiple boxes with bullet points are the norm. Animations and pictures add to the already crowded slides.
Deviation from the norm
But this was one conference that was crafted together by a panel of CIOs and vendor-representatives in conjunction with an industry body. The panel engaged with the sponsors through the planning process defining expectations and providing the suggested format of their participation in the event. Vendors presenting the traditional way using slides were expected to send their presentation to the committee of CIOs to validate the context aligned to the theme and to ensure that it made sense to the participants.
Thus, the agenda, the content headlines and the topics—de-jargonized by the CIOs with some catchy titles—were fairly relevant to the audience comprising a mix of business and IT representatives across the layers of management.
With a few exceptions, the changes to the pitch comprised slashing the number of slides to fewer than 20 and making them readable even by people sitting in the last row of the seminar hall. The clear message to everyone (read – presenters) was: What is the one big message you want to leave with the audience in your allotted 30 minutes? Can you engage and provoke thought rather than outline the menu of options your company has to offer? Given the task of reviewing three presentations each and ensuring that the changes are in line with expectations, the CIOs were a harried lot by the time they got into the conference. Few presenters still escaped censorship by either citing unavailability of global speaker-slides or by simply not responding.
Hits and misses
The end result? For those few who chose the case study route to communicate the benefits of their product(s) or service(s), the compliant presentations created a ‘wow’ (for everyone almost), and this was visible from the crowd outside their stalls.
But on the other hand, the vendors who ‘did their own thing’ found the audience twiddling with their smartphones, chatting to their neighbors, dozing off, or simply walking out midway. If I were to be a speaker, it would have been totally demoralizing for me.
In the day-end debrief one such vendor insisted that there is no other way to inform the audience of what his company has to offer. If the customer is not aware of the entire spectrum of offerings, how and why will s/he think about his company? According to him, when he puts across 10 points, a few will be remembered. He refused to believe that his speech was delivered but not received.
Some people don’t learn. (Sigh!)
The beginning of the monsoon season in Mumbai inspired me to push the boundaries again in quest of the silver lining in the cloud. Recent events around outages and security across multiple global cloud pioneers poses doubts on the movement of even non-mission critical applications outside of the corporate data centers. We are not just talking about infrastructure or platform as a service, but everything that is the manifestation of the public cloud.
Evolution of cloud
Over the last couple of years, every offering saw two shifts: first it had to have a cloud flavor and second around social networking (that is another story). Some termed this new euphoria as bubble 2.0 tinted by valuations achieved in recent IPOs. So everyone justified how this time it is different and why it is sustainable. Many large and small enterprises found efficiencies, at least short term, in shifting field functions like sales and service and collaboration on the move to the cloud.
Leaving aside the debate between public, hybrid, and private clouds, the real issue is about the promise of the cloud, irrespective of the vendor, the type of cloud offering, or the engagement model. The big benefit that every type of cloud offered was savings, real quantifiable savings, or better, total cost of ownership. CFOs would agree that TCO is always a good measure for any financial model if all other dimensions remain unchanged.
Cloud service providers’ financial models are contingent on multiple customers adopting their base-solutions which give them the efficiency of scale and repeatability. As the number increases beyond a threshold, they start making money. Non-concurrency improves yields, but prices remain the same for customers. So the financial models attempted to capture some efficiency-based gains, making them look attractive to the prospects.
A few unanswered questions
Most discussions got off to a good start with worksheets providing easy decisions. The newness of the paradigm left some questions unanswered, but during the slowdown, these were brushed aside. Some of these were:
a) What happens if the SLA is not met?
b) Is my data as secure as it is in my current state?
c) Can I move off to another cloud if I don’t like something? How easy is the transition going to be?
d) As I upgrade the internal systems, how do I ensure that their integration with the external systems does not break?
e) What recourse do I have if the cloud service provider goes bust?
I will stop here, the list is a bit longer, but you get the point.
Business impact due to recent outages and security breaches for some of the smaller customers was significant. Some of them just had to wait and watch with no option. A few had spread the risk across, and thus, the impact was limited. The big enterprises shrugged and moved on. How does one balance the adverse business impact against the cost savings? To me this is a bad compromise as everything is subservient to business interest.
Earlier this month I was confronted by a peculiar but innocent question from a young professional: “Do CIOs take real vacations, I mean, real long vacations with friends and family, free from all the worries of workplace and fighting fires that keep them at work beyond the normal hours?”
I began to wonder about the question. The more I thought about it, the more it troubled me; I mean, vacations without my email, phone, laptop, no connectivity; that was eons ago.
Today every executive, irrespective of hierarchy, is consumed by the need to stay connected with the workplace. Downloaded information and alerts keep the buzz going 24X7. Approvals via phone, business intelligence on the fly, are the norm; one cannot ever claim: “I was not informed” or “I did not have access to information”. To add to the clutter, friends and partners want to stay connected using various social networks.
So what is the vacation about? Working on the road with interruptions on the phone, balancing the laptop in between site-seeing trips, late night responses to emails with long attachments, talking to a vendor while soaking into the natural beauty staring in the face? For most of us who travel across time zones, the first reflex is to reach out to the phone to see what came through while we caught up with the forty winks.
What does it take to sell the Ferrari and become a monk who has no links with what we call ‘work’, while immersing into ‘life’. Is that a possibility in the hyper-connected, fast paced activity-conundrum? We CIOs created this paradigm for our enterprises to which every corporate employee is a willing slave.
Imagine if we did not answer the phone (may make us appear rude), stopped responding to emails and had an active ‘Out of Office’ message, let team fight the fires that make up a regular day at work; would it make a stress free day? Nine out of 10 times, people would say, ‘yes’, but nine out of 10 times they will suffer higher stress levels, wondering about what is, indeed, happening.
So is there a way out? I would hazard to say, ‘yes’. And it requires excruciating will power to execute; go at it one hour at a time. That is like taking baby steps and setting a realistic target because stating that I will not look at that device called the phone for a week is unlikely to happen. Feeling awkward, I called many CIO friends who took vacations recently and asked them if they did what I have outlined above. No prizes for the result of the survey.
I think Bob Dylan had seen the future when he wrote in the year I was born: “The answer my friend…”
Guess what, next vacation I am going to try it. (It’s always the next one, isn’t it?)
Once upon a time, many moons back, the IT industry discovered multi-shore sourcing, I use this term to encompass all types of (out)sourcing initiatives, and with that came long-term contracts; 10 years was normal, and five years was seen as short-term. A lot of these that termed themselves as Strategic Sourcing also built in innovation, new technology, business process linked contracts with broad intent on changing market and business dynamics.
The fever spread across the globe and no markets or sectors remained untouched. Big or small, almost every company was expected to embrace this new wave. The euphoria within the enterprise as well as IT companies was such that companies that did not enter into such arrangements were seen as stakeholder-unfriendly or just plain dumb for not acquiring the obvious value.
As the years passed by, many companies reported rumblings of discomfort and missed expectations. Analysis appeared to indicate specific issues with companies and individuals for not putting in their best effort, safeguarding the model with zeal, lest the industry collapse with an unsustainable framework if there were indeed cracks in the carefully crafted contracts, service level agreements and reference architecture that represented the blueprint for the future. Business, profitability, political and other pressures forced reviews and scale down.
Downside of long term contracts
Prudent and rigorous reviews also exposed that long-term contracts had advantages of consistency and predictability, but lost on taking advantage of swings in the IT industry as well as did not bring in the level of efficiency or capitalization of quick market trends requiring agility that was possible with short-term relationships or with the ability to review and recast the terms of engagement, say, every alternate year. This was reflected in the drying up of the decade-long deeds and most engagements focused on a 3-5 year term. Maybe, ‘familiarity breeds complacence’ also took root; with both parties, in most cases, working hard to keep the marriage going.
There is no implication that these did not deliver to promise; some of them did and continue to do extremely well; some required significant investments in governance. Leaving aside labor arbitrage, the value captured did stretch the boundaries of discussion and measurement models.
Sustenance of outsourcing
New models now seem to be emerging with a focus on outcome-based payment schedules and collaborative investments in new technology exploration. But the basic framework has survived the troughs and waves of the economy and the resultant impact. The challenge of growth (manpower retention) has mutated the needs and solutions into new forms with service providers hungry to get back to growth of the past, but discarding the learning of unsustainable linear growth assumptions.
Outsourced contracts or strategic sourcing contracts will thus become expensive and non-tenable with linear growth not aligned to market/ business or the (in)ability to manage sudden shocks or black swans that keep coming back to surprise us. Periodic review of terms of engagement, even if they imply disruption, is the need of the hour; the IT industry, however, is not very excited.
It was an interesting meeting of a few CIOs with the debate revolving around IT Governance. From all types of models being discussed, the common subject of woes shifted to business intelligence (BI). All the CIOs present had large investments in BI with varied degrees of success, some more than the others. Everyone acknowledged the presence of multiple tools and technologies with no single vendor possessing the ability to address the wide spectrum of needs. It was evident that their respective enterprises had reached a level of maturity in adoption of IT that would be the envy of many companies—large and small.
Later in the evening, as the discussion continued over drinks, with rising ‘spirits’, the voices became louder, the emotions hotter, and the language looser. It so transpired that all of them had a few common service providers and solution vendors; stories exchanged may stay in the room but the lessons may be shared.
Most companies have common groups created with IT and business participants to explore, evaluate, and decide on solutions. These heterogeneous groups are typically led by the CIO or a senior IT leader who orchestrates the process. The process is similar across companies, with one or more of the following steps involving RFI, RFP, Demo/POC, business case, budget approval, negotiation, and commencement of the project. A few vendors in their excitement sometimes try to take shortcuts which almost always result in unpleasantness for everyone.
But the more interesting phenomenon occurs when solutions don’t really meet the functionality requirements by a reasonable margin, but the sales person, in his desire to meet monthly/ quarterly—or whatever—sales target, pushes ahead with the desperation of a man clutching straws to save himself from drowning. Everything then seems possible with a tweak, a small code change, customization, bolt-on systems, or some to be released fix in the next version or patch.
Stick to best practices
The resulting tragedy of errors, omissions, round pegs in square holes and heartburn caused to the IT and business teams is imminently avoidable by following the process the way it should be, the urgency on the part of the sales person and his/ her manager ensuring that targets do not override good business practices. It is not okay to withhold information or bend the process to fit the tools, neither it is acceptable for the CIO to allow leeway in the due diligence process. Even with rigor practiced, it is probable that some critical elements may remain uncovered. The business and IT teams will have to manage such exceptions (not a rule).
The luxury of time always eludes us in such activities; many a time deferred decisions put pressure on delivery of milestones, thereby compromising quality or extended time lines and sliding targets to fix issues that could have been avoided with collaboration from both sides. Good practice is a result of everyone being on the same side of the table; a skillful CIO should and will recognize the body language when the problem is being twisted to fit the solution.