We, as CIOs, deal with systems and data that are valuable to the organization. In other words we are custodians of all the information assets of the organization and therefore assume the responsibility of securing and protecting them.
I have spoken to a lot of information systems practitioners and the moment there is a mention of security, the talk immediately shifts to firewalls, perimeter security, UTM, and the like. It seems as if people have been conditioned to think of tools as the only means for addressing the issue. A formal approach to the subject would, however, reveal other issues that need to be attended to so that we develop a holistic view on matters of security.
There are two aspects to security. One is to preserve and protect data so that it is always available for access and the second is to keep it secure so that it is inaccessible to people who are not authorized to do so. A simple and a clear thinking would reveal three aspects that need to be addressed, such as, people, process, and technology. Let’s discuss each of them separately.
People: You may have all the technology and tools but it ultimately will depend on the people who run them. The first thing is to make them aware of the necessity of keeping data and information secure so that the data is available as and when they want.
Many organizations hold awareness and training sessions for employees so that they understand their respective responsibilities and also the dos and don’ts of dealing with organization’s data. They are also apprised of the security policies framed, their roles and also consequences of breach.
People often tend to ignore these advisories, and therefore, many companies regularly send e-mail blasts to all employees so that they sit up and notice, while others install wallpapers and screen savers on the user desktops so that they are constantly reminded of their roles and responsibilities.
Process: When data is to be kept secure, one would need to have a set of rules and processes which act as a guide for execution of the steps necessary to ensure safe keeping of data. All good organizations compile documents listing the standard operating procedures for back-up of data and for ensuring security from unauthorized access.
Companies call these as a ‘back-up policy’ or a ‘security policy’ document. This is circulated amongst employees or posted on their intranet pages for ready access for people who may want to refer to it. If these procedures are communicated, employees cannot feign ignorance for non-compliance. It is, however, not enough to just inform and sit back; adherence to process must be monitored regularly either through a process of internal audit or by audits conducted by an external party.
Documentation of all complaints, incidents, rectifications need to be preserved for study for any serious breach in security.
Technology: In a complex computing environment of today, where we are connected within and outside the organization, it may be difficult to ensure safety and security without the use of automated tools.
Organizations should evaluate and assess technologies that are appropriate and relevant for the needs of the organization. Choosing of the right technology elements should be based on the computing environment and the organization risk assessment based on the criticality of various business opportunities and risks.
It is here that we talk of firewalls, perimeter security, intrusion prevention, antivirus/ spam, identity management, UTM boxes, automated back-up tools, storage technologies, disaster recovery solutions, etc. In my opinion, this forms the third aspect of our preparedness and tools only go on the serve the larger business purpose.
The whole talk of security is incomplete if we do not talk of all aspects of security and safety. Only a reference to technology and tools leaves us woefully short of our task to provide the organization the right environment where the business can function with ease without being unduly bothered about the safety and security of their information assets.
In the last piece I spoke about the importance of quick decision making and that just mulling over a decision and taking time leads us nowhere. Afraid of making a mistake, we sometimes try and avoid the situation. If, however, we take decisions and they turn out to be good ones, we would get going and not look back. Now, how does one become good in the decision making process?
Process of decision making
Let us look into what is involved in decision making. Decision is all about taking a stand on a particular issue and choosing ‘to do’ or ‘not to do’ a certain thing. At other times, it may have to do with a set of choices and for us to select one from them to go on with. In doing so we consider the best fit solution and also mull the consequences of selecting any of the other choices. But a selection we have to make, sooner than later, and if we don’t someone else will walk away with the cake leaving us high and dry.
Modes of decision making
There are various ways of taking decisions. The best way in many a cases is one which is based on facts and data. We collect all details and classify them into those which are in favor or against a particular choice. These work very well in cases where facts and figures are clearly available and more the data you have, the better the judgment would be.
There are cases, however, where data may not be available and therefore we may have to make choices on various other factors such as our principles, ethics, and so on. We sometimes take a particular step based on our intuition or based on our strong likes/ dislikes even though it may not sound logical. It is, therefore, important for us to understand where we are coming from, when taking decisions.
Elements of good decision making
Quality of our decisions rests a lot in the way we arrive at our conclusions. Let us look at a few factors that are ingredients of good decisions.
Well considered: When we study a certain issue with all seriousness and consider various aspects that speak in favor or otherwise and we apply our judgment based on the facts we have with us. It is not a choice made casually but one with a sense of responsibility.
Balanced and fair: We act as a judge and try to deliver a judgment which is fair and not biased either way. Here, we are true to ourselves and retain our sense of balance considering the right or wrong in making our choice.
Free from emotion: Decisions made with a level head where the heart doesn’t rule the head (except for cases involving human issues). Emotions often mar our judgment and we ignore logic and facts when arriving at a decision.
Ethical: It is important that we do things in a manner that is right and acceptable. So when exercising our choices, we keep ethics and good conduct as a part of our decision making process. We should connect to ourselves and not do anything that hurts our conscience or values we cherish.
Consider both from long term and short term: Depending on the situation and need, we need to take decisions based on the needs that are immediate or sacrifice the short terms needs in favor of long term goals.
We may sometimes make mistakes when taking decisions and on hindsight blame ourselves for being inadequate or incompetent. This may not be the right thing to do. Many years ago I was in a state of remorse after facing consequence of a decision that went wrong. It was my superior then who drew me aside and gave me valuable advice. He explained to me that we all take decisions that we think are right in the circumstances and which are based on the understanding that we have at those points of time.
So we should not wrong ourselves but take a lesson from the error and move on. This is where people often lose heart, shed their boldness and then start withdrawing from decision making or pass it on to the others. They vacate the center stage. We surely can do better and hold our head above water.
Related post: The importance of decision making
We all are involved in the decision making process in our day-to-day life, whether in office or at home or elsewhere. We say good about those who can take quick decisions; we call them efficient and effective. One may feel it is futile to discuss about this topic stating that this trait is an innate part of our character and nothing much is possible to be done. But people are trainable, aren’t they?
We see some people taking decisions and moving forward while some others stay put with the current situation due to indecision. Some make bold decisions, take risks and jump far ahead and out of reach of others while some exercise extreme caution and make little progress. Is this a quality that is inherent in a person or is it one that a person develops over time. We can perhaps leave this matter to be debated by philosophers and psychologists, and move ahead and discuss the consequences of poor decision making.
Taking a stand
In our day to day professional life we are confronted with various situations where we are required to take a stand. Our decisions may relate to choosing of a technology solution or a partner, fixing up something that has gone wrong in the datacenter, resolving unreasonable user demands and many such things, but these decision points are critical and essential part of our work. If we keep taking decisions, work moves on and we embark on the next important matter. However, if we are stuck with indecision, matters come to a standstill and it affects our productivity and efficiency.
I am in no way hinting at hurried decision making or taking matters casually. Decisions need to be taken with utmost care; and these need to be well considered and sound. The process may take longer in some cases which require analysis and research but it is important to take a call after a reasonable time has elapsed.
Not all decisions we take may be correct and perfect; we may make mistakes at times and that is human―a corollary would be to say that we would not make a mistake if we do not get into decision making. I am reminded of one of our Prime Ministers, who had adopted a unique approach of postponing decisions hoping that circumstances will take care of the problem on it’s own. To quote Paul Newman, “A man who waits to do something so perfect that nobody would find fault it, he would do nothing.”
Effects of indecision
Consequences of indecision or delayed decision are enormous. First, you lose on time; things that needs to be done today will be done tomorrow or the day after. Any work getting stretched over days leads to inefficiency and higher costs. If work does not proceed as scheduled, there is a sheer waste of resources put on the job. Both our assistants and also the end users, so affected, develop a wrong impression and lose confidence in us. By not acting on time we may lose out an opportunity to make use of a situation or lose out on making a difference to the environment when it was most essential.
On occasions when we stretch the time for making a decision, the situation changes and the decision loses its relevance. Delay in decision could also alter your position from a winner to a loser. I would like to share the example of my son who is a brilliant amateur chess player. He makes well considered moves and often surprises opponents ranked higher than him, but loses a few games due to time constraints. He considers all possibilities to choose the correct move and hence consumes more time. The lesson he has to learn is that if he develops the habit of faster decision making, he could win many more games and the championship. Rather than looking for the perfect move, he can move with faster with quicker decisions and not mind if there is a rare move that is incorrect.
Decisions are taken easily taken by people who have courage; as they proceed ahead, their confidence grows. If they make mistakes they consider these as opportunities to learn and move on.
When it comes to training and development we think of ourselves, but perhaps it is as important to think of development of the rest of IT staff who work for us.
Coming from the era of ‘command and control’, we often commandeer the staff and lead them as we move along. We pass instructions and we expect them to obey. We think it is our role to think and strategize and it is duty of the staff to execute and carry out instructions given to them. This may sound demeaning but we do act that way many a time.
This approach obviously has negatives. We are pressured and where the staff does not perform as desired, we are left to face the user and even though we may make all those excuses and shift blame, the user is unhappy. There are times when staff and managers do not begin work in your absence and wait for you to come and give instructions. Staff does not participate or add value – they merely do what they are told.
Not a very happy situation, or is it? What if in my absence my manager takes an initiative, solves a problem and saves the situation? We come back and discover that someone has filled up for us. Won’t we like to encourage people who are knowledgeable, competent and who take initiative?
To ensure that IT staff stands up to perform on various occasions, I have to ensure that they have the right knowledge and competence to tackle various problems. Developing them can be in various forms. One is to send them for technical training courses or even certification courses. They learn new skills and develop greater insights into the requisite technical area that they are supposed to deal with in office.
Another way could be encouraging them to attend various vendor events / product launches and other seminars. This opens them up to new developments and also gives them a chance to network with people from other organizations.
It is also a great idea to introduce the concept of periodic departmental meetings where the IT head first shares the IT strategy drawn up, plan/ budget for the year and also reviews the progress of various projects. This way the staff can understand the overall direction of the function and can also get to know of going-ons in the department.
One great learning was the concept of creating a ‘teaching and learning community’ as taught to me by an HR colleague many years ago. Here, each person is encouraged to read thoroughly about a subject of his choice and then take a session to tell others what he learnt. This encourages learning and creates a certain enthusiasm in the function.
Technical skills by themselves are not adequate to equip IT staff to deal with any situation. Some soft skills are also critical for their success. There are many skills that can make them grow up in confidence. I have seen people blossom after they had gone for courses like communication skills, leadership programs, negotiation skills, team building exercises, creativity and innovation programs, etc.
Impact of education
It must be said that as people move towards developing their wholesome personalities, they turn out to be real assets for the department. There have been times when I would deliberately move out of a situation so that the next in line learns to handle a difficult situation on his own. There have been times when my managers would ask me to relax when on leave, saying that they would handle things in my absence and wanting me back, fresh after a good vacation.
Many of the managers who had worked with me in the past are now full-fledged CIOs on their own and are making news. Little did I understand that they were professionals of great potential and once encouraged they could go on to achieve great heights.
We get busy, don’t we? Every day chores, problems, trouble shooting, projects, et al. So much to do every day, leaving very little time for us to breathe. We visualize the CIO as an overworked individual struggling to keep everyone happy and getting more of brickbats than bouquets. With so much to attend to, he gets very little time to look around himself and or to spend time on his professional development.
Extracting time for oneself
Now if a CIO devotes so much of his time in keeping the ‘lights on’, he would be neglecting his need to grow and develop. Rather than portraying himself as a victim, he should extract some time for himself.
There are many ways that he could accomplish that. He can develop a clear plan and schedule all his major activities in conjunction with the organizational priorities and user-requirements. Once the plans are agreed upon with the management, he could concentrate on major projects and refuse to take up ad-hoc work that is often thrust upon him. That could release a lot of time otherwise spent on many of these miscellaneous activities.
The CIO can delegate work by developing his managers and takes care of planning and monitoring. He should, in fact, outsource some of the routine activities and follow-up so that these tasks do not take time of his managers and himself. These and other measures could release time that he can use on himself.
Balance between ‘P’ and ‘PC’
Stephen Covey, in his book ‘7 Habits of Highly Effective People’, speaks of the balance between ‘P’ (production) and ‘PC’ (productive capacity). If an individual keeps delivering or producing, he would get accolades; but there would come a time when he is asked to deliver more, he runs out of ideas. A more accomplished person in this situation would apply innovation or new methods or technology to come out an appropriate solution. Now, where will the conventional manager stand if he falls short of what is expected of him?
Importance of self improvement
It is therefore very important that while we take care of our day-to-day performance, we also take out time to develop and equip ourselves for the future. The question often asked is ‘how much time should I allocate to development’ – the answer would depend on every individual and to each situation. Whether we practice 80:20 or 70:30, it is important that we consciously keep working on our development and make ourselves relevant for the future for otherwise we may lose out in the world of new order.
There are various ways that we can recharge ourselves. What we have studied in our engineering, science or other disciplines in our college gets outdated over a period of time and may be not as relevant in changed times.
We have therefore to learn new technologies, new management methods, new ideas and new solutions. One way is to enroll ourselves in academic courses – I have seen people joining management courses, either by leaving their jobs to do full time courses or obtaining degrees by attending up evening classes or through correspondence courses. The added qualification and confidence help them in going up higher.
I have seen a few others attending events and professional seminars where they keep themselves abreast of the new developments and get in synchronization with contemporary methods. Some enroll in short executive development courses of management institutions and become more knowledgeable. Some others join certification courses and learn to use the technologies better.
Such an individual, therefore, is constantly working upon himself to get better and develops additional capability to take him up to higher levels and the makes him eligible for taking up higher responsibilities. Learning never stops in life and the higher that he goes, the more he will have to learn.
IT plans and budgets often look progressive and impressive. The bigger the organization, the larger would be the budget and speaks of the power that the CIO commands. But the real power is derived from implementing them and making the solutions work. The status of the CIO and of the IT group goes up a notch every time they make a success of any project.
As we make plans for the coming year and start working on them, it is the year-end review which lets us know if we were good enough in meeting our commitments. A good report card strengthens the position of the CIO in the management group. While this requires hard work and dedication on his part through the year, the approach direction he takes has a great significance. Let us take a look at various measures that he can take towards this end.
- Setting priorities: It is important that clear priorities are set and that execution plans give clear precedence to matters that stand high on the list. We have to ensure that these are business priorities that are in line with the strategic plan of the organization. The real success of IT lies in enabling business in meeting market expectations and in achieving growth. If the right attention is not given to such projects, all sundry matters occupy the space thus crowding out resources from important projects leaving them incomplete. When such projects of importance like supply chain automation, CRM, sales force automation, ERP etc, lie unfinished, they give a poor impression of the IT program, even though the IT staff we may have done a great job in storage deployment, Network implementation etc.
- Projects should be well-conceived: We have to avoid situations where we move three steps forward and two steps backwards. I often find people starting off a project under pressure from the user but later finding various gaps in understanding and scope definition. Such stoppages and getting back to review details puts back the IT plans by several weeks and are often difficult to make up. It is therefore crucial to put that extra effort to manage user expectations and to fix up the scope and coverage before kick-off.
- User involvement / ownership: Projects that start without a clear user involvement and those where the stake holder has not assumed full ownership are bound to falter. Many a time CIOs give this a pass and proceed as they try to complete their task as defined in their KRAs. In most such cases they get into trouble as they struggle with scope creep, and lack of user co-operation in defining specifications and subsequent testing. It is advisable to hold on to the project till the users get on board.
- Project management: This is an essential skill that the CIO has to possess and apply. Projects are always prone to delays and it is here that he has to apply his skills in undertaking regular reviews, use Gantt charts, and other project management techniques to intervene where necessary and on time. Delays have to be addressed immediately so that they don’t grow bigger needing escalation.
- Vendor management: Vendors are important constituents to the projects, whether they are hardware, software, network vendors or system integrators. Their knowledge and experience can easily be leveraged upon to fix problems at various stages of the project. It is important to build relationship with them and keep them engaged in the project. A good practice employed by many organizations is to have the vendor partner as a member of the Steering Committee. They can bring specific expertise at crucial junctures and get the project going.
A good handling of activities can see us achieve the objectives set at the beginning of the year. Even though all milestones may not have been crossed a good success rate draws appreciation of the organization since some of the projects get delayed because of various organization constraints. A plan capped with a sound execution signifies excellence.
We struggle with our IT budgets every year. As the year draws to a close, we try to estimate all that is in store for the next year and go about jotting it down. The problem is that the ‘budget’ not only carries what we want to do, but also carries the demands that users and user departments make. The challenge is two-fold—one is to arrive at a realistic estimate of expenses, and another is to get them approved by the management. Now how does one go about these tasks?
The act of making a wholesome budget and getting it cleared by the management is an art. It consists of a series of steps—right from carrying forward unfinished tasks from the previous year, to undertaking new and fresh programs in the New Year. The budget also covers routine tasks and maintenance of the current systems, aka keeping the ‘lights on’. A tricky job, this.
I suggest the following steps to make sure that we are right in our budget making:
1. Requisitions from functional departments: Ask departments to list out their requirements of IT support, along with their business plans which trigger these requirements. Try not to accept simple requests for the PCs, printers and software without them specifying the accompanying business need. This needs careful handling, as mere collation of requirements run contrary to our stated objective of being effective CIOs. We have to ensure that IT serves the business’ purpose. Unless the assets are put to right use, you cannot obtain benefits.
2. Bring out the Information Systems plan: Prepare a plan document that states the main business issues that IT plans to address. For example, these may include process automation in the plant, supply chain efficiency, ERP, work flow in specific areas, or sales force automation. This is the language that business understands, and the management is also clear about the addressed business challenges. In such cases, budget approvals are not very difficult to obtain. Routine expenses including maintenance and AMCs are usually not discussed on such occasions.
3. Translate in to an IT plan: Once the main direction for IT receives approval, we need to translate this in to a list of necessary equipment and software to be bought (or hired). This has to be executed carefully, taking into account new technologies and solutions offered in the market. It is advisable to review the current status of hardware and software—suggest upgrade or replacement where necessary.
4. Estimation of prices: This is often a challenge. I have been in both spots—situations when prices used to go up every year as well as the latter environment when prices saw a drop every year. In either case, it is best to apply our best judgment by obtaining prices from vendors—either formal or informal. You can formally ask vendors to submit their budgetary prices and then apply your judgment. This way, we come to a financial figure which may not vary widely with time—unless of course there are unforeseen changes.
5. Presenting to the management: On this front, you can put up a presentation to explain IT’s efforts to enhance business capability or efficiency, or send a note that clearly explains the direction being pursued and considered assumptions.
During my career, I have taken this approach and seen it work. I admit that getting a budget approved is not always easy—all the more so at times of low growth and recession, but proper persuasion would help avoid drastic cuts to the IT budget. The IT budget is often the first victim when cuts are imposed on spending, but if put across as a business initiative, spends may look justified. Lastly, it is important to work on the approved plans during the year and come out successfully–let us remember that we again have to approach the Board next year for approval of our budgets.
Procurement is one of the prominent tasks undertaken by a CIO regularly. In order to get ahead with his program, he has to constantly procure new hardware, software, network solutions, and services. Poor bloke; he goes about this difficult task and often gets entangled with the host of options thrown at him. Well equipped to deal with this he finds his way out and has the last laugh.
A few, however, bite their finger nails and look around for help. I have often received calls from my friends asking me how I dealt with a particular situation. Their dilemma is understandable. Vendors and media hurl jargons, shout from rooftops about new technology solutions, and send mailers to all including the CEOs. Sometimes the CIO is forced to look at a technology offering that either he or the vendor representatives know little about. One way to get through this problem is to do a detailed study, ask specific questions to vendors and ask them to convince how the solution would benefit the organization, once the need is defined by the company. A document in the form of RFP (request for proposal), clearly stating the objective, can be of great help.
Receiving the proposal and going through it is another challenge. Many a times vendors stretch the solution and increase the scope and it is here that the CIO applies his clear sense of propriety and calls in the vendor to stay within the limits of the actual requirement. However you cannot prevent the vendors from exercising their ingenuity in suggesting to us better solutions and this surely is to be appreciated. When receiving proposals from vendors, care has to be taken to see that main parts of the proposals are similar and only some specific areas are put up as value-adds, as otherwise it may become difficult to compare and evaluate the solution for decision making.
Juggling with the proposals is, again, a difficult task. We usually prepare a comparison sheet tabling features and the corresponding responses from each vendor. Most of the responses, however, look similar and we then have to draw out our decisions from the responses that go in favor of one or those points which go against the other. Here again, assigning weightages to various points could help as all features may not be of the same significance. There are also some qualitative measures that need separate treatment. So notes and explanation serve the purpose of supporting the decision that we make.
It makes a lot of sense to call in the parties for free discussion and clarify whatever queries that we have. Sometimes our own understanding could be at fault and therefore need to be whetted. A great advantage of open discussion is that each vendor brings in his perspective and says a word or two about the rival product. This brings in greater insight and opens up more points for discussion and evaluation. Of whatever I know of technology, a lot is due to vendors, who have given me free education during such meetings. An in-depth knowledge of technology makes our judgment surer and steps that we take to implement such technologies go in the right direction.
We may select one of the products/ vendors out of the whole lot that we evaluate. Vendors losing out are sore and feel that the evaluation has not been fair. It is a good practice to call the vendors not selected and explain to them the basis of their decision. Vendors may or may not agree with you but at least they go with the message that there was some logic applied to the selection. By doing so I have been able to retain my relationship with vendors over the years.
I followed one axiom very early in my career ― always try to get the most out of the technology we acquire. This may seem very simple to state but when practiced the results could be amazing. I would expect many to say that this is what they are doing but then where is the catch?
People implement technology in its various forms and do implement those projects ‘successfully’. But success is a relative term, it could either mean technical completion that is successful or that the purpose for which it was put in place has been served. More often than not it is a successful completion of a process. It is like scoring marks in an examination but not taking into account whether the student has thoroughly understood the subject or not.
Let me explain further with examples. We have seen many of our friend CIOs claiming their ERP program to be a success. I am no way doubting their claim of having putting in the ERP in their organization and making it run, but when asked about the main business drivers for ERP and their fulfillment, I do not generally get clear answers. I find very little transformation being attempted and no significant changes to the business processes. The usual refrain is that there is user resistance and that it is only for the functional heads to suggest and drive process changes, etc. So it’s usually a story of a job not fully done.
Another area that lacks full credibility is business intelligence. I have heard CIOs proudly announcing of their arrival into the BI club and that they are now ready to share their success story with anyone. When quizzed further, I find that their implementations speak of various reports and the ease of their generation. Many a time I find them to be routine reports comparing actuals against targets or budgets or reports showing analysis, say of region-wise, product- or category-wise, or salesman-wise sales; or may be, a simple inventory analysis.
Well, these reports can be generated otherwise though with some effort, but I don’t see any intelligence in them. These reports do not generate any insight or throw up hidden trends or exceptions to the general rule. How then we call it a BI project?
Let me also talk about sales force automation (SFA) ― a clear demand of business with the advancement of communication technologies. It’s good to see CIOs willingly pursuing this initiative and taking a lead. Implementation is done, field salesmen regularly send in data, and thus, the reports are generated. They give more information than was possible earlier and the marketing/ sales team can get data at a more granular level. But when asked whether the data has given them more insight into matters or trends that they did not know or whether they have got valuable info to re-strategize their moves, they draw a blank.
Now imagine if the ERP were implemented with noticeable process changes leading to elimination of non value-added steps, significant reduction in process time, savings in inventory, better customer order fulfillment and better response to market needs, the technology would work wonders.
Similarly if the BI implementation gave important information through deep dive analysis of production wastages, of market trends, customer behaviors not otherwise known, the result would itself pay back the investments in BI many times over. If SFA could give deeper understanding of markets and trends that we can immediately attend, the company can be a real winner.
My point of emphasis is that an IT system that we implement can be more comprehensive and the one that addresses the objectives of business. We need to apply ourselves fully, get into the depth of the business systems, and keep an eye on the competitive advantage that the business can derive.
Anything falling short of these requirements would be what I will term as ‘vanilla’ implementations.
Many years ago, as I was submitting the summary of our findings of study to the CEO of a client organization, his remarks stayed on with me for long. Our assignment was to assess the efficacy of their IT program, and suggest improvements in its functioning. Amongst other things, we found that some of the IT assets like PCs, printers were bought but not utilized; similarly, some software solutions were not implemented due to disagreement with the users. As expected, the CEO was disappointed, and said that he expected his CIO to be more responsible.
The CEO considered his CIO to be the custodian of all IT assets —one who ensured that right solutions are bought and put to proper use. When the CIO asks for a budget and subsequent buys, he clears them in good faith with the expectation that he would look up to the CIO to take care of them. I thought that these were significant remarks which clearly demonstrated the CEO’s expectations and consequences of the CIO not living up to those expectations.
What I learnt in that exchange helped me immensely when I moved on to the corporate world as a CIO. Whenever I put up a plan to the Board, I did sufficient homework, and then proceeded to ensure that all spends were properly justified. Let me share with you some of the actions that I took.
In early days, desktops were provided to officers and staff based on their requirements. However, certain senior officers would often misuse this facility. They would get a desktop or laptop on their table (as a status symbol). They ended up not using it; or occasionally asking their secretaries/assistants to come and type out their emails or letters. Sensing this as the waste of an asset, I sent a message on behalf of the management saying that PCs that not being personally used by officers would be withdrawn. This worked like magic. Officers scampered to learn usage, and were home.
To cite yet another example from another organization, I found that the previous CIO had ordered for VSATs a year ago, but couldn’t somehow put the solutions to use. The first thing I did was to introduce enterprise wide e-mail and use the VSATs – that helped in developing an immediate rapport with the CEO.
Later on, I was put in charge of the ERP project. Instead of just attempting a successful implementation, I felt that the real success of ERP was when it starts to benefit the organization. So I worked relentlessly on process improvement in all areas (including manufacturing, materials, sales and finance). That proved to be a great experience. In such cases I feel that the best approach is to resist the temptation of putting the blame on users—instead, try to work with them and turn them around.
Assuming full responsibility for IT assets means due evaluation of requirements, proper selection, full participation to ensure success of each implementation, regular scanning of all areas to ensure that the assets are being utilized, and to keep looking for continuous improvement.
The bright side of this approach is that the management and users develop confidence in us as CIOs. Budgets and proposals for new projects are easily cleared. People start trusting us, and the famed user resistance reduces to a low and a manageable level. Vendors are also happy that their product/service is being utilized well and they come forward to support our initiatives. This really works.