Meta Group Quarterly: How regulation is driving IT strategy
by Meta Group, Luis Leamus
Date: October 22, 2003
CIOs need to be aware of their liabilities...and focus on cost and value
As if we don't have enough acronyms in the IT industry, another has emerged from the US called the CGO – the chief governance officer. But this is one worth serious consideration, with leading US organisations such as Kodak and Pitney Bowes recently making CGO appointments.
Responsible for driving and coordinating enterprise governance efforts and responding to mandates like Sarbanes-Oxley, the CGO should become a close colleague to the CIO. The need for the CGO is highlighted by Meta Group research that found 70 per cent of Global 2000 CIOs have a limited understanding of their personal liability.
This new role comes at a time when regulatory mandates such as Sarbanes-Oxley, HIPAA, Basel II, GLBA and PATRIOT Act are key contributors to driving IT direction, spending and market growth. Furthermore, these regulatory mandates have emerged as being able to inflict severe IT pain and the costs of failure are higher, particularly for executives being held liable for regulatory compliance. Painfully, IT's critical role and the true cost of its past, may hamper the issue being recognised at an organisations' highest levels.
While governance must not be ignored, the CIOs' main focus must remain on safeguarding the information and technology assets of the corporation. However, not only are CIOs not aware of their personal liability 80 per cent of Global 2000 organisations lack a fundamental understanding of IT risks and the potential use of insurance as a risk management mitigation strategy. Due to growing impacts of technology on business strategy and execution, we believe that, by 2005, IT-based risk management will outweigh financial risks as the most serious threat facing the industry
These new regulatory pressures, riding alongside cyberterrorism fears, are driving moderate increases in security budgets for those organisations already secured and much larger increases for those newly awakened. By 2003/04, more than 40 per cent of Global 2000 CIOs will engage third-party providers for independent risk assessments to better understand and reduce their enterprises' risk exposure.
With most other IT investment levels either at a standstill or falling, CIOs face a simple choice. They can switch to defensive mode (sit tight and wait for a recovery) or plan new initiatives that can deliver demonstrable, enterprise-wide bottom-line benefits.
As a first step, Meta Group recommends initiatives that focus on (re)establishing the IT organisation's reputation and credibility. Near-term initiatives are consolidating the installed base, removing infrastructure and application redundancy, and increasing the velocity, range, and reach of information sharing. Longer-term initiatives are developing a proactive strategy and planning process, and establishing an enterprise architecture and programme management competency centres to create innovation programmes that can bring immediate business benefits.
With such fierce competition for IT expenditure, a shocking Meta Group study found that more than half of Global 2000 organisations use inadequate processes for evaluating and determining IT investment priorities. Currently, 70 per cent of Global 2000 enterprises use single-dimension criteria to select and prioritise IT investment projects - generally cost/benefit analysis or some type of return-on-investment calculation. Fewer than 10 per cent use several levels of criteria - risk, life cycle, economic or strategic value, etc. The remaining companies still rely on a first-come, first-served method of allocating IT resources to projects.
One key issue for CIOs is their struggle to communicate to business colleagues that IT is not just another cost to be managed. Companies that focus excessively on slashing expenditures can miss out on technology's potential to promote innovation. As seen from Dell's use of IT, general and administrative overheads can be one-third the industry's average as well as a source of increased cash flow and capital funding. Leading CIOs understand that IT automation raises top-line growth and bottom-line profits. One tool to help measure IT improvements is benchmarking. This can often be used to provide compelling and sometimes career-altering discoveries about a particular situation. But benchmarking must only be used as a means to an end. Leading IT executives use benchmarking to categorise performance into a baseline of measures that a performance improvement programme can act upon. This is then followed up with a post-change benchmark to validate the improvement programme's goals.
In terms of its people, IT organisations are finally getting relief from the issue of high staff turnover. Findings from Meta Group's 2003 IT Staffing and Compensation Guide indicate that the overwhelming majority of survey respondents (75 per cent) report voluntary turnover rates at less than 10 per cent of their total IT workforce, a far cry from the 35 per cent to 40 per cent voluntary turnover occurring in 2000 for many organisations. Global 2000 organisations should utilise the temporary lull to develop and deploy human capital management processes to enhance long-term retention, such as non-monetary employee recognition and strategic learning.
However excess resource capacity remains at a bare minimum and high-performing executives continue to face the dubious task of maintaining performance with decreasing resources. To minimise performance failure risk, these individuals broaden the definition of milestones to include cost on a sliding scale (e.g., reduction acceleration, expansion deceleration) and quality on a sliding scale (e.g., improvement acceleration, reduction deceleration) along with time/speed (e.g., point in time, duration, movement). This approach provides more actionable focus and acceleration in individual and organisational thinking, collaborating, and changing, which in turn enable better leverage of existing resources and more rapid communication of incremental resource needs.
In the recent stressful times, Meta Group has found that individuals and organisations gravitate to what is known and what has worked previously. Such sentiments influence recruiting practices. Recruits familiar with "our industry" and "our technology" may be unable to apply technology innovatively or improve upon established IT management approaches. Hiring managers should look to leverage alternative industry experience and technical expertise to foster new thinking and improve IT's value proposition. And finally, things are looking up for former CIOs as organisations are becoming more predisposed to securing their services on a temporary basis. Reasons for doing so include managing IT until a CIO replacement is hired, leveraging expertise to complete a key project, and having to confront situations headlong with little regard for political ramifications. This practice will gain acceptance as dependence on IT deepens, IT fails to deliver on its value proposition, and experienced CIOs become available due to retirement or transition.
^macro[showdigestcomments;^uri;Meta Group Quarterly: How regulation is driving IT strategy]