Register your product to gain access to bonus material or receive a coupon.
World-class IT leadership solutions from working CIOs: detailed, realistic, proven
Every year, IT leadership becomes more challenging. Don't go it alone. Get practical help from the people who know what you're up against, and know what works: your most successful peers. In CIO Wisdom II, more than a dozen of today's leading CIOs share specific, realistic, up-to-the-minute techniques for maximizing agility, cost-effectiveness, and business value. You'll find solutions for managing both the internal and external forces impacting IT, and for dealing with more than 20 of your toughest issues -- business, technical, and human. You'll find specific, realistic approaches to everything from architecture to outsourcing, new technology selection to governance. CIO Wisdom II: it's more valuable than your last consultant -- and a whole lot more cost-effective.
Anticipating the next transformation in your role as CIO -- and getting ahead of the curve
Delivering real-time, mission-critical business intelligence: lessons from the military
Integrating the enterprise: New best practices and cost-effective technical options
Quantifying and maximizing software return on investment
Mastering five crucial lessons for successful IT outsourcing
Managing outsourced environments for maximum responsiveness, flexibility, and efficiency
Leveraging the value of open source -- and minimizing its risks
Using IT to improve business processes -- and improving your own internal processes, including procurement
Systematically securing your IT facilities
Achieving compliance -- and leveraging those investments for competitive advantage
Previewing tomorrow's key trends in information management
© Copyright Pearson Education. All rights reserved.
IT Governance: Toward a Unified Framework Linked to and Driven by Corporate Governance
Download the Sample
Chapter related to this title.
I. WHAT MAKES A CIO TICK?
1. The Changing Role of the CIO.
2. Scope of the CIO.
3. It's All About Marketing.
4. Creating a Community of Practice for CIOs.
II. HARDWARE AND SOFTWARE TECHNOLOGY.
5. Securing the IT Facility.
6. Running Business Critical Applications Over the Internet: "The Middle Mile".
7. Information Management: What's Next?
8. Enterprise Integration: Methods and Technologies.
9. Towards Collaborative Supply Chains Using RFID.
10. Real-Time, Mission-Critical Business Intelligence: Lessons from the Military and Intelligence Community.
III. INTERNAL FORCES.
11. Software Return on Investment (ROI).
12. Starting with the Users.
13. Business Process Improvement.
IV. INFORMATION ARCHITECTURE.
14. The Five WS of IT Outsourcing.
15. Outsourced Environments.
16. Enterprise Information Architecture.
17. Adaptive and Aware: Strategy, Architecture, and IT.
V. EXTERNAL FORCES.
18. Open Source-Time for a Plan.
19. IT Governance: Towards a Unified Framework Linked to and Driven by Corporate Governance.
22. Navigating the IT Procurement and Outsourcing Process.
Inspired by the public meetings and private discussions of this elite group of thought leaders, this book covers many areas of interest to CIOs, IT professionals, and business leaders. Featuring new coverage of essential topics found in the original CIO Wisdom, as well several new topics this book should be considered complimentary to the CIO Wisdom, and we encourage you to read that book as well.
While each of the authors contributed their own thoughts without prompting or guidance, there are threads that appear between the various works that weave into something interesting. While the reader may cherry-pick their favorite topics and hop around between chapters, connections will appear around every turn. While every CIO has their own way of clustering their view of technology and business, the section grouping in this book is just one way to help you find a starting point for your learning experience. The following paragraphs describe the rationale behind each section.
2.1 What Makes a CIO Tick?
Ever since the dot com bust and the corporate financial reporting scandals of the late 1990s and early 2000s, dramatic changes have been taking place to the internal and external environment in which the CIO operates. This, in turn, has forced CIOs to reevaluate who they are, how they should set their priorities, and how best to react to the dynamic forces of change. In the wake of the Sarbanes-Oxley legislation and the mandated increased board oversight of operations, many CIOs struggle under the intense scrutiny. As the IT operation seeks to maintain its role in the organization, or perhaps gain more influence and respect at the executive table, how the CIO is viewed and how he1 thinks is ever important.
In this section we look at unique role of the CIO and try to understand what drives him.
Chapter 1, "The Changing Role of the CIO," by Phil Laplante and Don Bain, first appeared as an article of the same name in the IEEE's respected magazine, IT Professional. It is reprinted here with permission. In this chapter they examine Nicholas Carr's hypothesis that the role of IT in the organization no longer matters, because it offers no competitive advantage. In fact, because a company can only be at a disadvantage if their IT functions poorly, IT is a commodity. Phil and Don examine Carr's thesis from the perspective of CIO functional roles, reporting structures, and career risk.
In "Scope of the CIO," Tom Costello, a long time industry insider, looks at the evolution of the CIO and the environment around him along several broad dimensions including: organizational structure, governance, mission and function. Tom argues that the role of the CIO has changed over the last 20 years, but that in some ways, it has remained the same. While the old checklist style of IT management may still work at some levels, a well constructed IT Plan may prove to be useful for both the operations of the IT department as well as a roadmap for the career development of the CIO. Finally, the elements and purpose by which such a plan can be constructed are covered.
In the "It's All About Marketing," Autumn Bayles, gives us one perspective on the role of CIO; that of the CIO as "salesperson". We've heard time and again from our member CIOs of the importance of being able to influence colleagues, subordinates, superiors, and especially board members through persuasion (or, marketing, as she puts it), and Autumn addresses her enlightenment in this regard. This is the only chapter written in the first person but we didn't want to change it to third person because it's really a delightful glimpse into the life of one of our Superstar CIOs.
In the last chapter, "Creating a Community of Practice," by Phil Laplante describes the origins and evolution of the Philadelphia Metropolitan Area CIO community of practice, the CIO Institute. It provides the setting from which this book evolved and provides a glimpse at the dynamics and creation of this high-powered group. Some of the situations and issues described here should prove of value to those starting or nurturing a similar community of practice for CIOs or any C-level community, for that matter.
2.2 Hardware and Software Technology
While it is true that many CIOs did not come up through the technical ranks (often through finance or operations) and even the most technical CIOs frequently delegate the most minute details of the technical aspects of the job to subordinates, a CIO needs to be techno-savvy. In this section we look at a selection of the kind of hardware and software technology issues that the CIO most face. In particular, the convergence and integration of hardware and software within the physical operations security, operations, and supply chain is noteworthy in each chapter.
In the first chapter, "Securing the IT Facility," Joel Richmon and Paul Nowak look at a frequently overlooked aspect of the IT function interfacing with the systems that control the physical security of the facility and its employees. Indeed, many CIOs are being tasked with overseeing some aspects of physical security as these systems become increasingly more complex and networked. In some cases, the CIO works in conjunction with a Chief Security Officer (CSO). Whatever the case, the CIO needs to be as aware of facility access control, fire protection and notification, and human identification as he is of firewalls and antispam filters.
Next, David Frigeri looks at the importance of network throughput measurement and improvement of data communications in "Business Critical Applications over the WAN: The Middle Mile." In particular, he discusses why simply increasing bandwidth is not enough to alleviate congestion you must also understand the underlying communications protocols and how they behave under stress. As he notes, taking advantage of the Internet is a matter of accomplishing two strategic objectives, assessing where the organization or the application is today and what the future requirements will be. He also addresses three reoccurring performance challenges, navigating through the Internet via the Border Gateway Protocol (BGP), TCP throughput, and resolving LAN-WAN mismatch. In any case, the CIO needs to take a structured approach via a situational analysis to ensure the underlying infrastructure is measurable, available and performing (M.A.P.) to the requirements of the application. David offers extensive advice and case studies in this regard.
In "Information management: What's Next?" John Wollman focuses on the evolution of "information management" and the business and technology ramifications as organizations co-evolve with technology. To establish context, the chapter begins with a focus on the underlying technology of an information management value chain. Next, a novel Corporate Performance Management (CPM) model is described. This model is proffered as the business driver that requires organizations to increase the value added information as it flow up through the management hierarchy to adequately measure, monitor and respond to changes in the business climate.
In Chapter 8, Min-Jin Yoo, Raghu Sangwan and Robin Qiu, three friends from academia with extensive industrial experience provide a high-level (and remarkably non-academic) overview of "Enterprise Integration," This chapter is a great primer on integration methodologies and enabling technologies and provides good background material for some of the later chapters, particularly those in the section on Information Architectures. More importantly, their discussion is platform independent. Of particular note are their discussions on the very hot technologies of Service Oriented Architectures, Web Services, and the sharing of business logic across applications.
Radio frequency identification or RFID is an important emerging technology that is not without controversy. In "Towards Collaborative Supply Chains Using RFID" our friends Robin Qiu and Raghu Sangwan describe how rich, collaborative supply changes can be built using this emerging technology. While they don't go into the electronic implementation of RFID or the economic issues that would be beyond the scope of this text they address the more important issue of how to design and implement a product tracking and information system that enables the real-time visibility of products as they move through the supply chain. And they provide a usable architecture that is scalable, industry and platform independent, and which uses commonly available hardware and software.
Finally in "Real-Time Customer Data Integration and Information," renowned author and consultant, and CIO Institute Member, Alan Simon, draws upon his experience as a bona fide air force intelligence officer to show how techniques from that domain can be applied to business intelligence. It's a neat chapter. While he introduces basis concepts of business intelligence and corrects some common misconceptions, he also provides an interesting glimpse at how real-time decision making is done in the military. The parallels between the decision making needs of the "Strategic Air Command" and business is fascinating.
2.3 Internal Forces
The CIO is a juggler while in one hand he must deal with ever changing hardware and software platforms, in another hand he must serve and satisfy his internal constituents. Then he has to find a way to manage the numerous, sometimes conflicting constraints of the external environment, in a third, non-existent hand. In this section we turn from hardware software issues to look at the internal forces that confront the CIO. This is a short collection of chapters because many of the other internal influences are dealt with elsewhere; for example, the decision to outsource or not and IT portfolio planning discussed in the next section. Moreover, many of the internal forces affecting the role of the CIO were covered in the first section on "What Makes a CIO Tick?" But there are a number of additional internal issues that needed to be covered.
In particular the following chapters focus more precisely on the value proposition of the CIO function, that is, we address the question of "what must a CIO deliver to the organization?" The answer to this question involves the financial and business advantages that the IT function provides to a business (despite the fact that Nicholas Carr might disagree that IT provides any value!)
In Chapter 11, for example, "Software Return on Investment (ROI)," Phil looks at various models for valuating the cost of IT as well as the different mechanisms for representing IT as an investment. Besides covering the traditional accounting issues of whether software is an investment or an expense, this chapter examines the alignment of ROI calculations with organizational metrics. The Chapter concludes with a mathematical review of many traditional cost justification techniques. If you hate math, you can just skip the final section (although we recommend that you don't).
The next chapter "Starting with the Users" by Melissa (Mickey) Skelton and Gerard Gallucci (with the US State Dept at the time of this writing, now with the United Nations), examines the issue of how the CIO can become disconnected from their user clients, and how important it is to remain connected. Her discussion is reminiscent of the Quality Function Deployment (QFD) technique (representing the "voice of the customer") which is widely used in manufacturing and has been adapted to software development as a means for capturing user requirements and ensuring satisfaction throughout the software production process. In any case, Mickey describes what the CIO should do to ensure that technology is user-driven without becoming beholden to the users. Her approach includes involving the setting expectations properly, engaging users early and often, and maintaining control.
What good is information technology (IT) if it doesn't produce a process improvement? An organization should not spend even one dollar on IT if it is not clear how a business process will be improved and if it doesn't reasonably expect a return on that dollar. In the final chapter of this section, "Business Process Improvement" Peter Kraynak provides a simple yet effective framework for improving a business process of any kind, and shows the relationship to business case development. Peter argues that the most effective approach to process improvement is through the use of Six Sigma, along with its roadmap of DMAIC. Adopting this discipline will guarantee the achievement of a positive ROI and will enable you to do your job properly as a CIO. In addition to being a primer on the topic of Six Sigma and DMAIC, the chapter answers the following questions; what does a CIO need to know about business process?, what is Six Sigma and why is it so effective and why a CIO should utilize a Six Sigma approach. The chapter includes a case study.
2.4 Information Architectures
With the rapid changes in language, protocols, standards, tools defining robust information architectures is of supreme importance to the CIO. But the architecture does more than isolate the enterprise from these rapid changes in technology it must insulate the organization for environmental changes such as government regulations, competitive pressures, and market conditions for the product and for labor. In this section we look at approaches for protecting the organization and adapting to these changes.
A version of Chapter 14, "The Five Ws of Outsourcing," was derived from a roundtable discussion of the CIO Institute and "first appeared in IT Professional as "The Who, What, Why, Where, and When of IT Outsourcing." It is reprinted here with permission. In this offering members of the CIO Institute describe the nature of IT outsource, and the main drivers in the decision to outsource or not. They then describe several rubrics for the outsourcing decision.
In "Outsourced Environments" Raghu Sangwan looks in detail at the perils inherent in outsourced projects such as time zone differences, time dynamics, and tool compatibility. This chapter is a natural follow on to the previous one. After describing the inherent difficulties of outsourced development he then provides management techniques for mitigating these challenges, these include focusing on monitoring and control through the use of appropriate metrics. The resultant set of best practices can be used in virtually any outsourced environment.
"Enterprise Information Architectures" (EIA) may easily be one of the more used and misused terms in our industry, and Tom Costello takes his turn at boiling the key elements and history into primer on EIA. With a combination of observations and "how to", the reader will get an overview of the value of an EIA and how this document fits into the array of tools every CIO needs to efficiently and effectively chart the course for aligning the vast tangle of IT with the business needs of their enterprise.
In the final chapter of the section, "Strategy, Architecture, and IT Leadership in an Age of Commoditization" Rob Kelly presents a sweeping tour de force that, at once, places the evolution of IT into the context of other kinds of technology revolutions, and describes how IT leaders can respond to this revolution and protect against the next one. The key lies in the structure of the IT organization and how well it shifts paradigms to operate in the new world, and how intelligently it allocates resources and selects its business partners. Indeed, the nature of the IT organization has evolved from the bastion of monks with mysterious powers that now one else understood, to a brotherhood of diplomat accountants. He suggests that the configuration of the IT organization's strategy, resources, and business intelligence to form a learning organization (our term, not his) is critical to its survival.
2.5 External Forces
The final section in the book looks at the many external. If this book were considered to be a kind of SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats), the first section would be focused on CIO "Strengths" and the last section "Threats" (the "Opportunities" and "Weaknesses" are threaded throughout all of the chapters. In particular, we look at the various external threats, drivers, constituencies, and stakeholders to which the CIO must contend with. These include use of open source software, tools and standards; conformance to open and closed standards; compliance with laws and best practices; and dealing with the threat or eventuality of litigation.
In "Open Source Time for a Plan," 2 Tom Costello updates and expands on a work previously published by Technology Times, the bi-monthly newspaper of the Eastern Technology Council. Elements of the original article are reused with permission. This chapter provides a brief update on the worlds view of Open Source compared with the narrower use within the US. While this chapter includes some definitions and background material to make the reader more conversant in Open Source, the reader is then taken into a broader look at the drivers and challenges facing the market at large. Though not a "how to" of Open Source, this chapter will broaden your thinking on the need for an Open Source plan for your enterprise.
In Chapter 19, "IT Governance: Leveraging IT Service Management" Dave Pultorak takes a look at IT governance from a unique perspective. He starts by providing a theoretical frame work for corporate governance. He then looks at three dimensions: ensuring that the corporation meets regulatory requirements, ensuring that the corporation achieves performance objectives, paying appropriate attention to relevant stakeholders. Along the way Dave provides a whirlwind tour of most of the relevant standards or models to which many CIOs are held or which are used a framework for management and decision making (e.g. CMMI, ISO 9000, Six Sigma, TQM, ITIL). Finally, he offers an IT Governance Checklist that can be used for a rapid assessment of your organization's IT Governance health.
Municipal, county, state, and federal government entities are increasingly relying on email and Web based enabled facilities to improve service, increase information flow, and in some cases, reduce costs. But governments don't and can't always work like private enterprises. In "E Government" Dianah Neff, CIO of the City of Philadelphia, one of the most E-savvy cities, provides a great perspective on this topic. Dianah provides best practices, lessons learned, and important information on; setting and meeting strategic goals and objectives, governance, technology issues, and communications and outreach. This information is particularly useful to any government or non government entity that is considering an initiative to deploy customer centric e-services.
The job of the CIO includes the function of risk manager and religiously following the rules is the best way to mitigate risk. In the next chapter, "Compliance," John Supplee tackles the sticky issue of complying with the ever shifting sands of governmental regulations that can hamstring an IT operation, raise the stakes of any problems encountered, and give the Board fits. John knows what he is talking about having to navigate the many regulations of the SEC, Federal Reserve Bank, and more. John takes the perspective of a small to mid-size company CIO the large companies have teams of compliance people to work with IT.
Finally, Frank Taney's chapter on "Navigating the IT Procurement and Outsourcing Process" represents a kind of reality check for the IT Industry. In a way, he frightens us into realizing that we ought to be more careful about the way we negotiate contracts, make promises, and inadvertently set expectations. If you follow Frank's advice, you'll stay out of the kind of trouble that every CIO dreads costly and distracting litigation, arbitration, or mediation. Nothing is worse for a business then to have to waste resources defending poor decision making, management, or project execution. The best remedy is prevention.
We have both seen Frank present this material in person, and we wanted all of our readers to have the benefit of his counsel. This chapter is the next best thing to actually visiting with him.
After assigning chapters to potential authors, or rather, as they were self-assigned, we constantly monitored progress and provided advice and encouragement to our authors.
Any endeavor of this sort trying to coordinate the activity of many important and busy people, takes a great deal of effort. Fortunately the technology of email helps a great deal.
After we had received all of the chapters we undertook the process of editing them. We did not impose heavy editorial restrictions on the contributors because we wanted to preserve the authors' original voices. Therefore each chapter is uniquely original, varying in length, writing style, and most importantly, perspective. We did not want to destroy any of the contributors' intent with heavy-handed editing, and so the chapters remain largely as diverse as the contributors themselves.
Finally, after we had compiled and edited the chapters, we sent the compilation out to each of the authors and to other CIOs and experts for review. We then incorporated their comments into the final draft. This draft went into production process for copy editing and formatting. Finally, the edited and formatted draft was sent to each of the authors for one last check before going into production. The result is the book you hold in your hands, and we are very proud of it.
All trademarks are copyrighted to their respective owners.
1 Throughout the text we use "he" or "him" most of the time when referring to the generic person. We find this less awkward than the use of "he/she" or "s/he" or "him/her." But in all cases, of course, we mean the generic person male or female.
2 Tom Costello, "Familiar with Open Source? You should be," Technology Times, August 2003.
Download the Index
file related to this title.