A Delicate Balance - InformationWeek
09:34 AM
4 Keys to Improving Security Threat Detection
Dec 15, 2016
In this webinar, Ixia will show how to combine the four keys to improving security threat detectio ...Read More>>

A Delicate Balance

Companies walk a fine line between scrutinizing tech spending and stifling IT leaders

In a storage room at Concord Hospital in central New Hampshire sits a never-been-used, $100,000 database server. The system is supposed to let physicians and nurses access information about patients' electrocardiograms from workstations throughout the facility. So far, all it's done is collect dust. The process of integrating the system into the network, upgrading workstations, and training users proved more costly and complex than expected, at a time when hospital administrators have clamped down on spending. Can you guess which hospital recently took steps to bring more checks and balances to its technology-buying process?

Companies everywhere have had their own experiences with IT projects that were ill-conceived, poorly executed, or fell out of alignment with business priorities. Morgan Stanley estimates companies overspent on technology by $130 billion in 1999 and 2000. And the spending spree left senior IT executives with some explaining to do. "A lot of CIOs are under tremendous pressure," says Ralph Szygenda, CIO and group VP at General Motors Corp. "The belief is they haven't been adding as much value over the last two or three years as they should have."

But the problem is by no means theirs alone. At most companies, business-unit managers, CFOs, and CEOs are involved in purchase decisions and setting business-technology priorities. In the wake of the tech-spending spree, and as businesses bring greater scrutiny to all aspects of spending, executives are re-evaluating the issue of IT governance--who exerts influence over IT spending and when? At the heart of this lies the role of the IT organization and whether under increased scrutiny the traditional IT executive's role and credibility grows or is diminished.

Gary Light

Concord Hospital's project-charter process should increase IT credibility, chief technology officer Light says.
At Concord Hospital, any IT project that will take more than 40 hours of employees' time or a $1,000 capital investment must go through a new project-charter process. The process involves application analysts who report to IT yet represent various business units, an IT project-management team, and a business-unit sponsor of VP status or higher. The biggest projects require sign-off from top management. "The long-term effects will be known down the road, but it will have a hugely positive impact for IT credibility," says chief technology officer Gary Light, who adds that the hospital hopes to resuscitate the EKG database project by year's end.

What are other companies doing to ensure that their IT priorities and business priorities are one and the same? Most have committees of some sort to discuss IT purchases, according to InformationWeek's Redefining Business: The C-Dynamic study of 225 executives, split evenly among CIOs, CFOs, and CEOs. More than 80% of companies have an IT evaluation committee that includes technology and business managers, and two-thirds have steering committees that oversee IT purchases.

Less common are high-level IT governance councils that provide fairly constant oversight by the CIO's superiors and other top executives. As these types of councils become more assertive, it's better to work with them than against them, says Scott Dinsdale, executive VP at the Motion Picture Association and former CIO of BMG Entertainment. "If your organization is being singled out, it could be a fundamental sign of a lack of credibility," Dinsdale says. "My suggestion in this situation would be for the CIO to jump in, say, 'Hallelujah, this is great!' and use it proactively to establish priorities."

In fact, IT executives are often the ones spearheading IT governance councils, says David Caruso, an analyst at AMR Research. Rather than stifling the CIO, such a council can thrust him or her into a more strategic role. "IT governance councils give CIOs a broader voice in the corporation," Caruso says. "They get them working more closely with the business leaders to prioritize IT strategies and make them executable."

C-level executives from business and IT meet monthly to collaborate on technology at one in four companies surveyed by InformationWeek Research and quarterly at one in three. But the business-technology roles of CFOs and CEOs go well beyond setting IT strategy. When evaluating their companies' latest proposed major technology purchases, CFOs and CEOs spend, on average, three days investigating the technology itself. And when it comes to approval, CFOs sign off on IT purchases that exceed $250,000; for CEOs, it's nearly $700,000.

More oversight and input from top business managers doesn't necessarily mean IT managers are losing power or significance. "It isn't just IT that's getting greater scrutiny," notes Barry Shuler, CTO of Marriott International Inc. "It's every aspect of our business." Large IT projects at Marriott face the same review by an executive-level committee as any major business investment, and IT projects that pass the business-value test are moving forward. Case in point: An extranet project sponsored by CIO Carl Wilson is going ahead because of the expected value from being able to securely exchange information with partners such as franchisees and property owners.

Some CIOs continue to grow in stature. At logistics company Ryder System Inc., CIO Ed Vital recently joined the company's leadership committee, a group of eight top executives that includes CEO Gregory Swienton and CFO C.J. "Corky" Nelson.

Vital has earned their trust by building a reputation as an IT specialist who understands the business. "So many of the things we do in our business, our core competency, is centered around IT," Nelson says. "And when we're talking about strategic issues going forward, I want to make sure we have the head of IT at the strategic table."

Vital spends nearly as much time at a customer site as the Ryder business managers who support that customer directly, Nelson says. For example, Vital has spent time in the field with Applied Materials, Cisco Systems, Dell Computer, and Lucent Technologies, helping design the logistics services that Ryder would provide those clients as well as implementing the IT tools for delivering those services. In that way, Vital has something important in common with other CIOs. In our survey, CIOs say they spent 20 days on average investigating the technology used to support the major technology purchases made by their companies--and 30 days investigating the business problems the technology supports.

While business executives may be more careful today, they haven't lost enthusiasm for technologies that promise to transform their companies. At Concord Hospital, chief operating officer Joe Conley remains a big believer in IT despite that mothballed EKG server. "Using technology, we're building things here that will be quite exciting in the next five to eight years," Conley says. For one, Concord is working to make patient medical records available electronically. "We recognize the true meaning of the paperless office," he says.

Concord's recently imposed charter process identifies project risks, estimates work hours and total investment, and prevents projects from creeping beyond their initial goal. For example, a project that was intended to let doctors view radiology images from their home PCs began to broaden as discussion ventured into installing software on workstations throughout the hospital and maybe even upgrading workstations to support the new software. "The business-unit vice president doesn't really see this happening. Next thing you know, you're spending a lot of time and money trying to please different people, which might not be consistent with the original goals," Light says. "The project-charter process clearly helps everyone be on the same page and sets the expectations for IT and for the customer." The hospital pulled back to the original objective of providing access from home to keep the project on track and on budget.

But the kind of close oversight that comes with that approach can increase tension, along with planning and paperwork. "Sometimes I have challenges with technical people who want to get things done," Light says. "They ask, 'Why do I have to go through this charter process when I can have the network up in no time?'"

Governance councils and charter programs aren't exactly revolutionary, even if they're increasing in influence and importance. Forrester Research says that much more radical changes are on the horizon, and that at some point, IT organizations will cease to exist as they are today. The consulting firm predicts that more companies will adopt structures that focus on business and technology, rather than on IT, using a model it calls external technology management. This new model takes technology ownership and procurement away from the CIO and IT department and puts them into the hands of the CFO and business managers. Rather than reporting through the CIO, the IT organization will be split into various functions, such as research and development or procurement and will report to business executives. Forrester sees the CTO staying on to oversee R&D, while the CIO disappears altogether.

A few companies are experimenting with new models, including doing away with a CIO-type job. Bethlehem Steel Corp., which is operating under bankruptcy protection, moved its IT department into a business-services division, which includes transactional and technical services. The company didn't replace the chief of procurement and IT when he retired; instead, it kept a director of IT, Larry Clees, who reports to the VP of business services, who reports to the CFO. The previous chief IT executive reported to Duane Dunham, president and chief operating officer.

This approach isn't being tried only by companies in trouble. W.W. Grainger Inc., a Lake Forest, Ill., distributor of industrial supplies, doesn't have a CIO, but instead formed an Office of the CIO late last year staffed with business and technology executives that Grainger chairman and CEO Richard Keyser saw as having a view of the entire company. The goal was to create a group of business and IT people--who came from the IT, business-process, quality, training, and project-management groups--who would first determine business objectives, then decide how to solve them via technology.

The group is led by a senior VP of enterprise systems, Timothy Ferrarell, who reports to the chairman. CTO and VP George Rimnac leads the IT effort within the enterprise systems group. "My first reaction was 'why don't we have a CIO?' My second reaction was to realize this is a bigger job than one person can do," Rimnac says. In the past, Rimnac says, he was often left to advocate for projects himself, without a business partner, while the new system forces cooperation. "Now I stand next to a businessperson who supports my project, and we defend the proposal together," he says.

Richard Jones

Jones' main role as chief technology officer at Countrywide Credit Industries is to identify and promote technologies that can help it expand from a mortgage lender to an international banking and finance company.
More than a year ago, Richard Jones, CTO and managing director at Countrywide Credit Industries Inc. in Pasadena, Calif., was promoted from executive VP of enterprise architecture; the company doesn't have a CIO. Countrywide formed a technology architecture and standards committee, including the top IT manager for each business unit. Those people first report to the heads of their respective business units, with a dotted-line report to Jones. Countrywide's business-technology committee, chaired by CEO, chairman, and president Angelo Mozilo, reviews any project of more than $100,000. A third committee looks at IT human-resources issues--such as parity in developer pay across the company, career paths, and training.

Jones' main role is to identify and promote technologies that can be used in innovative ways to help Countrywide expand from a U.S. mortgage lender to a global company that also offers insurance and banking. "I find myself spending more and more time defining those business models and creating technologies that make them work," Jones says.

CIO or no CIO, it's clear that the goal of executives is to get greater control and focus when it comes to IT. In the summer of 2000, the CEO of Covenant Health, a group of six hospitals in eastern Tennessee with $1.7 billion in annual revenue, left the company amid mounting business problems. The board of directors took over management until a replacement could be found. The company worked with Science Applications International Corp.'s consulting service to develop a better system for IT buying. Within the past few months, it implemented an executive-leadership group made up of senior executives responsible for overall IT governance, though day-to-day IT planning and oversight is managed by the IT Steering Council, headed by CIO and senior VP Frank Clark and staffed with 15 senior business managers. A council of technical professionals responsible for the nitty-gritty technical details of Covenant's IT infrastructure, called the Architecture Advisory Group, reports to the IT Steering Council. "When you don't have strong IT governance in place, it seems as though IT has its own agenda," Clark says.

He knows that firsthand. Clark says Covenant spent a lot of money on clinical systems in the mid-to late 1990s, but those technologies often weren't ready for prime time. And each business unit tended to seek out best-of-breed technologies for its individual use, without much regard to standards. A large number of IT systems and projects were duplicative and didn't match up to an integrated strategy. "There was a lot of hype surrounding IT, and then there was disillusionment," Clark says. "Now we're regaining some of that lost credibility."

Executive IT Priorities
Which technology areas do you get involved in or care about?
Technology AreaCIOCFOCEO
E-business 143
Security 274
Data management and storage369
Consultants or strategy advisers425
Customer-facing applications 531
Network and systems infrastructure 687
Service providers and outsourcing752
Back-office applications 816
Network and systems management998
Mobile and wireless 101010
Digital convergence 111111
Credibility certainly won't come from trying to protect a fiefdom of direct IT reports. Some IT departments are smaller because companies have outsourced development and other IT work. Plus, the edges of the IT department are blurring as workers that were in central IT get pulled into business units and vice versa. Dual reporting structures are becoming commonplace. That can lead to CIOs with big mandates but relatively small staffs.

Consider GM's Szygenda or TRW Inc. CIO and VP Mostafa Mehrebani, who've made it their missions to outsource much of the grunt work and stock their internal teams with business strategists and project managers. Mehrebani says he's concentrating this year on beefing up the business knowledge within TRW's IT department and better utilizing the dual reporting infrastructures that are in place. "I'd rather have my people look at business requirements than be hugging servers at the end of the day before they go home," Mehrebani says. That means more training in the areas of project management, outsourcer relationships, and business analysis for IT workers.

It's a work in progress. A few years ago, TRW collaborated with MIT's Sloan School of Business on what it calls the "federated model," a hybrid of a centralized and a decentralized IT organization. Every IT worker has dual reporting responsibility to a business manager and an IT manager. "Business units are in charge of their own destinies for execution, but we also benefit from centralized collaboration, best practices, synergy, and the buying power of a $17 billion company," Mehrebani says. TRW is also committee-friendly, having formed an information-systems policy council consisting of Mehrebani and the CIO from each business unit. The council gets together each quarter to discuss strategy and tactical issues, inviting certain group presidents and IT directors.

GM has closely aligned its IT and business interests since 1996, when it put together a detailed IT portfolio-management process: Business units rank their proposed projects, which are then reviewed by Szygenda and GM's CEO and president, Richard Wagoner Jr., to establish budgets.

GM escaped the IT spending binge without major embarrassments. "We might have gone out and had a few drinks, but we didn't come back drunk," Szygenda says. The automaker spent about $2 billion on Internet technologies in the past several years but reduced its annual IT budget from about $3.7 billion to $3 billion primarily through platform consolidation, outsourcing, and other cost cutting. Szygenda says 5% to 15% of those Internet investments, or $100 million to $300 million, were spent on ventures that didn't pay off. Still, he categorizes those losses as the type of high-risk ventures a company needs to make in the quest for progress. But the majority have paid off, such as an online auction site for previously leased cars that's saving more than $100 million a year and GM's OnStar personal-services technologies.

GM's IT department structure resembles a matrix: Each business unit has a CIO who reports to Szygenda and the business-unit president. Szygenda also has process-information officers who manage IT projects and processes in horizontal areas such as manufacturing and engineering. "So at any position, I have two viewpoints: a business viewpoint and one on standardization and driving process," Szygenda says. "It creates tension, but that's the tension that helps us make the best decisions."

In some ways, these changing structures and the influence of governance councils are a reaction to the decentralized IT organization approach, which at some companies may have been taken too far, resulting in wasteful and mismanaged spending rather than closer business alignment. Countrywide CTO Jones says his company learned through trial and error about the best organizational structure for IT. An overly centralized organization in the early 1990s didn't work closely with the business; an overly distributed organization in the late 1990s resulted in chaos and a lack of standards. "We began to pull it back together and identify things that needed to be horizontal," Jones says.

Countrywide, for example, maintains a core IT organization that operates as a service provider, providing infrastructure support for the rest of the company. Yet each business has its own business analysts, developers, and project managers for its technology needs. IT project sponsors must devise a cost-benefit analysis, full description, and time line for completion before proposing a project.

Those efficiencies have helped cut IT costs at Countrywide. Even though the company is spending more on technologies for its new businesses, the IT budget has decreased as a percentage of revenue from 5.2% in 1999 to 4.8% in 2001.

Collaboration has been a key trait of experienced IT executives in these challenging times. Speaking a few weeks ago to a group of business technologists, FedEx Corp. CEO Fred Smith said his close working relationship with CIO Rob Carter has helped the company spend strategically on IT initiatives--and throttle back when business slowed. The secret to success, he said, involves collaboration among an executive management team that includes the CIO. "If you have someone else between yourself and the best CIO you can get," he said, "you're making a mistake."--With Steve Konicki and Chris Murphy

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll