12:15 PM

SmartAdvice: Craft Vision Statement So It Motivates And Leads

Vision statements must reflect the organization and involve everyone, so make them simple and achievable, The Advisory Council says. Plus, consider your company's needs for archiving and what's already in use when choosing business-messaging systems, and staying up-to-date on security patches will help keep Windows NT-family operating systems safe.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]

Topic A: After the extended economic downturn, we need to create a new vision for the organization. How do we do that?

Our advice: An organization's vision should communicate what the organization wants to be, to both internal and external audiences.

A vision is a statement of self-worth. Its purpose is not only to motivate employees to take meaningful action, but to give leadership a standard for monitoring progress. It also tells external audiences how your organization wishes to be viewed.

A successful vision is dependent upon:

  • The vision process
  • Content
  • Communications
  • Monitoring

Here are some things to consider about each step:

Vision-Development Process

  • Let the business drive the vision.

  • Involve all stakeholders in its development; otherwise, they won't consider it theirs.

  • Assign responsibility so that it's clear how each person, including each stakeholder, can contribute.

  • Seek expert facilitation to reach a vision supported by all.

  • Revise and reiterate; you'll likely go through multiple iterations before you're satisfied.


  • Start from where you are to get to where you want to go.

  • Build in the values of the organization: Every organization has a soul. Tap into yours, and adjust as needed. A vision built on your values will not just hold promise but also deliver on it.

  • Build on the core competencies of the organization: A vision is useless if it can't be put into operation. This requires recognition of your organization's strengths and weaknesses.

  • Factor in your style: A vision must reflect the leader's style. You can't sustain action that goes against it.

  • Make it visual: A picture is worth a thousand words.

  • Make it simple to understand: Complex language and disconnected statements have little impact--people can't implement what they don't understand.

  • Make it achievable: A vision is an organization's dream for the future. Unachievable goals discourage people.

  • Phase it in: Reach for the sky--in stages.

  • Make it actionable: If it's too abstract, no one knows what to do next.

  • Communicate often: Internal communications are the key to success. People need to see the vision, identify with it, and know that leadership is serious about it.

  • Create messages that relate to the audience: To adopt a vision, people must see how they can achieve it, and what's in it for them.

  • Create messages that inspire action: It's not what you say, but how you say it.


  • Identify key milestones: While traveling to your destination, acknowledge the milestones along the way.

  • Monitor your progress: A strategic audit, combined with key metrics, can be used to measure progress against goals and objectives.

  • Use external audit team: An external team brings objectivity, plus a fresh perspective.

The timing is right for a new vision, one that will reinvigorate and imbue optimism in your organization. But remember, no matter how idealistic it is, it also must be realistic.

-- Sourabh Hajela

Topic B: In the past 10 years, E-mail has become the dominant business messaging medium, but not without problems (e.g., spam). Looking forward, what technologies should we adopt for business messaging?

Our advice: Don't look now, but your staff may have already made the decision for you. Check out what your employees are using these days to communicate; you might be surprised to find that E-mail is no longer the medium of choice in many companies. The flood of E-mail has become so overwhelming that many have switched to communicating using instant messaging, integrated tools (Microsoft Exchange/Outlook, Lotus Domino/Notes) and various wireless-based systems.

Related Links

Instant Messaging Takes Off in Bond Market

Wireless and the Instant Enterprise Instant Messaging

PDAs (personal digital assistants) and IM (instant messaging) have become the major communication tools of the IT staff even in small companies. IM is cheap, fast, and easy. And nobody cares if you can't spell or write well! Its disadvantages, however, are weak security, little or no control or accountability over the content, and hogging of network bandwidth. So, you need to match your industry-specific needs for accountability, traceability, and data security, with your budget and tolerance for emerging technologies. Here are a few items to think about to ensure a good match with your company's needs:

  • How much protection is needed for the data being communicated? For example, the health-care industry is struggling to reconcile the ease of using wireless PDAs, and the Health Insurance Portability & Accountability Act's requirements for the protection of sensitive patient data.
  • Do you need to track and archive communications, be they internal or external? Then E-mail, newsgroups, and other methods that automatically create archives are a better choice for you.
  • Are cost and computer resources an issue? There's no doubt that IM and Internet conferencing can be network bandwidth hogs, but as SMS (short message service) and other technologies designed for the constraints of cell and WAN (wide-area network) distribution become more popular, this will become less of an issue.
  • Since IT people are frequently early adopters of new technologies long before the rest of the business catches up, they can be a bellwether for where messaging technology is headed. Then, as the technologies mature, you'll be prepared to deploy the ones appropriate for your company.

    -- Beth Cohen

    Topic C: What actions should Microsoft Windows users take to address its well-publicized security issues?

    Our advice: From a fundamental, architectural perspective, the Windows NT family (NT, 2000, XP, 2003) is as sound as any other generally available operating system. In contrast, the MS-DOS-based versions of Windows (95, 98, ME) are fundamentally flawed, and shouldn't be used in any environment where security is a concern.

    Coding bugs, especially stack-buffer overflow bugs, have been a serious problem with Windows. The only way to deal with them is to install Microsoft's security patches promptly upon release. After testing with their own applications, Windows administrators should install the latest Service Packs for their respective Windows versions, as well as any subsequent security patches. Windows administrators also should subscribe to the Microsoft Security Notification Service.

    Related Links

    Microsoft Security Notification Service (Microsoft Passport required)

    Microsoft Baseline Security Analyzer

    Bragg, Roberta, Windows 2000 Security, New Riders Publishing, 2000.

    Ill-considered "features," especially some ease-of-use features, have been an Achilles' heel for Windows and its applications. For example, as originally released, both Microsoft Office 97 and 2000 permitted users to inadvertently run a virus by just previewing an infected E-mail. Depending on the user's privileges, this could damage the entire system. These holes have long since been fixed with security patches. And as with the operating system, keeping up-to-date on application security patches is essential.

    Inappropriate defaults are another problematic artifact of Microsoft's attempts at "ease-of-use." Systems that retain these default settings are particularly vulnerable to hackers and viruses. The Microsoft Baseline Security Analyzer tool enables an administrator to check for inappropriate default settings on all the NT-family systems on a network.

    Although not a problem with the operating system per se, another reason for Windows' poor security reputation is that it's more likely than other operating systems to be installed and configured by people untrained in basic IT-security practices. Combined with inappropriate defaults, this can lead to untrusted users having access to far more information, and therefore having more ability to cause damage, than they should. This problem can be solved by ensuring that all Windows administrators have appropriate security training and job-performance metrics.

    Because so many systems run Windows, it's the most popular target of hackers and viruses. Nonetheless, we don't believe that it's necessary or appropriate for Windows users to undertake the effort, disruption, and expense of moving to another operating system for reasons of security. Properly managed and maintained, Windows 2000, XP, and 2003 are as secure as Linux or other operating systems.

    -- Peter Schay

    Sourabh Hajela, TAC Expert, has more than 15 years of experience in strategy, planning, and delivery of IT capability to maximize shareholder value for corporations in major industries across North America, Europe, and Asia. He is a member of the faculty at the University of Phoenix, where he teaches courses in strategy, marketing, E-business and leadership. Most recently, he was VP and the head of E-business with Prudential Financial.

    Beth Cohen, TAC Thought Leader, has more than 20 years of experience building strong IT delivery organizations from both user and vendor perspectives. Having worked as a technologist for BBN, the company that literally invented the Internet, she not only knows where technology is today but where it's heading in the future.

    Peter Schay, TAC executive VP and chief operating officer, has 30 years of experience as a senior IT executive in both IT vendor and research industries. He was most recently VP and chief technology officer of SiteShell Corp. Previously at Gartner, he was group VP of global research infrastructure and support, and launched coverage of client/server computing in the early 1990s.

    We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Email This  | 
    Print  | 
    More Insights
    Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service