The Dark Side of Digital

 Four years ago, I wrote reflecting on my 50 years in IT, and the pursuit of value from the use of IT. I described the changes that had occurred over that time since I started my working life as a computer operator on an IBM 1401, which had a (not really published as such) processing speed close to 10 million times slower than today’s (2013) microprocessors, 8k of storage (later upgraded, with an additional unit, to 16k), no solid state/hard drive, displays or communication capability, and no operating system (that was me!). Weighing in at around 4 tons, it needed a fully air conditioned room, with a raised floor, approximately twice the size of my living room.

I described how my world in 2013 compared with that time. I had powerful technology in my small home office, wirelessly connected within my house, and to the world beyond through the internet. I had access to an ever-growing body of knowledge that could answer almost any question I had, and which enabled me to manage my banking, pay bills, check medical lab test results, organize travel, shop, read books, listen to music, watch videos, play games, organize, edit and enhance photographs and videos, and a myriad of other tasks.

I went on to describe how, beyond my individual world, at the enterprise level, the technology model is changing from computing – the technology in and of itself, to consumption – how individuals and organizations use technology in ways that can create value for them and, in the case of organizations, their stakeholders. I discussed the extent to which technology, and how it was being used, was continuing to change, at an ever-increasing rate, including:

  • increasing adoption of the Cloud;
  • Software (and just about anything else) as a Service; the explosion of “Big Data”, and, along with it, analytics and data visualization;
  • mobility, consumerization and BYOD which fundamentally changes how, where and when we interact with technology and access information;
  • the ”internet of things” (IOT) bringing with it unprecedented challenges in security, data privacy, safety, governance and trust; and
  • robotics and algorithmic computing which have considerable potential to change the nature of work.

I closed by talking about what hadn’t changed, and what needed to change. Putting my value lens on, I lamented that, then, 15 years since The Information Paradox, in which I described the challenge of getting value from so called “IT projects”, was first published, the track record remained dismal, and realizing the value promised by IT remained elusive. I attributed this situation to several factors, the primary ones being:

  • a continued, often blind focus on the technology itself, rather than the change – increasingly significant and complex change – that technology both shapes and enables;
  • the unwillingness of business leaders to get engaged in, and take ownership of this change – electing to abdicate their accountability to the IT function; and
  • failure to inclusively and continually involve the stakeholders affected by the change, without whose understanding and “buy in” failure is pretty much a foregone

 

What a difference four years makes

OK – that’s (probably more than) enough of a recap – I’m now going to fast forward some 4 years (a lifetime in the digital world) to today, 2017. While the challenge of creating and sustaining value from our use of technology described above is still real, our failure to address it, along with an almost total failure of leadership – technical, business and government leadership, have brought us into an increasingly dark place – one that I think few of us saw coming, certainly not unfolding as it is. I call this place “the Dark Side of Digital”. I alluded to it in 2013 in discussing IOT, robotics and algorithmic computing, when I said that they brought with them “unprecedented challenges in security, data privacy, safety, governance and trust…(and) have considerable potential to change the nature of work” – I would now revise and add to the latter saying “…have considerable potential to fundamentally impact the future of work and, indeed, the future of society”.

The elements of this dark side fall into three main categories:

  1. Cybersecurity: This is the most traditional category – one that, albeit not so- named, has been with us since the advent of computers, when cards, tapes or
    other media could be lost/stolen. However, as our connectedness continues to increase, so does our susceptibility to cybersecurity attacks, with a growing number of such threats arising out of machine-to-machine learning and the Internet of Things. There are nearly 7 billion connected devices being used this year, but this is expected to jump to a whopping 20 billion over the next four years. Most cybercriminals are now operating with increasing levels of skill and professionalism. As a result, the adverse effects of cyber-breaches, -hacks, or –attacks, including the use of ransomware and phishing continue to escalate resulting in increased physical loss and theft of media, eroding competitive advantage and shareholder value, and severely damaging reputations. More severe attacks have the capacity to disrupt regular business operations and governmental functions severely. Such incidents may result in the temporary outage of critical services and the compromise of sensitive data. In the case of nation-state supported actors, their attacks have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended
  1. The Future of Work: The fear that technology will eliminate jobs has been with us pretty much since the advent of the first commercial computers, but, until the last few years, the argument that new jobs will appear to replace the old has largely held true. Now however, the revolutionary pace and breadth of technological change is such that we are experiencing a situation in which, as recently described by the Governor of the Bank of England, Mark Carney.

“Alongside great benefits, every technological revolution mercilessly destroys jobs & livelihoods well before new ones emerge.”

Early AI and IOT systems are already augmenting human work and changing management structures across labor sectors. We are already seeing, and can expect to continue to see uneven distribution of the of AI impact across sectors, job types, wage levels, skills and education. It’s very hard to predict which jobs will be most affected by AI-driven automation.

While, traditionally, low-skill jobs have been at the greatest risk of replacement from automation, as Stephen Hawking says, the “rise of artificial intelligence is likely to extend job destruction deep into the middle classes, with only the most caring, creative or supervisory roles remaining.” He goes on to say that “we are at the most dangerous moment in the development of humanity”.

  1. The Future of Society: On the societal front, a paradigm shift is underway in how we work and communicate, as well as how we express, inform and
    entertain ourselves. Equally, governments and institutions are being reshaped, as are systems of education, healthcare and transportation, among many others.

AI and automated decision making systems are often deployed as a background process, unknown and unseen by those they impact. Even when they are seen, they may provide assessments and guide decisions without being fully understood or evaluated. Visible or not, as AI systems proliferate through social domains, there are few established means to validate AI systems’ fairness, and to contest and rectify wrong or harmful decisions or impacts. Professional codes of ethics, where they exist, don’t currently reflect the social and economic complexities of deploying AI systems within critical social domains like healthcare, law enforcement, criminal justice, and labor. Similarly, technical curricula at major universities, while recently emphasizing ethics, rarely integrate these principles into their core training at a practical level[1]. As Mike Ananny and Taylor Owen said in a recent Globe and Mail article[2], there is “a troubling disconnect between the rapid development of AI technologies and the static nature of our governance institutions. It is difficult to imagine how governments will regulate the social implications of an AI that adapts in real time, based on flows of data that technologists don’t foresee or understand. It is equally challenging for governments to design safeguards that anticipate human-machine action, and that can trace consequences across multiple systems, data-sets, and institutions.” This disconnect is further adding to the erosion of trust in our institutions that we have been seeing over several decades.

Adding to the threats to society is the proliferation of internet and social media. In a world where we can all be publishers, we see shades of Orwell’s 1984 in a post-truth word of alternate facts, and fake news. Rather than becoming a more open and collaborative society, we see society fracturing into siloed echo- chambers of alternate-reality, built on confirmation bias, and fed by self-serving populist leaders, posing dangerously simplistic solutions – sometimes in tweets of 140 characters or less – to poorly understood and increasingly complex issues.

 

So, what do we need to do?

The complexity of these challenges, and their interconnectedness across sectors make it a critical responsibility of all stakeholders of global society – governments, business, academia, and civil society – to work together to better understand the emerging trends.

If business leaders expect to harness the latest technology advances to the benefit of their customers, business and society at large, there are two primary challenges they need to address now.

  1. As companies amass vast amounts of personal data used to develop products and services, they must own the responsibility for the ethical use and security of that information. Ethical and security guidelines for how data is collected, controlled and ultimately used are of paramount concern to customers, and rightfully so. To gain the trust of customers, companies must be transparent and prove they employ strong ethical guidelines and security standards.
  1. It is incumbent on organizations to act responsibly toward their employees and make it possible for them to succeed in the rapidly changing work environment. That means clearly defining the company vision and strategies, enabling shifting roles through specialized training, and redefining processes to empower people to innovate and implement new ways of doing business to successfully navigate this new and ever-changing

As a society, if we are to avoid sleepwalking into a dystopian future, as described in 2013 by internet pioneer Nico Mele as one “inconsistent with the hard-won democratic values on which our modern society is based… a chaotic, uncontrollable, and potentially even catastrophic future”, we must recognize that technology is not destiny – institutions and policies are critical. Policy plays a large role in shaping the direction and effects of technological change. “Given appropriate attention and the right policy and institutional responses, advanced automation can be compatible with productivity, high levels of employment, and more broadly shared prosperity.”

The challenge is eloquently described by WEF founder and executive chairman, Dr. Klaus Schwab.

“Shaping the fourth industrial revolution to ensure that it is empowering and human- centred, rather than divisive and dehumanizing, is not a task for any single stakeholder or sector or for any one region, industry or culture. The fundamental and global nature of this revolution means it will affect and be influenced by all countries, economies, sectors and people. It is, therefore, critical that we invest attention and energy in multi- stakeholder cooperation across academic, social, political, national and industry boundaries. These interactions and collaborations are needed to create positive, common and hope- filled narratives, enabling individuals and groups from all parts of the world to participate in, and benefit from, the ongoing transformations.”

 

A call to action!

We need, as Dr. Schwab goes on to say, to “…take dramatic technological change as an invitation to reflect about who we are and how we see the world. The more we think about how to harness the technology revolution, the more we will examine ourselves and the underlying social models that these technologies embody and enable, and the more we will have an opportunity to shape the revolution in a manner that improves the state of the world.”[3]

We cannot wait for “them” to do this – as individuals, we can and must all play a leadership role as advocates in our organizations and communities to increase the awareness and understanding of the changes ahead, and to shape those changes such that, as Dr. Schwab says, they are empowering and human-centred, rather than divisive and dehumanizing.

[1] Source: The AI Now Report, The Social and Economic Implications of Artificial Intelligence Technologies in the Near-Term, A summary of the AI Now public symposium, hosted by the White House and New York University’s Information Law Institute, July 7th, 20

[2] Ethics and governance are getting lost in the AI frenzy, The Globe and Mail, March 20, 2017

[3] Source: The Fourth Industrial Revolution: Risks and Benefits, Wall Street Journal, Feb 24, 2017

Digital Leadership – Much More Than IT Leadership

There has been much discussion of late on who should be responsible for “digitization”. The role of the CIO is being continually questioned, particularly as it relates to the CMO, and. a new position, the CDO, is appearing. And, of course, let’s not forget the CTO. A recent post by Michael Krigsman describing Intel’s IT leadership and transformation pyramid got me thinking yet again about this. The pyramid, shown below, is a brilliantly simple depiction of how digital leadership must evolve (in my words) from an operational “factory” to a business partner to a transformational leader.

 

intel-it-transformation-pyramid

As Michael Krigsman says, “The pyramid reflects the complex reality of IT / business relationships and the need for IT to deliver at multiple levels simultaneously.” This reminded me of discussions I had in New York last month at the Innovation Value Institute (IVI) Spring Summit around their IT Capability Maturity Framework (IT-CMF). The discussion centred around the digital economy, and the fact that organizations are taking an increasingly business-centric view of IT, with the focus shifting from the delivery of the “T” to the use of the “I”. That technology itself, how technology is delivered, how it is used, and by whom are changing at an ever-increasing rate. And that this is blurring the roles and responsibilities of IT and the Business functions, and giving rise to a fundamental rethinking of how IT, and it’s delivery and use is governed and managed, and the capabilities that are required to ensure and assure that the use of technology contributes to creating and sustaining business value.

In an earlier post, The Digital Economy and the IT Value Standoff, I reiterated my long-leld view that the business change that IT both shapes and enables must be owned by business leaders, and they must accept accountability, and be held accountable for creating and sustaining business value from that change. This cannot be abdicated to the IT function. Yet today, in all too many cases, we have a stand-off where the business doesn’t want to take ownership, and the IT function doesn’t know how, or doesn’t want to give up control.

The key question that arose from the Summit discussion was “Why can’t we get our business leadership engaged in this discussion?” Certainly not a new question – how to do so was essentially the underlying theme of The Information Paradox when it was first published back in 1998. The answer to the question, going back to the leadership pyramid, is that the IT organization has to achieve operational excellence before it can start to change the conversation from bottom-up delivery of technology to top-down value from business change. This requires a maturity level of around 2.5, where 5 is the highest maturity – most organizations are still not yet at this level, most being somewhere between 1 and 2.

So, what does this mean for the CIO? Much has been written about CIOs themselves having to transform to fulfil the 3 leadership roles of the pyramid – running the factory, partnering with the business for value, and strategic transformational leadership. There is no doubt that all these roles are required – but is it reasonable, or necessary to expect that they will be found in one individual. Certainly, there are CIOs who have stepped up to the plate, but many more that haven’t, and possibly cannot.  Professor Joe Peppard at the  European School of Technology and Management in Berlin has put many hundreds of participants through an IT leadership program. He describes in a recent article how, using Myers Briggs typing, he has found that 70% of CIOs fall into one particular type: ISTJs (Introversion, Sensing, Thinking, Judging). Further, along the dimension of where they get their energy, 85% have a preference for introversion. In terms of moving up the pyramid, the very things that may contribute to success in their technology role, can be what leads to downfall in a business leadership position. Even where an individual does have the ability to handle all 3 levels, the day-to-day operational demands all too often leave little time for the other 2 levels. Demands that, while they will definitely change with the advent of the cloud and “everything as a service”, will not go away.

The real issue here is not so much, as Michael Krigsman says, “the need for IT to deliver at multiple levels simultaneously”, but understanding the range of digital leadership capabilities and responsibilities required in the digital economy, and where they should reside. The answer is not as simple as renaming the CIO position, getting a new CIO, or appointing a few new CXOs. It requires recognizing that digitization cuts across organizational silos, and across all levels of organizations.. It will take digital literacy and collaboration across the C-suite to ensure that their organization has, as EY’s David Nichols said in a recent CIO Insight interview, “an integrated and holistic plan to really leverage digital”. It will also require recognizing that the digital economy both enables and requires a different view of leadership. As Sally Helgesen said in a recent post, “‘Leadership’ isn’t Just for Leaders Anymore”, leadership no longer, or should no longer equate with positional power and has, or should become broadly distributed.

If organizations are to succeed in the digital economy, they cannot constrain themselves to the knowledge of a few individuals – to put it a more brutal way, they cannot be constrained by the habits or ego(s) of their leader(s)! Organisations must tap into the collective knowledge of all their people. We need effective governance that reaches out to and involves key stakeholders – retaining appropriate accountability, based on the law of subsidiarity – an organizing principle that matters ought to be handled by the smallest, lowest or least centralized competent authority. This means locating accountability and decision-making at the most appropriate level, while supporting decisions with broader and more knowledgeable input.

As a former colleague of mine, Don Tapscott,  has said for decades “Leadership can come from anywhere”. For organizations to survive and thrive in the digital economy, this is not an option!

Transforming governance and leadership for the digital economy

The digital economy

DE
The digital economy is not primarily about technology, nor is it just about the economy. Yes, it is being shaped and enabled by increasingly significant and rapid technological change. And, yes, it will have significant economic impact. But it is much more than that. It is part of a broader digital revolution. One in which, as in the case of the industrial revolution, we will see seismic shifts not just in technology, but in the nature of our lives, our work, our enterprises – large and small, public and private, and our societies. A shift that will not just change the nature of products and services, and how they are developed and delivered, but also how we govern and manage our lives, work, enterprises and societies.

Technology is becoming embedded in everything we as individuals, enterprises and societies do, and, indeed, we are increasingly becoming embedded in everything technology does. If we are to deliver on the promise of the digital revolution, we have to acknowledge that the way we have governed and managed IT in the past has proven woefully inadequate, and that continuing on this path will be a huge impediment to delivering on that promise. Governance of IT has been a subject of much discussion over the last two decades. Unfortunately, most of the discussion has focused on the technology, the cost of technology, failed IT projects, and generally questioning the value that technology and the IT function deliver to the enterprise. Despite all this discussion, not much has materially or broadly changed over the last 50 years, including:
• An all too often blind focus on the technology itself, rather than the change – increasingly significant and complex change – that technology both shapes and enables;
• The unwillingness of business leaders to get engaged in, and take ownership of this change – preferring to abdicate their accountability to the IT function;
• Failure to inclusively involve the stakeholders affected by the change, without whose knowledge, understanding and “buy in” failure is pretty much a foregone conclusion;
• A lack of rigour at the front-end of an investment decision, including, what is almost universally a totally ineffective business case process;
• Not actively managing for value; and
• Not managing the journey beyond the initial investment decision.

We still have what is predominately a “culture of delivery” – “build it and they will come”, rather than a “culture of value” – one that focuses on creating and sustaining value from an organization’s investments and assets.

We have been having the wrong conversation – we need to change that conversation!

Governance of “IT”

GovernanceTreating IT governance as something separate from overall enterprise governance, labeling and managing investments in IT-enabled business change as IT projects, and abdicating accountability to the CIO are the root cause of the failure of so many to generate the expected payoff. Business value does not come from technology alone – technology in and of itself is simply a cost. Business value comes from the business change that technology both shapes and enables. Change of which technology is only one part – and increasingly only a small part. Technology only contributes to business value when complementary changes are made to the business – including increasingly complex changes to the organizational culture, the business model, and the operating model, as well as to relationships with customers and suppliers, business processes and work practices, staff skills and competencies, reward systems, organizational structures, physical facilities etc. Ultimately, it is people’s intelligent and innovative use of the information captured, organized, distributed, visualized and communicated by technology that creates and sustains value. This is not a technology issue – it is a business issue.

Much of the discussion around the digital economy today is on improving the customer experience – as indeed it should be, although we have been saying the same for decades with, at best, mixed success. We will come nowhere close to achieving this unless we put equal focus on our people, and rethinking how we govern, manage and organize for the digital economy such that we maximize the return on our information and our people.

Surviving and thriving in the digital economy is not an IT governance issue, it is an enterprise governance issue. Successfully navigating the digital economy requires that we change how we govern, lead and manage our enterprises – including, but certainly not limited to IT.

What needs to change?

ChangeIn work I have been doing with Professor Joe Peppard at the European School of Management and Technology in Berlin, we have identified 8 things that business leaders, starting with the CEO, need to do. These are:
1. Don’t see IT as something separate from your core business – technology today is embedded in, and an integral part of most, if not all parts of your business processes.
2. Don’t focus on the technology alone – focus on the value that can be created and sustained through the business change that technology both shapes and enables.
3. Do recognize that you are ultimately accountable for the overall value created by all business change investments – and ensuring that accountability for the realisation of business benefits anticipated from each investment is appropriately delegated to, and accepted by, other executives and managers.
4. Do demand rigorous analysis of every proposed business change investment, whether or not IT is involved. Ensure that you and your team know and can clearly define expected outcomes, that there is a clear understanding of how value is going to be achieved, that all relevant stakeholders have bought in to the required changes, and that they are capable of making or absorbing them and delivering on the expected outcomes.
5. Do recognize that the business case is the most powerful tool that you have at your disposal to manage business change investments – insist on complete and comprehensive business cases, including desired outcomes, benefits, costs and risks, and clear explanation of how each benefit will be achieved with unambiguously assigned accountabilities, supported by relevant metrics.
6. Do recognize that benefits don’t just happen and rarely happen according to plan – outcomes and plans will change – don’t think business case approval is the end of the story. Mandate that the business case be used as the key operational tool to “manage the journey”, updated to reflect relevant changes, and regularly reviewed.
7. Do know if and when it’s time to stop throwing good money after bad, or when there are better uses for the money and “pull the plug.”
8. If your CIO doesn’t “get” the above points, and hasn’t already been talking to you about them, get one who does and will!

Enterprise governance must evolve beyond a model rooted in a culture of delivery (of technical capabilities) to one based on a culture of value – creating and sustaining value from investments and assets. In the context of IT, this means recognizing that we are no longer dealing with “IT projects”, but with increasingly complex programmes of organizational change.

Leadership

LeadershipThe most important aspect of governance is leadership. Effective governance in the digital economy requires that leaders truly lead – moving beyond tactical leadership to strategic and transformational leadership. Understanding and taking ownership of the organizational, cultural and behavioural change that will be required to succeed in the digital economy – change that starts with the leaders themselves. We also need to get away from the cult of the leader to a culture of pervasive leadership. As Joel Kurtzman says in his book, Common Purpose, leaders need to move beyond the traditional “command and control” model to establishing a ”common purpose” and creating a “feeling of ‘we’ among the members of their group, team or organization”. This will require leaders who can “park”, or at least manage their egos, break down silos, and really engage with and empower all employees – fostering leadership across and at all levels in the organization. It will also require a dynamic, sense and respond approach to enterprise governance – one that is focused on value, while balancing rigour with agility. Only then will the full potential value of IT-enabled change in the digital economy be realized. The technology exists to support this today – what is lacking is the leadership mindset, will and capability make the change.

There is certainly not for a lack of proven value management practices. Since The Information Paradox was published, there has been an ever-growing proliferation of books, frameworks, methods, techniques and tools around the topic. The issue is the lack of serious and sustained adoption of them. The real challenge is one of overcoming the “knowing – doing gap”, as described by Jeffrey Pfeffer and Robert Sutton in their book of the same name. We know what to do, and the knowledge is available on how to do it. Yet, so far, there has simply been little or no appetite for, or commitment to the behavioural change required to get it done, and stick with it. This has to change!

As I said in my previous post, this will not be easy to do – very little involving organization, people and power is. However, the cost in money wasted and, more importantly, benefits and value lost, eroded or destroyed is appalling. It’s way past time to move beyond word to action. For enterprises to survive, let alone thrive in the digital economy, and for the potential individual, community and societal benefits of the digital economy to be realized, the status quo is not an option! To quote General Erik Shinseki, a former Chief of Staff of the US Army, “If you don’t like change, you’re going to like irrelevance even less!“

The Digital Economy and the IT Value Standoff

The emerging  digital economy, and the promise and challenges that it brings, including the need to shift focus beyond reducing cost to creating value, are adding fuel to the seemingly never-ending discussion about the role of the IT function, and the CIO.  There is questioning of the very need for and/or name of the position, and the function they lead. Discussions around the need for a CDO, the so-called battle between the CMO and the CIO for the “IT budget”, and other similar topics proliferate ad nauseam. Unfortunately, most, although not all of these discussions appear to be about the technology itself, along with associated budgets power and egos, within a traditional siloed organizational context. This akin to shuffling the deck chairs on the Titanic, or putting lipstick on a pig – it’s way past time for that!  As technology becomes embedded in and across everything we do, and we are increasingly becoming embedded in everything technology does, we have to acknowledge that the way we have managed technology in the past will be a huge impediment to delivering on the promise of the Digital Economy. Indeed, it has proven woefully inadequate to deliver on the promise of technology for decades.

Recent illustrations of this include failed, or significantly challenged healthcare projects in the U.S., Australia, and the U.K.as well as disastrous payroll implementations in Queensland, New Zealand and California (you would really think that we should be able to get payroll right). And this situation is certainly not unique to the public sector, although these tend to be more visible. In the private sector, a large number of organizations continue to experience similar problems, particularly around large, complicated ERP, CRM and Supply Chain systems.

All too often, these situations are described as “IT project” failures. In most cases, while there may have been some technology issues, this is rubbish. As I and others have said many times before, the ubiquitous use of the term “IT project” is a symptom of the root cause of the problem. Labelling and managing investments in IT-enabled business change, as IT projects, and abdicating accountability to the CIO is a root cause of the failure of so many to generate the expected payoff. Business value does not come from technology alone – in fact, technology in and of itself is simply a cost. Business value comes from the business change that technology increasingly shapes and enables. Change of which technology is only one part – and increasingly often only a small part. Technology only contributes to business value when complementary changes are made to the business – including increasingly complex changes to the organizational culture, the business model, and the the operating model, as well as to  relationships with customers and suppliers, business processes and work practices, staff skills and competencies, reward systems, organizational structures, physical facilities etc.

From my many previous rants about our failure to unlock the real value of IT-enabled change, regular visitors to this blog will know that I am particularly hard on non-IT business leaders, starting with Boards and CEOs, for not stepping up to the plate. When it comes to IT, the rest of the business, from the executive leadership down, has expected the IT function to deliver what they ask for, assuming little or no responsibility themselves, until it came time to assign blame when the technology didn’t do what they had hoped for. The business change that IT both shapes and enables must be owned by business leaders, and they must accept accountability, and be held accountable for creating and sustaining business value from that change. This cannot be abdicated to the IT function.

However, having spent quite a lot of time over the last few months speaking with CIOs and other IT managers, it has been brought home to me that some, possibly many of them are just as much at fault. There appear to be a number of different scenarios, including CIOs who:

  1. “Get it” and are already seen as a valued member of the executive team, providing leadership in the emerging digital economy;
  2. “Get it”, but have been unable, and, in some cases,  given up trying to get the rest of the executive team to step up to the plate;
  3.  Sort of “get it”, but don’t know how to have the conversation with the executive team;
  4. May “get it”, but are quite happy to remain  passive “order-takers”; or
  5. Don’t “get it”, still believing that IT is the answer to the world’s problems, and don’t want to “give up control”.

The result, in all too many cases, is a stand-off where the business doesn’t want to take ownership, and the IT function doesn’t know how, or doesn’t want to give up control. As Jonathan Feldman said in a recent InformationWeek post, “..enterprise IT, like government IT, believes in the big lie of total control. The thought process goes: If something lives in our datacenter and it’s supplied by our current suppliers, all will be well…my observation is that the datacenter unions at enterprises want “the cloud” to look exactly like what they have today, factored for infrastructure staff’s convenience, not the rest of the supply chain’s.” Until this standoff is resolved, the “train wrecks” will continue, and we will continue to fail to come anywhere near realizing the full economic, social and individual value that can be delivered from IT-enabled change.

At the root of all this is what I described in an earlier post as The real alignment challenge – a serious mis-alignment between enterprises whose leaders have an ecosystem mindset, and adopt mechanistic solutions to change what are becoming increasingly complex organisms. But it’s also more than this – in a recent strategy+business recent post, Susan Cramm talked about “the inability of large organizations to reshape their values, distribution of power, skills, processes, and jobs”. The sad fact is that, as organizations get bigger, an increasing amount of attention is spent looking inward, playing the “organizational game”, with inadequate attention paid to the organizations raison d’être, their customers, or their employees. As Tom Waterman said, “eventually, time, size and success results in something that doesn’t quite work.” Increasingly today, it results in something that is, or will soon be quite broken.

Most of the focus of the conversation about the digital economy today is on improving the customer experience, as indeed it should be – although we have been saying the same for decades with, at best, mixed success. We will come nowhere close to  achieving that success unless we put equal focus on our people, and rethinking how we govern, manage and organize for the digital economy such that we maximize the return on our information and our people.

This will require that leaders truly lead – moving beyond tactical leadership, aka managing, to strategic and transformational leadership. That we move from a cult of individual leadership – “the leader”, to a culture of pervasive leadership – enabling and truly empowering leadership throughout the organization- putting meaning to that much-abused term “empowerment”. That we break the competitive, hierarchical, siloed view and move to a more collaborative, organic  enterprise-wide view. The technology exists to support this today – what is lacking is the leadership mindset, will and capability make the change. As Ron Ashkenas said in a 2013 HBR blog – “The content of change management is reasonably correct, but the managerial capacity to implement it has been woefully underdeveloped”.

I am not saying that this will be easy easy to do – it isn’t, very little involving organization, people and power is. And somehow, throwing in technology seems to elevate complexity to a new dimension. And we certainly don’t make it any easier with the ever-growing proliferation of books, frameworks, methods, techniques and tools around the topic. Many of which have evolved out of the IT world, and are, as a result, while intellectually correct, often over-engineered and bewilderingly complex to executives and business managers who need to “get this”.

So, let’s get back to the basics – governance is about what decisions need to be made, who gets to make them, how they are made and the supporting management processes, structures, information and tools to ensure that it is effectively implemented, complied with, and is achieving the desired levels of performance. It’s not about process for process sake, analysis paralysis, endless meetings, or stifling bureaucracy – it’s about making better decisions by finding the right balance between intellectual rigour and individual judgement. In a previous post, Back to the Basics – the Four “Ares” I introduced the four questions that should be the foundation for that decision-making:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

A common reaction to the four “ares” is that they are common sense. Indeed they are, but, unfortunately, they are far from common practice! if business leadership to move beyond words in addressing the challenge of creating and sustaining value from investments in enterprise computing, social media, mobility, big data and analytics, the cloud etc. emphasis must be placed on action—on engagement and involvement at every level of the enterprise,  with clearly defined structure, roles and accountabilities for all stakeholders related to creating and sustaining value. The four “ares” are a good place to start!

 

Reflections on 50 Years in IT- and the Pursuit of Value

SunriseIMG_2908It has been many months since my last post to this blog – the result of continued recuperation from last year’s surgery, involving a good amount of vacation travel, and a reduced work schedule.  Now however, with that all hopefully behind me, as I sit in my office looking out at the sunrise over beautiful Saanich Inlet, and the snow covered Vancouver Island mountains beyond, it seems as good a time as any to reflect on the fact that 2013 marks my 50th year working in, with and around technology. To think about what has changed, what is still changing, what hasn’t changed, and what has to change if we are to really unlock the potential value of our use of IT.

What has changed?

To cover all the changes that have occurred in 50 yrs would need a book, not a post, so suffice it to say that when I started working in 1963 for  C-E-I-R (UK) Ltd., 1401I was working with an IBM 1401, which had  a (not really published as such) processing speed  close to 10 million times slower than today’s microprocessors, 8k of storage (later upgraded, with an additional unit, to 16k), no solid state/hard drive, displays or communication capability, and no operating system (that was me!). Weighing in at around 4 tons, it needed a fully air conditioned room, with a raised floor, approximately twice the size of my living room.

Today, in my home office, I have a (now pretty old) MacBook Air with 256GB of storage, an iPad with 32 GB and an iPhone with 64 GB (I’m still not sure why I did that), and a number of printers all wirelessly connected within my house and to the world beyond through the internet. I have access to an ever growing body of knowledge that can answer almost any question I have, and, generally free through Skype, to anyone in the world I want to talk to (and see). I can manage my banking, pay bills, check my medical lab test results, organize my travel, shop, read books, listen to music, watch videos, play games, organize, edit and enhance my photographs and videos, and a myriad of other tasks. And, I can do the same from almost anywhere  – including from a lanai in Hawaii, a stateroom (we used to call them cabins) on a cruise ship or, unfortunately, now a airplane. And, of course, this doesn’t include all the other computing power in the house,  our security system, appliances, watches, cameras, cars, etc. but you get the picture. And I’m just one guy!

At the enterprise level, we have experienced extraordinary advances in computing power, storage and communications capabilities, and how we interface and interact with all this. Technology is now no longer a “black box” – it is embedded in almost all business processes, and in everything that we do. As described in a recent blog by Mark McDonald of Gartner, the technology model is changing from computing – the technology in and of itself, to consumption – how individuals and organizations use technology in ways that can create value for them and, in the case of organizations, their stakeholders.

What’s still changing?

On the technology front – everything, and at an increasingly rapid pace. We are in the middle of what I first described in a January 2012 post as a “perfect storm” of technological change, including:

  • Increasing adoption of the Cloud, Software (and just about anything else) as a Service which is fundamentally changing the delivery model for technology – and business services and, as a result, leading to seemingly endless debate about the role of the IT function and the CIO as I discussed in a January, 2011 post;
  • The explosion of “Big Data”, and along with it analytics and data visualization – here, as described by Bryan Eisenberg in a recent post, it’s not the “big” that’s so important, although it is impressive and presents it’s own challenges, but rather the shift beyond analyzing samples of data to all the data, historical data to real-time data, and structured data to unstructured data. All of which with a cost structure for using these data tools has now made it more widely available and accessible to a greater number of organizations, regardless of size. Other implications/challenges here include the need to look beyond analytical tools themselves to the creation an environment where people are able to use their organization’s date and their knowledge to improve operational and strategic performance, as described by Joe Peppard and Donald Marchand in a recent HBR article, as well as the increasing personalization of data, and the question of “whose data is it?” as discussed by my son, Jer, in a 2011 TED talk.
  • Mobility, consumerization and BYOD which are fundamentally changing how, where and when we interact with technology and access information – as described by Mark McDonald of Gartner in his previously mentioned post on the technology model changing from computing to consumption;
  • The emerging ” internet of things” (TIOT) where everything talks to everything and which, as described by Andrew Rose of Forrester in a recent WIRED UK article, brings with it unprecedented challenges in security, data privacy, safety, governance and trust.; and
  • Robotics and algorithmic computing which have considerable potential to change the nature of work as described by Sharon Gaudin in a recent Computerworld article.

This is certainly not an exhaustive list – it doesn’t, for example, include 3D printing or wearable technology, both of which will also have significant impact, and it will certainly continue to change and be added to, but it does capture the main areas where change is occurring, and the essence and magnitude of that change.

What hasn’t changed?

Back in 1998, together with what was then DMR Consulting. later Fujitsu Consulting, I wrote The Information Paradox, which described the conflict between the widely held belief that investment in IT is a good thing, and the reality that this, all to often, it’s value cannot be demonstrated. The book’s main premise was that benefits do not come from technology itself, but from IT-enabled change, and that benefits do not just happen, nor do they happen according to plan – they need to be actively managed “from concept to cash”. It put forward the view that this was not a technology problem, but one that business leaders needed to own and step up to – that realizing the potential value of IT to organizations should be an imperative for all business managers. It proposed an approach, the Benefits Realization Approach, to enable them  to address the challenge of value. In the second version of the book, published in 2003,  an Afterword built on the Benefits Realization Approach to address the essence of overall organizational governance focused on enterprise value. (A good summary of the book can be found on Basil Wood’s bazpractice blog). Yet today, 15 years since The Information Paradox was first published, the track record of so called “IT projects” remains dismal, and realizing the value promised by IT remains elusive. Why is this? The answer lies in what has not materially or broadly changed over the last 5o years, including:

  1. A continued, often blind focus on the technology itself, rather than the change  – increasingly significant and complex change – that technology both shapes and enables (more on managing change in this post);
  2. The unwillingness of business leaders to get engaged in, and take ownership of this change – preferring to abdicate their accountability to the IT function (as discussed in this post);
  3. Failure to inclusively involve the stakeholders affected by the change, without whose understanding and “buy in” failure is pretty much a foregone conclusion;
  4. A lack of rigour at the front-end of an investment decision, including, what is almost universally  a totally ineffective business case process (as described in this post);
  5. Not actively managing for value; and
  6. Not managing the journey beyond the initial investment decision.

Overall, despite all that has been written and spoken about this challenge, and the growing number of frameworks, methodologies, techniques and tools that are available, we still have  what is predominately a “culture of delivery”  – “build it and they will come” – rather than a “culture of value”, one that focuses on creating and sustaining value from an organisation’s investments and assets. For more on this , see my recent APM UK paper on the topic.

What needs to change?

In work I have been doing with Joe Peppard, we have identified 8 things that business leaders, starting with the CEO, need to do. These are:

  1. Don’t see IT as something separate from your core business – technology today is embedded in, and an integral part of most, if not all parts of your business processes.
  2. Don’t focus on the technology alone – focus on the value that can be created and sustained through the business change that technology both shapes and enables.
  3. Do recognize that you are ultimately accountable for the overall value created by all business change investments – and ensuring that accountability for the realisation of business benefits anticipated from each investment is appropriately delegated to, and accepted by, other executives and managers.
  4. Do demand rigorous analysis of every proposed business change investment, whether or not IT is involved. Ensure that you and your team know and can clearly define expected outcomes – (value), that there is a clear understanding of how that value is going to be achieved, that all relevant stakeholders have bought in to the required changes, and that they are capable of making or absorbing them and delivering on the expected outcomes.
  5. Do recognize that the business case is the most powerful tool that you have at your disposal to manage business change investments – insist on complete and comprehensive business cases, including desired outcomes, benefits, costs and risks, and clear explanation of how each benefit will be achieved with unambiguously assigned accountabilities, supported by relevant metrics.
  6. Do recognize that benefits don’t just happen and rarely happen according to plan –outcomes and plans will change – don’t think business case approval is the end of the story. Mandate that the business case be used as the key operational tool to “manage the journey”, updated to reflect relevant changes, and regularly reviewed.
  7. Do know if and when it’s time to stop throwing good money after bad, or when there are better uses for the money and “pull the plug.”
  8. If your CIO doesn’t “get” the above points, and hasn’t already been talking to you about them, get one who does and will!

So, what is it going to take to make these changes happen? For myself, I am going to continue to try to make a difference – but more directly, and more directed. Since the initial publication of The Information Paradox, I have travelled the world presenting to, talking and working with many hundreds of organizations and tens of thousands of individuals. Some of the organizations have heeded these ideas, embraced  a value culture, and continue to thrive, many have taken some of the ideas across the organization, or all of the ideas in parts of the organization with some success, and others have tried but slipped back. There are many individuals who tell me that my ideas have changed their lives – sometimes resulting in success, in other cases simply greater frustration in that they understand what has to be done but can’t make it so. At the end of many presentations or discussions, I almost invariably get the same two comments. The first – “You’ve given us a lot to think about”, to which I always reply “Great, but what are you going to DO about it?”  The second comment, which in some ways answers my question – “My boss should have been here”. Getting the “boss” to come to listen to anything that has an IT label has been, and continues to be a challenge as I discussed in my last post. Where I and they have been successful, it is only when we have got the attention, understanding and commitment of of the Executive Team. It has become quite clear that without this commitment, the best we can do is tweak around the edges – and that is just not good enough.

So, it’s time to be more direct – getting this “right” is not an option for business leaders – it’s their job and they cannot be allowed to shirk it. The CEO, supported by the Board and Executive Management Team is accountable for ensuring that effective governance is in place around IT decision-making, with specific focus on value, as well as for the selection, oversight and optimisation of value from the portfolios of business change investments and assets. This should be a condition of employment, and grounds for immediate dismissal if they with fail to do so.

It’s also time to be more directed – to get the message directly to business leaders – a shareholder or taxpayer revolt would be a good idea, but, turning 70 next year,  I can’t wait for that. I will however be working to get in front of more boards, or organizations of directors, targeting articles to more business-oriented publications, presentations to more business-oriented events, and targeting presentations, seminars and workshops to business executives.

We can, and must all play our part in this. In my case, in addition to getting more active on this blog, I am currently working on articles in business journals, as well as executive briefings and workshops – I will be co-instructing one of these, Value Management Master Class: Enterprise Governance of IT for Executives and Senior Managers, with Peter Harrison from IBM at the University of Victoria in Wellington, NZ on April 11th & 12th. If you’re interested and live in the area, or would like to visit Wellington – a beautiful city, you might want to consider this opportunity, or – even better – encourage your bosses to do so.

 

2012 – A Perfect Storm in IT!

One consequence of a 3 month hiatus, forced initially by surgery and concluded more voluntarily with much needed relaxation in Hawaii, is that I have had time to actually read and digest much of the material that, all too often, I only have time to quickly scan – and then rarely get back to. Amongst all this material was a considerable amount of prognostication on 2012 trends. In many ways, little of this was new, but collectively, it does amount to a “perfect storm” that challenges the way we as individuals, societies, and enterprises – small and large, public and private, look at, use and manage technology, including both the demand and supply side and, probably most importantly, where they intersect. In this post, I will briefly discuss the elements of this “perfect storm”, add the one element that I find to be conspicuously missing from the dialogue, and discuss the implications of both.

  1. The “cloud” – the dream of the “information utility” has been around for decades, and now, with the “cloud”, while there are still significant governance, security and privacy issues to work through (some real, some “noise”),  this is now closer to being a reality.
  2. The data explosion, “big data” – I read recently that 90% of the data in the world today was created in the last 2 years – this exponential growth of data is creating both enormous challenges, and great opportunities – on the technology side, developments include the rise of Hadoop, and recent announcements of Dynamo DB from Amazon, and Big Data Appliance from  Oracle, as well as the growing need for new data visualization and “data scientist” skills.
  3. Analytics, particularly real-time analytics – some of the technologies mentioned above, and indeed those below, are fundamentally changing the analytics landscape. Huge amounts of data – structured or unstructured, can now be analyzed quickly, and data can increasingly be captured and analyzed in real time. The challenge here is to resist the temptation  to succumb to analysis paralysis – to know what information is both relevant and  important, what questions to ask, and to think ahead to what actions might need be taken as a result of based on the answers to these questions.
  4. Mobility – services can now be accessed, data captured, information found, and transactions performed from almost anywhere – other work locations, coffee shops, restaurants and bars, at home, in other countries, in taxis, trains or buses, on airplanes or even on a cruise ship – limitations of distance and time have been virtually eliminated. The challenge here, apart from the security and privacy issues that are common to most of these points,  is to be able to find the “off” button in an increasingly, always on, 24/7 world. On an individual basis we need to maintain a work-life balance, and from a business perspective, “burn out” seriously erodes the effectiveness and value of  their most critical resource – people.
  5. Consumerization, including BYOD and “app”s – while it could be argued that these 3 could each merit their own category, I have chosen to “lump” them together as, collectively, they represent a further significant shift from the traditional “technology push” world, with the IT function in a control mode as the gatekeeper, to the “user tool pull” world with IT, potentially – if they get it right, in a facilitation role as a service broker.
  6. Social Media – this is, to some extent, simply one “flavour” of the previous 2 elements, but a very significant one, with potentially huge implications. While much of the attention to date has been on controlling social media, enterprises are increasingly using it as a communication channel, and beyond that, to tap into it to find out what their customers, and employees are thinking. Here, one challenge/opportunity that I see how we can use social media to improve performance  by tapping into the collective knowledge within organizations – “crowd sourcing” input into decision-making and, as a result, making better-informed decisions, and having employees feel more connected with, and empowered by their organizations.

In all the discussion around the elements of this “perfect storm”, much if not most of the focus had been on the IT function needing to respond more quickly to deliver and/or support capabilities in these areas. There has been much less discussion of how the use of these technologies will be used to lead to positive outcomes – creating and/or sustaining  individual, societal and enterprise value – or of the changes that will be needed in the behaviour of individuals, societies and enterprises if that value is to be realized. If we as individuals and societies are not to become “the tools of our tools”, and enterprises are not to continue the increasingly expensive and value-destructive litany of IT failures, we need to shift our focus from the technology to how we manage and use the capabilities that the technologies provide to increase the value of our lives, our societies and our enterprises.

I don’t make these comments as a later day “luddite”,  rather my focus on value is driven by many decades of frustration at our being nowhere near to realizing the individual, societal and business value that intelligent and appropriate use of technology can create. We will not close that gap until we – as individuals, or leaders in society or business, take “ownership” of how we  use technology, based on the outcomes that are important to us, and the value that we seek to create and sustain! In the enterprise world, this has fundamental implications for the roles and accountabilities of business executives and line of business managers, and for the role of the IT function, as discussed in 2 earlier posts, The Future of IT, and Value from IT – There is a Better Way!

In closing, in the context of individual and societal value, 2 areas that I have long had an interest in, and that I will be watching closely this year are healthcare and education. While we shouldn’t expect seismic shifts in either to happen quickly – it’s just not the nature of the beasts, the ground is starting to move. In healthcare, much of this is driven by the funding crunch, with increase focus on eHealth, based largely on “meaningful use” of EHRs, as well as an increasing number of apps such as Phillips Vital Signs Camera for the iPad. In education, with some exceptions, it is still somewhat more of a grass roots movement, although Apple’s recent iBooks 2 and iTunesU announcements, and organizations such as Curriki may well be  changing this. What I believe we will see here, over time, is an evolution beyond eHealth and eLearning to iHealth, and iLearning, with individuals taking increasing “ownership” of their own health and education.

 

 

A Value-Driven Framework for Change

In an earlier post, The Future of IT, I mentioned the Strategic Governance Framework, introduced in the Afterword of the revised edition of The Information Paradox, and that over the next few months, I would be introducing this framework (which I now refer to as the Strategic Enterprise Governance Framework). Well, it has taken much longer than I had intended, but in this post, one that I must admit is somewhat drier than my usual posts, I introduce the Framework, and briefly describe each of the ten major elements that it comprises. In subsequent posts, I will describe the individual elements, and the relationships between them in greater detail.

Although more than a decade has passed since the The Information Paradox was first published,  the nature of enterprise value—and how to achieve it—continues to be a subject of much discussion. It is clear that the failure to realize business value from investments in IT-enabled change described in the book is a symptom of a wider malaise—one that presents managers with significant new challenges. The fact is, the track record for implementing any major change successfully continues to be  terrible. Although arguably more visible with IT, the same applies to any large-scale investment or change.

One of the root causes for this poor track record is the woeful inadequacy of current governance approaches to manage what is, in most cases, “an uncertain journey to an uncertain destination.” All too often, current practice results in a lack of understanding of the desired outcomes, and the full scope of effort required to realize the outcomes, not knowing what to measure, not surfacing and tracking assumptions, and not sensing and responding to changing circumstances in a timely or well-considered manner.

In the Afterword,  I described how our thinking and practices had evolved beyond the Benefits Realization Approach introduced in the first edition, to a broader strategic governance framework – a framework for overall enterprise governance. Since that time, I have further extended the framework, as illustrated below, from the original seven elements to ten.

The first, and overarching element of the framework is Strategic Governance  – governance being  traditionally defined as the system by which enterprises are directed and controlled and as a set of relationships between a company’s management, its board, its shareholders and its other stakeholders which.  Strategic Governance establishes how direction and control is accomplished within and across the other 9 elements of the framework which I refer to here as “management domains”. This direction and control will have both compliance and performance aspects, both of which must be considered. From a performance standpoint (and to some extent compliance in the case of risk) I add the dimensions of cost, benefit and risk across the Strategic Governance framework to show that these factors have to be taken into consideration when decisions are being taken in or across the management domains.

The nine “management domains” are:

  • Strategy Management – Defining the business…mission, vision, values, principles, desired outcomes and strategic drivers to provide direction and focus for understanding, configuring and managing assets to deliver the greatest value.
  • Asset management – Managing the acquisition, use and disposal of assets to make the most of their service delivery potential and manage the related risks and costs over their entire life (source: Vicnet, State of Victoria, Australia).
  • Architecture Management – Understanding, communicating and managing the fundamental underlying design of the components of the business system, the relationships between them and the manner in which they support the enterprise’s objectives.
  • Programme Management – Managing the delivery of change around business outcomes through a structured grouping of activities (projects) designed to produce clearly identified business results or other end benefits.
  • Portfolio Management –  Managing the evaluation, selection, monitoring and on-going adjustment of a grouping of investment programmes and resulting assets to achieve defined business results while meeting clear risk/reward standards.
  • Project Management –  Managing a group of activities concerned with delivering a defined capability required to achieve business outcomes based upon an agreed schedule and budget.
  • Operations Management – Managing the production of goods and/or services efficiently  – in terms of converting inputs (in the forms of materials, labor, and energy) into outputs (in the form of goods and/or services) using as little resources as needed, and effectively – in terms of meeting customer requirements.
  • Management of Change – A holistic and proactive approach to managing the transition from a current state to a desired state.
  • Performance Management – The definition, collection, analysis and distribution of information relevant to the management of investment programmes and assets so as to maximize their contribution to business outcomes.

While the framework may at first look intimidating, it should not be seen as such. Many, if not all functions within these domains are already being done to a greater or lesser extent in enterprises today, often in many different ways, with little communication between them. It is the management of the critical relationships between these “management domains” which, if managed well, can provide tremendous strategic advantage to enterprises, but which, if not managed well, can have serious, if not catastrophic consequences. If enterprises are to maximize the value from their investments in IT-enabled change, or any form of change, these relationships need to be understood, and managed within a dynamic, “sense and respond” governance framework.

In subsequent posts, I will describe each of these domains, and the critical relationships between them, in greater detail. In the meantime, I encourage you to think about the state of governance in your organization, or in organizations that you are working with, and consider:

  • Are all the management domains included?
  • How completely and effectively are they covered?
  • Are they dealt with holistically, or within silos?
  • How well are the relationships between the management domains, or between the silos covered?
  • How effective is the governance of these domains and relationships in sensing and responding to changes in today’s complex and rapidly changing environment?

Value from IT – There is a Better Way!

I have just returned from a hectic, but very successful couple of weeks in Australia. There I had the opportunity to meet with and talk to many people, including many CXOs, on the topic of “Delivering on the Promise of IT”. Overall, I was encouraged that there is more awareness of the need to do better when it comes to managing IT investments, but discouraged that there is still little awareness of how to do so, and even less appetite to take it on. As always, at the end of many sessions, a frequent reaction was “you have given us a lot to think about.” As I continue to say, we certainly need to think before we act, but thinking cannot be a substitute for action. A couple  of people echoed a comment that my friend Joe Peppard from the Cranfield  School of Management in the UK told me he had had from a senior executive of a European bank – “I didn’t know there was a better way.”

Well, there is a better way! As originally presented close to 15 years ago in The Information Paradox, proven Value Management practices exist, including, but certainly not limited to ISACA’s Val IT™ Framework, including:

  • Portfolio Management – enabling evaluation, prioritization, selection and on-going optimization of the value of IT-enabled investments and resulting assets;
  • Programme Management – enabling clear understanding and definition of the outcomes and scope of IT-enabled change programmes, and effective management of the programmes through to their desired outcomes;
  • Project Management – enabling reliable and cost-effective delivery of the capabilities necessary to achieve the outcomes, including business, process, people, technology, and organizational capabilities; and
  • Benefits Management – the active management of benefits throughout the full life-cycle of an investment decision.

This is illustrated in the figure below.

If enterprises are to successfully adopt and meaningfully use these practices, their leaders will have to change their behaviour. They will need to acknowledge that this is not an IT governance issue, it is an enterprise governance issue. Further, they will have to evolve from an enterprise governance model rooted in a culture of delivery (of technical capabilities) to one based on a culture of value – creating and sustaining value from investments and assets (for more on this, see a recent paper that I wrote with the Benefits Management SIG of the APM in the UK). In the IT context, this means recognizing that we are no longer dealing with “IT projects”, but with increasingly complex programmes of organizational change – change that is often both shaped and enabled by technology, but of which the technology is only a small part.

They should start by focusing on the business case. The business case sows the seeds of success or failure. Most today are woefully inadequate – based on “delusional optimism” and “strategic misrepresentation” (aka lying!), resulting in:

  • limited or no clarity around desired outcomes
  • limited or no understanding of the scope (“depth” and “breadth”) of change required to achieve the outcomes;
  • failure to balance “attractiveness” with “achievability” (including organizational change capacity, project and programme management capabilities); and
  • limited or no relevant metrics (both “lead” and “lag”).

In the context of IT, business cases must be owned by the business, and for any type of investment, used as a living, operational management tool to manage the full life cycle of an investment decision, and supported by the value management practices outlined above.

Again, in the context of IT, as Susan Cramm states in her book, 8 Things We Hate About IT, this will require  a significant  realignment of roles, responsibilities and accountabilities related to IT. There must be a partnership in which:

  • The IT function moves from providing infrastructure to being a broker of services (both internal and external – and increasingly external) while retaining responsibility and accountability related to fiduciary, economies of scale and enabling infrastructure;
  • Business units accept responsibility for defining the requirements for, meaningful use of, and value creation from these services; and
  • The IT function, as a trusted partner, helps the business:
    • Optimize value from existing services;
    • Understand the opportunities for creating and sustaining business value that are both shaped and  enabled by current, new or emerging technologies;
    • Understand the scope of business change required to realize value from those opportunities (including changes to the business model, business processes, people skills and competencies, reward systems, technology, organizational structure, physical facilities, etc.; and
    • Evaluate, prioritize, select and execute those opportunities with the highest potential value such that value is maximized.

The challenge here is not a lack of proven value management practices – it is the “knowing – doing gap”, as described by Jeffrey Pfeffer and Robert Sutton in their book of the same name. We know what to do, and (should know) how to do it. Yet, so far, here has simply been little or no appetite for, or commitment to the behavioural change required to get it done, and stick with it.

The cost in money wasted and, more importantly, benefits and value lost, eroded or destroyed is appalling. It’s way past time to move beyond word to action – the status quo is not an option!

There is a better way!

The Siren Call of Certainty

In Greek mythology, the sirens were three bird-women who lured nearby sailors with their enchanting music and voices to shipwreck on the rocky coast of their island. The term siren call, from which this derives, is described in the Free Dictionary, as “the enticing appeal of something alluring but potentially dangerous”. In today’s increasingly complex and interconnected world, it is the siren call of certainty that is luring many organizations into failures akin to shipwrecks, particularly, although not limited to their increasingly significant investments in IT-enabled change. More accurately, it is their failing to recognize, accept and manage uncertainty, that leads to these wrecks.

Yet again here, what we have is a failure of governance, and of management – a failure that starts with how strategic decisions are made. In a recent McKinsey paper, How CFOs can keep strategic decisions on track, the authors make the point that “When executives contemplate strategic decisions, they often succumb to the same cognitive biases we all have as human beings, such as overconfidence, the confirmation bias, or excessive risk avoidance.” My discussion here covers the first two (excessive risk avoidance essentially being the opposite of these, and equally dangerous). Executives are often so certain about  (overconfident in) what they want to do that others are unwilling to question their certainty or, if they do, they are dismissed as “naysayers” (and quickly learn not to question again) or the executive only chooses to hear those parts of what they say that confirm their certainty (confirmation bias). I must admit that I have probably been guilty of this myself, in language if, hopefully, not intent, when I have told my teams, “I don’t want to hear why we can’t do this, I want to hear how we can do it.” What I really should have added explicitly was “…and then tell me under what conditions it might not work”.

To resist the lure of the siren call, we require an approach to strategic decision-making  that is open to challenge – one in which multiple lenses are brought to bear on the decision, where uncertainties, and points of view contradictory to those of the person making the final decision, be that the CEO or whoever, are discussed, and where individual biases weigh less in the final decision than facts.

I am not suggesting here that uncertainties should prevent investments being approved, if they did we would never do anything. I am saying that they should not be buried or ignored – they must be surfaced, recognized, mitigated where possible, and then monitored and managed throughout the life-cycle of the investment. This means acknowledging that both the expected outcomes of an investment, and the way those outcomes are realized will likely change during the investment life-cycle. It means managing a changing journey to a changing destination. Unfortunately, once again the siren call of certainty also gets in the way of this.

When investments are approved they are usually executed and managed as projects, all too often seen as technology projects (I use the term broadly here). In a 2010 California Management Review article, “Lost Roots: How Project Management Came to Emphasize Control Over Flexibility and Novelty”, authors Sylvain Lenfle and Christoph Loch, discuss the history of Project Management, and suggest that the current approach to Project Management promises, albeit rarely delivers, greater cost and schedule control, but assumes that uncertainty can be limited at the outset.”

The origins of “modern” project management (PM) can be traced to the Manhattan Project, and the techniques developed during the ballistic missile projects. The article states that “the Manhattan and the first ballistic missile projects…did not even remotely correspond to the ‘standard practice’ associated with PM today…they applied a combination of trial-and-error and parallel trials in order to [deal with uncertainty and unforeseen circumstances] and achieve outcomes considered impossible at the outset”. This approach started to change in the early ’60s when the focus gradually changed from ‘performance at all costs’ to one of optimizing the cost/performance ratio. Nothing inherently wrong with that, but along came Robert McNamara who reorganized the planning process in the Department of Defense (DoD) to consolidate two previously separate processes – planning and budgeting. This integration was supported by the Program Planning and Budgeting System (PBS), which emphasized up-front analysis, planning and control of projects. Again, nothing inherently wrong with that, but the system resulted in an emphasis on the complete definition of the system before its development in order to limit uncertainty, and a strict insistence on a phased “waterfall” approach. The assumptions underlying this approach are i) as decisions taken by top management are not up for discussion, the PM focus is on delivery, and ii) rigorous up-front analysis can eliminate and control uncertainty – these underlying assumptions are still very much part of Project Management “culture” today.

Again, I am not saying here that there is no need for sound analysis up-front – quite the contrary, I believe that we need to do much more comprehensive and rigorous up-front analysis. What I am saying is that, no matter how good the up-front analysis is, things will change as you move forward, and there will be unexpected, and sometime unpredictable surprises. We cannot move blindly ahead to the pre-defined solution, not being open to any questioning of the outcome (destination) or approach (journey), and focusing solely on controlling cost and schedule. The history of large projects is littered with wrecks because, yes, there was inadequate diligence up-front, but equally, or even more so, because we failed to understand and manage uncertainty – forging relentlessly on until at some stage, the project was cancelled, or, more often, success was re-defined and victory declared.

The article suggests that “Project Management has confined itself in an ‘order taker niche’ of carrying out tasks given from above…cutting itself off from strategy making…and innovation”. Many organizations, particularly those embracing agile development approaches, do apply a combination of trial-and-error and parallel trials in order to deal with uncertainty and unforeseen circumstances, and to achieve outcomes either considered impossible at the outset, or different from those initially expected. But, as the authors say, “these actions happen outside the discipline of project management…they apply [these approaches] despite their professional PM training.”

The tragedy here, with both strategic decision making, and execution is that we know how to do much better, and resources exist to help us do so. Strategic decision making can be significantly improved by employing Benefits Mapping techniques to ensure clarity of the desired outcomes, define the full scope of effort to achieve those outcomes, surface assumption, risks and uncertainties around their achievement, and provide a road-map for execution, supporting decision making with an effective business case process, and by applying the discipline of Portfolio Management to both proposed and approved investments. The successful execution of investments in the portfolio can be increased by moving beyond the traditional Project Management approach by taking a Program Management view, incorporating all the delivery projects that are both necessary and sufficient to achieve the desired outcomes in comprehensive programs of change. Many of the elements of such an approach were initially discussed in The Information Paradox, and subsequently codified in the Val IT™ 2.0 Framework.

We know the problem, we have the tools to deal with it – what is still missing is the appetite and commitment to do so.

The Future of IT

After another couple of month’s silence precipitated by some minor surgery, the holiday season and, quite frankly, too much “same old – same old” news, a couple of articles have caused me to, once again, put my fingers to the keyboard.

The first, a blog – unfortunately his last with CIO.com, by Thomas Wailgum, IT in 2020: Will it Even Exist?, and the second by Marilyn Weinstein, again in CIO.com, The Power of IT Drives Businesses Forward. While the two titles might appear contradictory, I felt they were both saying the same thing in somewhat different ways, and that what they were saying is important – although not new.

In describing a new report from Forrester Research, “IT’s Future in the Empowered Era: Sweeping Changes in the Business Landscape Will Topple the IT Status Quo”, Thomas suggests that the question that lingers throughout the report is whether corporate IT, as we know it today, will even exist in 2020.

In the report, analysts Alex Cullen and James Staten identify three forces bearing down on IT that will likely have long-lasting ramifications. The three forces include: Business-ready, self-service technology (including cloud and SaaS adoption); empowered, tech-savvy employees who don’t think they need corporate IT; and a “radically more complex business environment,” notes the report.

Cullen and Staten write “The IT status quo will collapse under these forces, and a new model–empowered BT [business technology]–will take its place. Today’s IT and business leaders should prepare by rethinking the role the IT department plays and how technology staff engage the business, shifting from controlling to teaching and guiding.”

Well, whether it be these three forces or others, I certainly agree that the status quo is unacceptable and this rethink needs to take place – it should have taken place a long time ago.

In her article, Marilyn echoes a comment I have been making for well over a decade in saying “One of the most overused terms I’ve heard in the past few years as CEO of an IT consulting and staffing firm has to be the word “alignment.” With IT embedded in just about everything that we do, it is ridiculous. and dangerous, to continue to talk about alignment. As Marilyn goes on to say, “IT drives efficiencies. IT enables business. IT powers business success. The goal is not merely to align, but to get in front of the business goals and spearhead growth… IT does drive and enable business. It’s time for IT leadership to drive that point home. ” Again, the long overdue need for IT and business leaders to rethink the role the IT department plays and how technology staff engage the business.

The role of the IT leader, the CIO is indeed changing, or certainly should be. The CIO is accountable for delivering required technology services at an affordable cost with an acceptable level of risk. The business leadership is accountable for investing in, and managing and using technology such that it creates and sustains value for their organization – this cannot be abdicated to the IT function. But nor can it be done without the IT function – they have a key role to play here. The CIO, as the IT leader, is responsible for ensuring that their team works in partnership with other business leadership to help them:

  • optimize value from existing services;
  • understand the opportunities for business change enabled by current, new or emerging technologies;
  • understand the business changes they will have to make to realize value from these opportunities; and
  • select opportunities with highest potential value and execute such that value is maximized.

This requires moving beyond the current culture of delivery – based on a philosophy of “build it and they will come”, to a culture of value. This will further require moving beyond the current approach to IT governance – one that is again focused on delivery and the “factory” to a broader more strategic approach to enterprise governance – one that ensures that organizations have:

1. A shared understanding what constitutes value for the organisation;

2. Clearly defined roles, responsibilities and accountabilities, with an aligned reward system;

3. Processes and practices around value management, including portfolio, programme and project management, supported by complete and comprehensive business cases, with active benefits and change management; and

4. Relevant metrics, both “lead” and “lag”.

The Val IT Framework 2.0™ provides, in Section 6 – Functional Accountabilities and Responsibilities, a summary of the roles of IT and business leadership required to support this approach.

In the Afterword of the revised edition of The Information Paradox, I introduced a Strategic Governance Framework. Since that time, as well as working with ISACA in leading the development of The Val IT Framework, I have continued to refine that framework into what I now refer to as the Strategic Enterprise Governance Framework. Over the next few months, I will be introducing this framework, and describing each of the ten major elements that it comprises.

Moving to such a governance approach is a business imperative, one which is itself a major change programme that will take time to plan and implement, and also for the benefits to be achieved. We will not however come anywhere near realizing the full potential value of IT-enabled change until we do so. It is time to move beyond words and place an emphasis on action. This will require strong leadership, and engagement and involvement at every level of the organisation.